Get access_token using another access_token in .NET

We have an ASP.NET Web API application which uses the OktaWebApi library for authentication. There is a corresponding Service application in Oka for it, and using its ClientId and ClientSecret we are able to get an access token and successfully reach Authorized endpoints.

We also have an ASP.NET MVC application, which uses the OktaMvc library for authentication. There is a separate OAuth application in Okta for it, and we can login to it successfully.

The MVC site needs to make calls to the Web API, and we can do it successfully using ClientId/ClientSecret, however, we want to get an access token for the Web API based on the current user logged in to the MVC site.

Is this possible? And if so, can someone point me in the right direction of where to find the needed information for how to achieve it?

Your MVC application is using oAuth, I usually have my own token service in .NET apps since I do not want to use implicit flows but are you using OWIN? If you do not mind, can you share your startup class of your MVC app?

Thanks for your reply @Ironhide, below is the OWIN Startup class for the MVC application.

using Microsoft.Owin;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Cookies;
using Okta.AspNet;
using Owin;
using System.Collections.Generic;
using System.Configuration;
using System.IdentityModel.Claims;
using System.Net;
using System.Web.Helpers;

[assembly: OwinStartup(typeof(InfoEx.Web.Startup))]

namespace InfoEx.Web
    public class Startup
        public void Configuration(IAppBuilder app)

        private void ConfigureMvcCookieAuthentication(IAppBuilder app)

            app.UseCookieAuthentication(new CookieAuthenticationOptions());

            app.UseOktaMvc(new OktaMvcOptions
                OktaDomain = ConfigurationManager.AppSettings["okta:OktaDomain"],
                ClientId = ConfigurationManager.AppSettings["okta:ClientId"],
                ClientSecret = ConfigurationManager.AppSettings["okta:ClientSecret"],
                RedirectUri = ConfigurationManager.AppSettings["okta:RedirectUri"],
                PostLogoutRedirectUri = ConfigurationManager.AppSettings["okta:PostLogoutRedirectUri"],
                Scope = new List<string> { "openid", "profile", "email" }

            ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12;

            AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.NameIdentifier;

how did u setup ur statup class for .net?