Automated login with Okta

I would like to develop automated testing scripts that will mimic the requests coming to my web application. The scripts will call URLs of my web application in a sequence. Before that the script has to authenticate itself in Okta so that the web application allows access.

Is there a way to pass the username and password to a URL of Okta so that the auth code can be obtained and be sent to the application can verify the code?
I plan to use the Auth code flow of login.

Hi @yash_ganthe

You can authenticate through a POST request following the instruction here.

Once you receive a sessionToken, you can pass it in the request to the /authorize endpoint as query parameter, as exemplified here.

The authorize example shows :
https://your-app.example.com?id_token=S4sx3uixdsalasd&state=Af0ifjslDkj&nonce=n-0S6_WzA2Mj
as the URL which will get the id_token. This means your-app will receive the id_token from the client. How does your-app validate the authenticity of the id_token? How does it prevent someone from invoking your-app with a dummy id_token?

Hi @yash_ganthe

You can verify the ID token retrieved from Okta using a JWT verifier. In short, the JWT verifier retrieves the signing keys from Okta, generates a public key based on them and, with it, verifies the signature present in the ID token.

1 Like