I’m very new to IAM and trying to work on a solution for my web app. Currently I have Okta User & Authentication API endpoints proxied through API Gateway. This gives me session token to work with but cannot control the user’s access to protected resources. I would like to step up the security with JWT tokens and granularize the access on resources for each user.
I tried to follow the okta documentation for OpenID Connect & OAuth 2.0 API but could not implement this. not sure what I’m missing.
I know LDAP has a provision for defining the protected resources and granularizing access but I don’t see how can I do this with Okta.
So you’re looking to protect your App Server with JWT issued by Okta? This sounds like an OAuth use case for sure and will require a few more steps
Maybe it would help to look at one of our sample implementations for how to set this all up. For example, if you need to protect a resource server, two things will need to occur:
User logs into a client application to request tokens. See our SPA sample apps for reference: React, Angular, Vue
When user attempts to access your app/resource server, the access token issued to them by the client application should be sent as the authorization for their request. Your resource server will then validate the token and grant the user access. See our resource server sample apps for reference, which you can test with our SPA samples: Java, .NET, .NET Core 2.x, .NET Core 3.x, Golang, PHP
If you haven’t already, I also recommend reviewing our blog for posts that relate to your use case and language/framework preferences: Blog | Okta Developer
