According to the docs, I suspect that the best endpoint for letting users register is the one documented under Create User with Password. However, this API endpoint requires an API token - meaning at the very least you’d need middleware if not backend to hide this token from being utilized. It makes sense, you don’t want people to find your API+token and just spam it with registrations. After creating a test proxy using Express, I’m now getting redirects to /oauth2/authorization/okta which I’d like to avoid to keep users within the page.
My questions are then:
Is this the intended API flow for registering new users?
Is there any shortcomings of this approach?
What is the purpose of the redirect being sent? Can it be disabled?