<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008C3jbHSAROkta Classic EngineOkta Integration NetworkAnswered2018-09-05T01:28:18.000Z2018-01-30T14:33:07.000Z2018-03-13T00:03:12.000Z

00u9vmqll7XPVWOEJ0x1.4836486734547214E12 (Customer) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM
Passthrough auth for Web Service (API)
I have a web front end that's using Okta, and a backend API that is a separate application. I want the users of the front end to be able to query the API directly with AJAX and authenticate/authorize with Okta.

 

I can add SAML auth using Okta to both apps, but I don't know how to 'share' or generate the auth token for the API in a way that is transparent to the user. How can I achieve this?
  • 1 answer
  • 1.95K views

  • Thomas Kirk (Okta, Inc.)

    Typically, you won't want to SAML enable the API endpoints as it isn't the best solution for API's. However, Okta's API Access Managment will be able to handle both of these flows.

     

    If you OIDC enable your web app and then protect your API's with OAuth 2.0 you will get the desired authn/authz. 

     

    For example, when the user navigates to the app they can click "login" to login to Okta. Okta can return an ID Token (OIDC) and an Access Token (API Access Managment). The ID Token will contain information about the user that you can display in the app. The Access Token can be passed to your API to grant access to the API.

     

    Your exact use may be different as you can use a handfull of technologies (SAML, OIDC, OAuth) depending on your use cases.

     

    Check out this example of an Angular Front End and Spring Boot API backend: https://developer.okta.com/blog/2017/12/04/basic-crud-angular-and-spring-boot
    Expand Post
This question is closed.
Loading
Passthrough auth for Web Service (API)