We have a REST APIs which other product is consuming or sometimes we are calling our REST APIs from the REST Client or the SOAP UI.
We are using OAUTH2.0 in our product and if somebody want to access our APIs, they have to first gather the token by calling the /token API and in subsequent API calls they have to provide the token in the header and if the token is valid then we will process their request.
Now we are adding support for SAML in our product, So all the user credentials are now moved to the IDP server. We successfully did the Change for the UI part but for Non-UI(REST APIs or Command Line) we are doing some research means what is the best approach to authenticate the APIs as credentials are now on IDP server.
So for the APIs part, I added Authorization server on the Okta and we are using Okta API https://dev-451813.oktapreview.com/oauth2/default/v1/token and passing grant_type=password to get the JWT Token.
Once we get the response code 200 and JWT Token(means the user is valid) we are extracting the username from it and will pass it to our application, then our application will create its own Token and will return to our APIs caller and we will discard the JWT token after extracting the user name as we don’t want any other information from IDP server.
First i want to check, Is this the correct approach?
If yes then I am checking if the similar work flow will also work with the grant_type=authorization_code.
Actually i don’t want any popup or re-direction happen on the APIs side and it ask for the IDP server credentials as i don’t want manual intervention, I am looking for APIs where i will provide all the needed information including username and password after that i will get the JWT Token.
I am able to do this the grant_type=password but i also wanted to check whether the same possible with the grant_type=authorization_code.