Is it possible to get Okta session token with OAuth2 flow

I’m trying to create a session using Okta’s OAuth2 (using api calls only).
the flow:
1.User enters my website
2.I have my own verification mechanism (that does not include password) so user go through it.
3.Somehow if #2 was successful ,I need to create a session and pass to the frontend.

I’m open to suggestions so if OAuth2 is not the right way (or not the best way) please suggest a way :slight_smile:

Thanks in advance !

Hi @gekaxid811! You’ll need to get a session token from the Okta Authentication API first and then you can exchange that for a session cookie at the /authorize endpoint (OAuth 2.0 API) see - Work with Okta session cookies | Okta Developer.

1 Like

Thanks for answering !
Can I get these token + exchange action without any client’s interaction ?
I mean , backend to backend architecture.
In edition , where can I set the cookie’s domain ?

I see that the Auth API says it allows you to verify the username and password credentials for a user, my users don’t have a password.

@gekaxid811 looks like there isn’t another way to get the session token without any client interaction - OAuth 2.0 and OpenID Connect overview | Okta Developer. Plus -

“A session token is returned after successful authentication, which can be later exchanged for a session cookie…”