Authenticate an HTTP API Application

I am looking to use Okta to authenticate a company internal HTTP API application.
We currently use Okta for many web applications but I don’t see it being used for authentication on top of a stateless api.

I am looking for guidance on options that would allow a user to pass in a username and password and perhaps 2fa code to an HTTP endpoint and we could then use that data to then make an api request to Okta to authenticate the use and provide a JWT that could then be used to make subsequent api requests to our api.

This same workflow could work for applications as well as human users if 2fa was not required, otherwise we would need an alternate method for systems to authenticate by providing a pre defined token.

Thank you for any assistance.

Sounds like you will need to choose an OAuth flow for this: https://developer.okta.com/authentication-guide/auth-overview/#choosing-an-oauth-20-flow

Its possible to pass credentials via this flow but no MFA is possible: https://developer.okta.com/authentication-guide/implementing-authentication/password/

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.