API authentication using Pingfed?

carey · May 4, 2024, 12:15am

Hi,

We want a solution where :

API1 calls Okta to get an Oauth token, passing a client id/secret.
Okta calls Pingfederate and passes on the credentials.
Pingfed authenticates and responds to Okta.
Okta generates an oauth token upon successful authentication and returns to API1.
API1 uses that token to call a webservice in API2.

Is this possible? Could you please guide me to some pointers/documentations etc I can read up on this integration pattern?

The reason we want this is because we want Pingfed to control the clientid-secret onboarding/offboarding, but “API2” in example above uses Okta as their IDP.
P.s: to be clear, this is regarding oauth calls, not human authentication

krishna · May 14, 2024, 7:54am

This may not be supported, in the flow described above, Machine-to-machine authentication cannot extend to external Identity Providers. You may need to use a service application flow with external IDPs Implement OAuth for Okta with a service app | Okta Developer

Post		Replies	Views
Authentication via OAuth API for Federated Users OAuth/OIDC	3	3394	February 13, 2024
Programmatic Authentication Questions	2	3200	January 12, 2022
OIDC Federation to OKTA OIDC/SAML Questions	4	2145	February 13, 2024
Authenticate other applications to APIs Questions	6	4265	January 26, 2024
Question about API Service Integration type, and Implement authorization by grant type OAuth/OIDC api , oauth	4	177	November 11, 2024

API authentication using Pingfed?

Related topics