Custom SSO Integration using Okta REST API

Questions OAuth/OIDC
,
1

For *SSO integration using *REST API for OIDC applications.

When the user is successful in login, he can able to access multiple applications without need of credentials.

  1. Using 1 access token can’t access multiple applications, right?
  2. So coming to my case, While initial user authentication which client id and secret should I use? I have 5 OIDC applications.
  3. The user needs to access all assigned apps with one set of credentials from my custom application dashboard.
  4. How can i achieve this SSO development using OKTA Rest API?
  5. This customization Is possible using any web applications?

@andrea @andrew1 someone please advise me.

sso OAuth/OIDC api Developer Blog Comments #customize

2

Once the user has a session for the Okta org itself, they can use it to log into any applications they are assigned without needing to re-authenticate, via SSO. This is reliant on the user’s session cookie (set on the Okta domain when they log in) being present in their browser at the time the /authorize request is made.

For example, after user logs into App A via an /authorize redirect, they can then log into App B, C, D, E, etc when they each (since each application has its own set of tokens) make their own /authorize redirects, but unless the policies in your org require the user to re-authenticate, they will not be prompted to complete primary authentication again

1 Like
3

how can i get the app 2 tokens, app 3 tokens, app 4 tokens, once the user log through app 1 client id & secret by calling /authorize API ?

$authUrl = $issuer . ‘/v1/authorize?’ . http_build_query([
‘client_id’ => $app1_clientId,
‘response_type’ => ‘code’,
‘scope’ => $scope,
‘redirect_uri’ => $app1_redirectUri,
‘state’ => bin2hex(random_bytes(5)),
]);
header('Location: ’ . $authUrl);

Can i have any doc? for clear clarity?

4

You would need to make a redirect to the /authorize endpoint to do this (since SSO is reliant on the user having a session cookie in their browser). The parameters for the /authorize call will depend on what grant type each application is using.

You can find details on how to complete each flow in our documentation here: Implement authorization by grant type | Okta Developer

1 Like
5

so, i have to call /authorize API after log into App A? to get App B token?

6

@andrea any idea?! What do I do to get separate tokens?

7

yes, each application needs to make its own /authorize request with its own client_id included in order for them each to receive their own set of tokens

8

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.