Hi,
What about SAML2 application. Does it allow accessing Okta API with okta.users.read grant?
No, these scopes are only possible with an OIDC/OAuth app, as you need to use the application in question to get OAuth tokens to use against Okta APIs
@andrea , the guide listed here doesn’t seem to detail out how to get the initial JWT without generating/signing a JWT. So with that in mind, two questions:
-
Is it possible to get a service application JWT with the okta.users.read scope via a client secret? (i.e sending a request to the org AZ server with a client secret instead of JWT)
-
If option #1 is not possible. Is there a way to get a JWT to forward with the client secret instead of creating/signing a JWT and forwarding that to the service application for a token with the okta.users.read scope?
- No, you must use private key JWT auth to get an Access Token with Okta API scopes for Service apps
- No, because the app will not have a client secret. private_key_jwt is an entirely different token endpoint auth method (compared to client_secret_basic and client_secret_post) and they are used separately
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.