ChandrakanthB.21300 (Customer) asked a question.
Add an external Identity Provider for an app for which client secret is not known
We need to build an identity provider to authenticate users in an OKTA account (say account 1) to use an application which is registered in another OKTA account (say account 2). I followed this guide - https://developer.okta.com/docs/guides/add-an-external-idp/openidconnect/main/ to create the said identity provider. However the app I have is a react SPA, where the client authentication uses a PKCE instead of client secret.
How do I tackle this? Is there any way to avoid using the client secret in the steps mentioned in the guide above?
Hello Chandrakanth BKC
Thanks for posting.
What you are trying can be achieved with inbound SAML, this is a way to integrate two Okta accounts using one of them as Identity Provider.
This guide will help you with the process:
https://help.okta.com/en/prod/Content/Topics/Security/idp-inbound-saml-workflow.htm
Also, some Customization options for inbound SAML:
https://help.okta.com/en/prod/Content/Topics/Security/idp-inbound-saml-reference.htm
Let us know if this helps you.
Daniela Chavarria.
Okta Inc.