I would like to develop automated testing scripts that will mimic the requests coming to my web application. The scripts will call URLs of my web application in a sequence. Before that the script has to authenticate itself in Okta so that the web application allows access.
Is there a way to pass the username and password to a URL of Okta so that the auth code can be obtained and be sent to the application can verify the code?
I plan to use the Auth code flow of login.
Hi @yash_ganthe
You can authenticate through a POST request following the instruction here.
Once you receive a sessionToken, you can pass it in the request to the /authorize endpoint as query parameter, as exemplified here.
The authorize example shows :
https://your-app.example.com?id_token=S4sx3uixdsalasd&state=Af0ifjslDkj&nonce=n-0S6_WzA2Mj
as the URL which will get the id_token. This means your-app will receive the id_token from the client. How does your-app validate the authenticity of the id_token? How does it prevent someone from invoking your-app with a dummy id_token?
Hi @yash_ganthe
You can verify the ID token retrieved from Okta using a JWT verifier. In short, the JWT verifier retrieves the signing keys from Okta, generates a public key based on them and, with it, verifies the signature present in the ID token.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.