How auth flow should work with @okta/oidc-middleware and external backend

Hey everyone. I am running an external nodejs backend and a react FE.

In my backend i am doing router.use(oktaAuth.router); and im setting up the oktaAuth using new ExpressOIDC from @okta/oidc-middleware.

I have a protected route by using oktaAuth.ensureAuthenticated().

My flow is when user logs in, FE redirects user to the backend route http://localhost:3030/login

1. I login to Okta
2. Login succeeds
3. After login succeeds the okta auth flow redirects to the backend base route
   from there I have this line of code to redirect to the FE right away
   router.get(‘/’, (req, res) => {
   res.redirect(process.env.FRONTEND_BASE_URL);
   });

I can see that there is a connect.sid= stored but I believe this is in the backend? How can i make an authenticated call to the. backend, do I have to use the bearer token or what? Am i doing this all wrong? Or am i on the right path? Thanks

Easier to use our resource server if you want to use the bearer token instead samples-nodejs-express-4/resource-server/server.js at master · okta/samples-nodejs-express-4 · GitHub

Our samples are fully coded to your use case already - GitHub - okta/samples-nodejs-express-4: Express 4 samples. Will publish an artifact that can be consumed by end-to-end sample repos So would check that out before building it from scratch.

If you are using classic, please move ahead and build it for OIE, as support for classic is lower than the new Identity engine for Okta.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.