Hi. I am considering using okta for my authentication needs. I am writing a service that wants to use google as an identity provider. Additionally it needs to make google calls on behalf of the user. Does okta have any facility to support this? For example, I want a user to login with google, granting storage scopes. Then I need some way to get a google access token for the user that can be used to make a google api call to read a the contents of a bucket the user has access to.
When authenticating with Google in your Okta tenant, Okta does an authorization code flow in order to retrieve the JWTs from Google and, once the authentication succeeds, the JWTs are discarded and can not be used to make any additional calls. The possibility here is to leverage other apps (eg. bookmark directly to authorization endpoint in Google) to access the contents that the user has access to.