Is there a way to authenticate a user and create a session without a pass via a backend call to Okta?
The only auth flow I found that doesn’t require a password is primary auth with activation tokens which is irrelevant as I’m talking about a standard login, not a user activation journey.
I know that in a lot of other CIAM systems it is possible to generate a session via a backend call using privileged credentials such as an admin token for instance.
The full journey should look like this:
- User goes into my website, enters his username / email and clicks a button
- This button calls my own custom backend to log the user in
- My backend calls Okta API to generate a session token / cookie and returns it
- My frontend uses the returned token / cookie to set the session on the frontend and log the user in