I am working on building a demo to show how we could use Okta for processes to hit secure endpoints. These processes are background processes like scheduled jobs, console apps or may be other services. I read some of your documentation and determined this to be a machine to machine auth and concluded that this should use client credentials for auth. Is this right?
These processes will be owned by Active Directory accounts and we’ll tie our Okta to AD. In this case, is there a simpler, almost-like-magic way of authorizing the request from the process? Something where Okta knows about AD, the process owner is in AD and so Okta authorizes the request from the process?
I proceeded with the machine to machine auth solution. I believe here I first request a token using the client_id and client_secret, then I use the token in subsequent requests to secure endpoints. Is this right? But before I write this code, I wanted to try out the token request using Postman. So I set up a web application in my Okta preview, then used Postman to POST and request with the following info:
And I get 403 Forbidden. I am guessing there is some problem with my set up, but I can’t figure it out…
I would love your help on this.