Jonas Stevnsvig
I did a run through and updated some versions for 2020: https://github.com/JoSSte/n…
changed compared to this article:
* Package versions in the original guide har vulnerabilities, so newer packages have been used
* The package epilogue did not play well with the newest equelize so it has been replaced with finalize
* Updated call to verify token according to okta KB article
* Added JSON error handler to avoid html errors (not necessary but more consistent)
Matt Raible
Thanks @jonasstevnsvig! If you’d like to create a pull request to update this blog post, we’d love your help! The repo is at https://github.com/oktadeve…. I’ll send you a reward for your contribution. 
Hans
Why do you use the same client credentials for the communication between the resource server (API) and the authorization server (Okta), as for the client and the resource server?
Also you use simple HTTP Basic Auth for the communication between the client and the resource server, and Bearer for the communication between the resource server and the authorization server, while this should probably be the other way around?!
Eynat Sagiv
thanks !!!
Matt Raible
I updated this blog post today to use the latest version of libraries. See the changelog for more information.
Krify Software Technology
Thank you for explaining so clearly.