Hi all,
I need to connect a fat client to many webservices. My security team asked me to use okta and kerberos(to provide credentials) to do that.
I have manage to produce an url which works in a browser:
<div class="divider"></div>
</div>
<div class="inactive-tab-content">
<h2 class="inactive-tab-content-title">The page has timed out</h2>
<p class="inactive-tab-details">If this page does not reload automatically, please refresh your browser.</p>
</div>
Do you have any idea to solve that?
regards,
Mathieu
Doing an /authorize should be done with a browser user agent.
If using a terminal, or on a system where a browser is not accessible an alternative would be to do a device authorization grant so the authorization portion could take place on another device with browser access. This is often done with TVs where there might be a limited interface.
If you don’t want to do this then the /authorize call will not prompt a user for authentication if a valid Okta session is sent along with the request (idx or sid cookie), or a sessionToken retrieved from authn is present as a authorize option.
See sessionToken from OpenID Connect & OAuth 2.0 API | Okta Developer authn is the Okta classic authentication protocol and will not have any future work done. Okta does not recommend this flow for new integrations.
If you are on an OIE Org and want to do full authentication from a CLI the new direct auth API which is EA for OIE can be used.