Automated login with Okta

I would like to develop automated testing scripts that will mimic the requests coming to my web application. The scripts will call URLs of my web application in a sequence. Before that the script has to authenticate itself in Okta so that the web application allows access.

Is there a way to pass the username and password to a URL of Okta so that the auth code can be obtained and be sent to the application can verify the code?
I plan to use the Auth code flow of login.

Hi @yash_ganthe

You can authenticate through a POST request following the instruction here.

Once you receive a sessionToken, you can pass it in the request to the /authorize endpoint as query parameter, as exemplified here.

The authorize example shows :
as the URL which will get the id_token. This means your-app will receive the id_token from the client. How does your-app validate the authenticity of the id_token? How does it prevent someone from invoking your-app with a dummy id_token?

Hi @yash_ganthe

You can verify the ID token retrieved from Okta using a JWT verifier. In short, the JWT verifier retrieves the signing keys from Okta, generates a public key based on them and, with it, verifies the signature present in the ID token.

1 Like