We have a backend api application (say API Server App) with a React based Single Page App in the front (SPA Client).
We use the Okta sign-in widged for the front end authentication and use the jwt tokens for authenticating/authorizing the API calls into the API server app. Our backend is a spring boot application, with the spring security oauth2 module.
This piece works as expected.
We’re now in the process of adding server to server authentication for being able to access our APIs on the API server app from another Client App.
We’re trying to see what would be the best way to authenticate to our backend apis from this client app. The client app is another java based application running on a tomcat server.
Logically, it seems like we could use a client id/password to get a token for the Client app and then supply that token to our API server app.
In our POC, this does not work (Token gets rejected). It seems the client id/client password based solution requires us to set a Native Application in Okta for our Client app. the client id of this is different from the client id of our SPA app and the SPA’s client id is what is configured in the API Server’s oauth2 configuration.
How can we make the Client app work with the token in this case?