Integration of frontend and resource server using okta authentication and client credentials API authentication

We have an application that has frontend UI(Which is a web application) which communicates with a resource server. Our frontend will be using some APIs from a resource server to get data.

I am planning to add frontend to Okta and provide access to okta registered users.

In the resource server, we have some APIs that we want to expose to our customers to integrate in their system(Programmatically). To use our APIs, we have to provide client credentials(client ID/secret) to them. Using clientId/Secret, they will get access_token and will use that in a subsequent request. We can display this clientId/Secret via frontend UI once the user logs in to it via Okta.

How should I authenticate requests to the resource server from the frontend? And how do I authenticate requests to resource server via customer using clientId/Secret? Should I use one or two different tokens for this purpose?

Does Okta provides per-user client Id/secret that user(customer) can use to get access_token and send it to access resource server and resource server validate token against Okta.

Hi @pulkit

You can generate for each customer an OIDC app in Okta that uses client credentials flow, so that each access token generated can be traced back to a particular application.

To validate the access tokens on the resource server, you can use a JWT verifier which verifies the access token’s signature using the signing keys of a custom authorization server inside your Okta tenant.

In order to achieve this, your Okta tenant requires the API Access Management feature. If you don’t have the feature enabled (easiest solution would be to navigate to https://yourCompany.okta.com/oauth2/default/v1/keys and check the response), please reach out to your Okta representative.