Let me see if I understand your problem correctly -
Assuming that you’re using the Authorization code flow,
- You have a setup with front-end doing the login and getting the access token -> /authorize endpoint called, which returns your an authorization_code
- The back-end then exchanges the code to get back and access_token
- You pass the access_token to your spring-boot back-end which validates the token and processes the request
- You want to validate the back-end without front-end dependency
With postman, the only difference from the above flow is that you call /authn endpoint first to get the sessionToken
Now you should pass the sessionToken to the /authorize call which should return you the authorization code in the URL
Then you call the /token endpoint with the code and get back the access_token
Once you have this token, you can test your back-end using this.
See - https://developer.okta.com/docs/api/resources/oidc#authorize
This thread might be helpful - Using sessionToken how can get access_token and id_token
Disclaimer - I haven’t tried this flow using postman. Postman requires interceptor for this to work and you also have to follow redirects.