Checking for Okta credentials with already-authenticated users



My web app is being forwarded traffic from an Okta-authenticated company portal. Once a user logs in the portal, they are presented with a link to my web app. I just want to validate that incoming requests to my website have been authorized, but I don’t need to implement a login system myself. If they are not authorized, I just deny access.

I’ve been provided with a read-only token to Okta REST API (I guess for fetching user details). What I don’t know is how to read the Okta authentication information from the requests coming to my web application.

Would appreciate some initial guidance,