<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008ZgLUISA3Okta Classic EngineIntegrationsAnswered2024-04-15T09:18:50.000Z2018-11-07T18:35:32.000Z2018-11-08T18:53:10.000Z

j56jp (j56jp) asked a question.

Edited November 7, 2018 at 6:38 PM
Retrieve OAuth Without Providing Client Secret (Not Browser-Based)

Hi,

I have a use-case where a user needs to authenticate with Okta, but the software that requests and uses the auth token resides on their personal machine. I have read through a very helpful OAuth guide (https://www.oauth.com/oauth2-servers/background), but did not find a flow that best fit my use-case. I thought we could use the Resource Owner Password flow (https://developer.okta.com/authentication-guide/implementing-authentication/password), but we don't want to store the client secret on their machine.

What is a good solution for this? Someone suggested we create a separate Okta app just for this user (a private app so to speak).

  • 1 answer
  • 651 views

  • tomas.popescu1.5193135132722603E12 (Vendor Management)

    My name is Tomas and I'll be assisting you with this case.

    The private app for the users seems like the best way to proceed on this issue, unfortunately I cannot assist you with a clear documentation that has the steps for the configuration as well.

    Please open a ticket with Okta Support for further assistance in regards to this matter.

This question is closed.
Loading
Retrieve OAuth Without Providing Client Secret (Not Browser-Based)