AgonH.86968 (Customer) asked a question.
How do I use the access token from Okta to know if a user is authorized for a backend app?
Hello all!
Setup:
- Multiple single-page applications which will use the Okta Sign-in Widget to sign in and obtain an access token
- Multiple backend applications (Node.js, Java, C*) which will use the @okta/jwt-verifier to validate user's access token
Requirements:
- Have the ability to give users permission to access certain backend applications with a single access token
- Have the ability to give users permission to access certain backend endpoints with a single access token
- Validate the access token on the backend side, to know if the user is authorized to access this backend service/endpoint
Question:
- How do I use the access token from Okta to know if a user is authorized for a backend app or backend endpoint?
- Is this possible with Okta? If yes, how should my setup look for me to achieve those requirements?
Thank you very much!
Hello Agon,
I hope you are fine. This is Alejandro from Okta Support. While your inquiry is very unique to be handled through Support Forum (I encourage you to open an Okta Support Case to get guidance from Developer Support), I believe you can study the following document in order to get and manipulate an Okta Access Token and be able to make requests to an Endpoint:
https://developer.okta.com/docs/guides/implement-oauth-for-okta/request-access-token/
If after reading through you find this is not applicable to your use case, please open a Support Case.
Thank You,
Alejandro Barquero
Level 2 Engineer - Monday - Friday 8:00 AM - 5:00 PM PST
Okta Global Customer Care