Integrating external provider using oidc protocol

Questions
1

Hi Everyone,

I’m currently working on integrating a biometric authentication solution called FaceTec with Okta. FaceTec consists of a client and an API, and the goal is to integrate it as an external Identity Provider (IdP) using the OpenID Connect (OIDC) protocol. After reviewing the Okta documentation, I’ve outlined the following authentication steps:

  1. The user clicks a link and is redirected to Okta.
  2. Okta redirects the user to our external provider’s /authorize endpoint.
  3. Our external provider authenticates the user via FaceTec and returns an authorization code to Okta.
  4. Okta exchanges the authorization code for tokens and redirects back to a predefined redirect_uri.
  5. The user is authenticated and granted access.

I would appreciate it if someone could help me validate whether this design is correctly structured or if there are any adjustments needed. Specifically, I’m looking for confirmation on:

  • The accuracy of each step in aligning with OIDC protocols.
  • Any common pitfalls or additional configurations required on both Okta and the external provider side to ensure a smooth integration.
2

That is authorization code flow in a nutshell. You are going to use the OIDC identity provider (under Security) to establish the connection. On the FaceTec side you need to build application configurations, just like you build them in Okta. The Okta side needs the URL for the authorization server, the clientID of the application configuration, and a client secret from FaceTec. If the FaceTec side works right, it should come together very easily.

Future note: OAuth2.1 will require everyone to use Authorization Code Flow with PKCE, so there may be a point at which you have to deal with proof key for code exchange in FaceTec.

2 Likes
3

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.