Authentication without Authorization server

My org doesn’t have API access management license. How can we use okta middleware to authenticate a Single page application using OpenId Idtoken in webapi.

Hi @bisht.govind,

Unfortunately, you need this feature to authenticate an SPA using OIDC.
You can create a free developer edition account by visiting

I hope this helps.

Can’t I use org authorization server for authorization.

Hi @Shubham6541

There is a requirement by the SDK to verify the token locally and, as such, access tokens generated by the org authorization server can not be verified locally.

How does remote verification work if I do not have API Access Management enabled?

For remote token validation, you can send access tokens to the /introspect for the Org authorization server to determine if they are valid and active