Custom SSO Integration using Okta REST API

Natraj619 · October 18, 2024, 5:59am

For *SSO integration using *REST API for OIDC applications.

When the user is successful in login, he can able to access multiple applications without need of credentials.

Using 1 access token can’t access multiple applications, right?
So coming to my case, While initial user authentication which client id and secret should I use? I have 5 OIDC applications.
The user needs to access all assigned apps with one set of credentials from my custom application dashboard.
How can i achieve this SSO development using OKTA Rest API?
This customization Is possible using any web applications?

@andrea @andrew1 someone please advise me.

sso OAuth/OIDC api Developer Blog Comments #customize

andrea · October 18, 2024, 3:13pm

Once the user has a session for the Okta org itself, they can use it to log into any applications they are assigned without needing to re-authenticate, via SSO. This is reliant on the user’s session cookie (set on the Okta domain when they log in) being present in their browser at the time the /authorize request is made.

For example, after user logs into App A via an /authorize redirect, they can then log into App B, C, D, E, etc when they each (since each application has its own set of tokens) make their own /authorize redirects, but unless the policies in your org require the user to re-authenticate, they will not be prompted to complete primary authentication again

Natraj619 · October 18, 2024, 3:45pm

how can i get the app 2 tokens, app 3 tokens, app 4 tokens, once the user log through app 1 client id & secret by calling /authorize API ?

$authUrl = $issuer . ‘/v1/authorize?’ . http_build_query([
‘client_id’ => $app1_clientId,
‘response_type’ => ‘code’,
‘scope’ => $scope,
‘redirect_uri’ => $app1_redirectUri,
‘state’ => bin2hex(random_bytes(5)),
]);
header('Location: ’ . $authUrl);

Can i have any doc? for clear clarity?

andrea · October 18, 2024, 4:47pm

You would need to make a redirect to the /authorize endpoint to do this (since SSO is reliant on the user having a session cookie in their browser). The parameters for the /authorize call will depend on what grant type each application is using.

You can find details on how to complete each flow in our documentation here: Implement authorization by grant type | Okta Developer

Natraj619 · October 18, 2024, 4:58pm

so, i have to call /authorize API after log into App A? to get App B token?

Natraj619 · October 21, 2024, 6:23am

@andrea any idea?! What do I do to get separate tokens?

andrea · October 21, 2024, 5:22pm

yes, each application needs to make its own /authorize request with its own client_id included in order for them each to receive their own set of tokens

Post		Replies	Views
SSO for Portal Application - OIDC app SSO using custom login and dashboard pages OAuth/OIDC api , java , widget	3	4110	November 18, 2020
Can different trusted applications get different access tokens within the same user session? Questions	9	8397	November 29, 2021
Using the access token to authenticate the second app Questions	3	3474	February 7, 2024
SSO from SAML to OIDC App which has custom login page OAuth/OIDC	8	4400	February 10, 2024
Need Help on API Invocation with SSO enabled OAuth/OIDC api	4	1068	April 20, 2024

Custom SSO Integration using Okta REST API

Related topics