The authorization to use resources is done via Access Token. The Access Token is used to provide information about a user, as what resources he has the right to access. Both ID Token and Access Token are JWT (JSON Web Tokens) and they are decoded to obtain the user's information. ID Token and Access Token are obtained via REST endpoints.
For more information about OpenID Connect, please refer to our documentation: https://help.okta.com/en/prev/Content/Topics/Apps/Apps_App_Integration_Wizard.htm#OIDCWizard http://developer.okta.com/docs/api/resources/oidc.html
Thank you, Paul Auer Technical Support Engineer | Okta
This was not a very helpful response: "ID Token and Access Token are obtained via REST endpoints." Like Anton, I don't see any documentation for WHERE those endpoints are. What is the URL?
The 2 pieces of documentation you linked MIGHT contain the answer, but it's hard to know without reading a LOT of extra (seemingly irrelevant) text. For example, the 2nd one eventually leads me to this: " /oauth2/:authorizationServerId/v1/authorize" What is :authorizationServerId? It seems to be unrelated to simply using OpenId Connect to log on using Okta.
Could you elaborate on this response? Thank you. (Also, I clicked the thumbs-down and then realized I couldn't change it back to neutral or thumbs-up.)
I've found the answer to my question, and perhaps the answer to Anton's question as well: The auth code endpoint is at https://<okta organization URL>/oauth2/v1/authorize and the token endpoint is at https://<okta organization URL>/oauth2/v1/token where <okta organization URL> is either like "dev-555555.oktapreview.com" or "mysubdomain.okta.com".