Hello, we are having difficulties migrating to the okta identity server.
Current our state:
For now we use our identity server. And we get token like this:
POST: {identity server url}/token
POST DATA:
grant_type=zso
user_token={token}
scope=openid offline_access
client_id={client_id}
Our identity server check user_token in our storage and gives auth token.
This auth is used for apple tv boxes to login to tv provider and sign-on technology “Apple TV Provider Authentication and Zero Sign-On” which means only “Embedded authentication”.
user_token is a token which issued and sewn up in apple tv box.
Our goal:
We want to migrate to okta identity server.
We want to send request which are identical to our server. And then there’s two ways:
-
Okta syncs with our tokens and user ids. Then okta checks user_token and adds claims and issues an auth token if user_token is correct.
-
Okta uses inline hook → Our hook validates user_token and adds additional claims → Okta see that token is validated and issues an auth token.
Question:
Is this authentication flow possible using okta identity server? If yes, what steps should we take conceptually to achieve this flow using okta?