I have configured an SPA app in Okta and using React with Authorization code flow KCE for authentication. Client now send the access token it received from Okta to make API calls to server. Now I want to know how server is verifying this with Okta?
No code or okta related endpoint has been added in server except com.okta.spring dependency in pom.xml and okta.oauth2.issuer in properties file. I wonder how everything is working with just these two.