Getting access_token without a UI


#1

I’m trying to write some test automation around an API that uses okta authentication. The previous flow (before we implemented okta) did a simple user/pass authentication as a POST request, and returned a session token for me to use. What is the best way to do this with okta? I have user credentials to use, however all of the documentation I’m reading requires that I hit the UI (pass in a redirect_uri).

I want to simulate a user after they’ve logged into okta, with their username/password (I’m not trying to test okta authentication, I’m trying to test the api as a user that has already logged into okta).

Looking at this endpoint, I think this is the one I want, however it requires a redirect_uri, which I assume means I’m going to need a browser running:
https://developer.okta.com/docs/api/resources/oauth2#request-a-token

What endpoint(s) and/or configuration should I set up to be able to do this? Using selenium or another browser based testing tool is not something I should have to consider here.


#2

You can use grant_type=password and then you don’t need to specify a redirect_uri. This will give you similar functionality to what you had before. However, it’s probably more secure to use basic auth with client id / client secret, which is documented just a bit below the link you mention.


#3

We ended up using grant_type=password and that worked pretty well.

Thanks for the quick reply!