yc954 (yc954) asked a question.
Clarification on OKTA Login APIs
We are integrating OKTA authentication into our platform and need clarification on the following points
Primary Authentication:
Our platform will call the /api/v1/authn API for primary authentication in OKTA, and the API returns a session token in the response.
Authorization and Token Flow:
Our platform plans to call the /v1/authorize API to fetch an authorization token by passing a session token.
After obtaining an authentication token, our platform will call the /v1/token endpoint to fetch an access token.
Are these steps aligned with OKTA’s best practices? Any insights or recommended optimizations would be greatly appreciated.
Hi @yc954 (yc954) , Thank you for reaching out to the Okta Community!
This question is more appropriate for our dedicated Okta Developer Forum.
My advice would be to reach out via devforum.okta.com to take advantage of their expertise.
While we'll do our best to answer all of your questions here, this medium is more inclined towards Okta core products and features (non-custom/developer work).
Regards.
--
Help others in the community by liking or hitting Select as Best if this response helped you.
Level up your Identity security superpowers with Okta Learning.
Join the Online Discussion for Ask me Anything on March 25, 2025: Identity Threat Protection with Okta AI