My application supports web users as well as REST clients. We are required to use OKTA. For the first phase of this project where we are supporting Web Users, we used OIDC Web Auth (https://developer.okta.com/docs/guides/sign-into-web-app-redirect/spring-boot/main/). For next phase, we want to support our REST clients. From searching articles on the net, it looks like same OKTA App integration cannot support REST clients. Kindly advise.
If you are referring to protecting a REST server (API endpoints), this guide has instructions for it.
For accessing Okta’s management endpoints, look at this guide. There is a Java SDK which can be used in your client application (GitHub - okta/okta-sdk-java: Java SDK for Okta Resource Management).
For accessing any other REST servers using a client, you might have to refer their docs.
I have already created a web application. I cannot create new Application.
- Go to Applications > Applications to view the current app integrations.
- Click Create App Integration.
Can I skip that step and go to creating the custom scope.
Hello Ram,
Please answer my question.
I have already created an application. In your solution, it asks to create another application with App Integration. Is it possible to integrate the 2 applications ?
Hello Ram,
My client hasnt purchased the custom authorization server feature which is needed by your solution. Is their any alternative solution that you can suggest.
Sincerely,
Chaitanya
My client hasnt purchased the custom authorization server feature which is needed by your solution. Is their any alternative solution that you can suggest.?
Please refer the documentation in Authorization servers | Okta Developer . For your use case, Apply authorization policies to custom APIs and Add custom scopes or claims to tokens apply and is not supported by Org authorization server. So you will need to purchase API access management feature in order to do that.
I have already created an application. In your solution, it asks to create another application with App Integration. Is it possible to integrate the 2 applications ?
As far as question about the integration, a resource server’s role is to validate access tokens (such as signature, scopes, claims, etc) and then respond with data or return 401 if unauthorized. From your web client application, you might have to add access token to header for each call to your resource server.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.