We have a NodeJS API(Let’s call it ‘app1’), this application verify given access_token and allow other applications to access different routes.
We also have another NodeJS application(‘app2’), which needs to talk with app1, to do that app2 need a access_token.
Can you please help me how to get a access_token for my app2 ?
I am trying to use this endpoint (/api/v1/authn), pass ‘api_token’, username, password to get the session token. To get access_token I am trying to use this endpoint(/oauth2/default/v1/authorize). Then I will use this access_token to make calls to app1
Is this is right approach ?
Is this access_token expires at same time sessionToken expires ?
So do we really need a username/password for each application or we can get access_token using any other approach ?
With above approach we need to pass ‘redirect_uri’ to get access_token, to do that we need to start app2 then send a request to okta and get access_token. Because I can give current application url(/implicit/callback or something) as redirect_uri.
We have a requirement that we need to start app2 if it is able to talk with app1, so without passing redirect_url can I get access_token ?
I am new to OKTA, please let me know if you need more information.