lo7r6 (lo7r6) asked a question.
Can you Use /Authn for session then /Authorize to get Access_token Implicit flow from javascript ?
I'm trying to see if we can setup some Okta users are "Service" type accounts for external API calls that need bearer tokens. This would be from Programmatic calls. i.e. we create a set of Okta users tied to "people" who manage the calls so they also manage the Okta passwords. I can't seem to find a good example of how to call /Authn...get session token, to then use on call to /authorize to get and parse out an access_token. Is there a better way to simulate what would have been LDAP service accounts in our old API gateway ?
Hello @lo7r6 (lo7r6)
Thanks for posting.
You have to do it in two steps.
First, within your Okta org, create a new user that will be used as service account to grant access to the LDAP agent.
Check here for detais: https://help.okta.com/en/prod/Content/Topics/users-groups-profiles/usgp-add-users.htm
Second, once the user is created assign administrator rights to that user, as described here:
https://help.okta.com/en/prod/Content/Topics/Security/administrators-assign-admins.htm
To get session token/ parse out an access_token please refer to the following documents and threads:
https://devforum.okta.com/t/how-to-implement-access-token-generation-via-rest-api/296
https://developer.okta.com/docs/guides/validate-access-tokens/go/main/
https://developer.okta.com/blog/2019/08/22/okta-authjs-pkce
If you need more specific assistance with the APIs, You can open a support case with our team using the information in the link below: https://help.okta.com/en/prod/Content/Topics/Directory/get-support.htm
Let us know if this helps you.
Daniela Chavarria.
Okta Inc.