PaulA.08356 (Customer) asked a question.
protect authorization server(s) from DoS?
hello Okta Support:
I'm fully versed in OAuth2, OIDC etc.. My question here related precisely and only to this scenario below:
suppose a bad actor creates an app that floods one/all of my Okta token-validation servers with random (and therefore obviously) invalid tokens.
Since you don't know what's an invalid token without the server at least *seeing* that token, you have to at least accept the request before you can inspect/discard the token.
Does Enterprise Okta allow admins to create & maintain firewall rules so that abusive IP addresses can be blocked, and relieve the server from having to look at the validation requests?
For all developer related questions, please use the https://devforum.okta.com/
A you can see OpenID Connect related resources are under the developer section of the documentation.
https://developer.okta.com/docs/api/resources/oidc
We cannot post on behalf of your request, so we invite you to submit this question on the appropriate board outlined above.
Thank you for choosing Okta!