m calling following api from java(backend)
https://nielsen.okta.com/oauth2/v1/authorize?
client_id=XXXXX
&response_type=code
&scope=openid%20offline_access
&redirect_uri=http%3A%2F%2FXXXXX%2Fimplicit%2Fcallback
&state=XXXXX
but its redirect to login.html url.
why is it so??
how can i get authorization_code after calling authorize api
Yep, that’s how OAuth works. You hit the authorize endpoint and it redirects you to login. See our “what the heck is OAuth” for more information.
The authorize code will be returned after you log in.
I notice that you mention the back end here so am guessing the account may be one used for service operations that you do not expect the actual person to be logging into to frequently.
If this is the case then in a different API application using OAuth I did the following:
Used normal processing with the login screen to obtain the response with longer lived refresh_token.
Used the refresh_token to obtain and new access_token and id_token when required.
Maintain the refresh_token using a scheduled task to renew it before it expired.
This is not the best process for doing this type of work.
The better way if this is a backend service is to use an Administrative Token. There may be other options to consider as well.
If you are not doing machine-to-machine service authentication then you should look at redesigning your application so the user needing to authenticate to be presented with the Okta login page.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.