Authorization access to my api with Okta api authentication

I’m trying to understand how I can authorize a users access to one of my APIs, if that user was authenticated against the Okta Api i.e. api/v1/authn

I was hoping that the object that came back from a successful authentication would have a token or access id in it that I could then put in my users session, and then requests from that user to my APIs could be authorized using that token or ID. While I know this is the most basic of concepts I dont understand if/or how to do it using the auth api endpoint above. I’ve found lots of great examples for how I can do the authorization, I just cant seem to wrap my head around how to get a token if authenticating against the API.

A good description is here:

Sound like you need to choose a flow listed on that page

Hi @slbentley

You can also check the following documents:

Hi Dragos,

Should be stated that implicit flow is also to be deprecated:

I believe Okta already uses PKCE instead for the SPA use case:

Before going too much further I just want to make sure I’m understanding: From looking at all of the documentation provided, it looks to me like I can’t do want I want if authenticating against api/v1/authn with the Authentication API. It looks like I need to do more of a “front end” auth. The reason we were going this route is because we were doing sort of a JIT conversion for our existing set of users to Okta. As they’re logging on to our legacy authentication stack, we’re checking a conversion flag and adding the user in Okta if that user has not already been converted. If they were already converted, then we’re authenticating them against okta at the api/v1/authn endpoint. But that endpoint alone gives back no type of token or ID. I’m continuing to go through this documentation but there’s a lot of it. Thanks.