We’ve build an Authorization Component (.net core) that authenticates users through Okta, using the PKCE flow.
All other components (.net core) are secured using Okta.AspNetCore.
In a nutshell, the Authorization Component implements the PKCE flow, and generates an Access Token that is used by the other components, by using the Okta.AspNetCore middleware.
We are now moving the components to Google Cloud, and we will be using Cloud Endpoints for security.
According to the guide, after configuring Okta, the component OpenAPI specification will need the following configuration:
securityDefinitions: okta_jwt: authorizationUrl: "" flow: "implicit" type: "oauth2" x-google-issuer: "https://YOUR_OKTA_TENANT_NAME.com" x-google-jwks_uri: "https://YOUR_OKTA_TENANT_NAME.com/oauth2/v1/keys" x-google-audiences: "YOUR_OKTA_CLIENT_ID"
As can be seen, this seems to indicate that the integration between Okta and Cloud Endpoints is based on the Implicit flow.
After everything is configured, the Endpoints can be access adding the Access Token generated by the Implicit flow:
For some reason, the Access Token that is created by our component, does not work with the above configuration.
I would like to ask if there is a way to use the Access Token generated by the PKCE flow, with Google Cloud endpoints.