API authentication using Pingfed?


We want a solution where :

  1. API1 calls Okta to get an Oauth token, passing a client id/secret.

  2. Okta calls Pingfederate and passes on the credentials.

  3. Pingfed authenticates and responds to Okta.

  4. Okta generates an oauth token upon successful authentication and returns to API1.

  5. API1 uses that token to call a webservice in API2.

Is this possible? Could you please guide me to some pointers/documentations etc I can read up on this integration pattern?

The reason we want this is because we want Pingfed to control the clientid-secret onboarding/offboarding, but “API2” in example above uses Okta as their IDP.
P.s: to be clear, this is regarding oauth calls, not human authentication

1 Like

This may not be supported, in the flow described above, Machine-to-machine authentication cannot extend to external Identity Providers. You may need to use a service application flow with external IDPs Implement OAuth for Okta with a service app | Okta Developer

1 Like