My work uses a website to download files through its UI. We have a valid user login for the server which uses OKTA for the auth process, but we want to automate the process programmatically.
When logging in the website through its UI, I captured a POST request to https://sso.verisk.com/api/v1/authn with the valid username and password and another POST request to https://sso.verisk.com/oauth2/ausce3eyr3v1MCE0O2p7/v1/authorize with client_id, code_challenge, code_challenge_method, nonce, redirect_uri, response_type, sessionToken, state, and scope in network tab.
To automate the process, I first sent a POST request to https:///api/v1/authn with the valid username and password in json format. This returns a status code of 200 and receives a sessionToken and a _embedded/user/id which seems a client_id.
Then I sent a POST request to https://sso.verisk.com/oauth2//v1/authorize with the sessionToken and the client_id as well as other required params as query params, but it always returns 400 not found.
Except for arbitrary values that change every login trial, I know sessionToken, clientId, redirect_uri, response_type, scope, and codeChallengeMethod.
Is it possible to programmatically log into a webpage that uses OKTA for authentication? If so, are there any missing steps in my way?