Confused about authentication approach

I have the task of integrating OKTA into our angular 7/node api web app for authentication.

I simply need to authenticate our uses. This is a simple task when I follow the process of creating an application in for a SPA in the Developer Console but this is where the confusion comes in for me.

After creating a dev account and integrating the into Angular, our OKTA admins told me that they do not have the ability to create the Authorization server that is created by default in the Developer Console SPA setup. They were not sure if this is a paid feature that needs to be enabled or not. This made me think that I could simply do without the Authorization server since I’m already handling handling the authorization side of things in our currently application.

They said that all of our current integrations use SAML 2.0. So I looked into that, but I haven’t found documentation that helps me understand how to integrate that for authentication in our Angular app.

Questions:

  1. Do I have to have an Authorization server in order to use the Developer Consoles ‘new application’ process for SPA apps?
  2. Are Authorization servers an added feature to existing OKTA accounts? We are a large corporation that has been using OKTA for some time now.
  3. Can I use any of the Angular packages that you offer on Github along with SAML if I have to use the SAML approach?

Thanks

Hi @rocky.assad

  • Are Authorization servers an added feature to existing OKTA accounts? We are a large corporation that has been using OKTA for some time now.
    There are two types of authorization servers that Okta currently supports: Okta authorization server and custom authorization server.

Okta authorization server is available for free on all Okta tenants and can be accessed through a path like /oauth2/v1/{endpoint} where {endpoint} is the specific endpoint for the authorization server (eg. authorize, token, introspect, etc.)

Custom authorization servers are created through API Access Management feature. This is available for free on developer and preview tenants, but paid on production ones. You can find out more details about the pricing from your Okta representative.

  • Do I have to have an Authorization server in order to use the Developer Consoles ‘new application’ process for SPA apps?

For Single Page Apps, you can use the Okta authorization server instead of a custom authorization server. You can find all the endpoints available by accessing the openid-configuration file through a URL such as your-okta-tenant.okta.com/.well-known/openid-configuration

  • Can I use any of the Angular packages that you offer on Github along with SAML if I have to use the SAML approach?

This depends on the current use-case that you have.