Best Design for API with OIDC and Machine-to-Machine Auth

Hi. I am building an application using React + SringBoot backend API. I was able to build the OKTA integration for users but I cannot, for the life of me, figure out how to authenticate a service connecting to my service. In the old days we would use an LDAP service account for this. Any advise from the experts?

  • React UI - Uses Okta Sign-In Widget
  • SpringBoot backend, single process hosts 2 APIs: 1 set (User API) meant for users logging in to the UI, and another set meant to be triggered only by another system (App Svc API).
  • One SPA app integration configured in OKTA
  • Another of my application needs to connect to the App Service API and authenticate via a non-person dedicated credential (i.e. a service account)

Screenshot 2021-12-18 at 10.29.13 AM