Java client authentication

After using the Okta Java Authentication SDK to obtain a session token, how would I exchange this for IDToken/AccessTokens?? Am I going about this wrong for a Native Java Client Application? This is NOT an application with a Browser frontend. The server is accessed by API calls that we are trying to move to Okta for user management and JWT creation. What is the best way to go about this with Okta?

You would need to sign into the OIDC/OAuth application created in Okta to represent your native application. Something like that should give you some info - https://developer.okta.com/blog/2018/12/13/oauth-2-for-native-and-mobile-apps

My problem is the redirect that happens with the /authorize endpoint that is returning the auth code I need to give the /token endpoint. Do I need to create a api endpoint for that redirect and then just forward the code and state values back as a response to that redirect? I guess in doing that the initial request to the /authorize endpoint word return to me the code in the body. I was hoping that since this is a Native desktop application I would not have to deal with the redirect. Thoughts?

Oh man, I wish I had some experience with native apps… But thinking out loud, I can suppose that it should be not too much different from SPA. When SPA is redirected to /callback with code it doesn’t really redirects user to any site, only captures this code and calls /token. I assume, that it’s possible to do in the native app as well, no?

Sorry, man, haven’t had a chance to mess with native apps… yet… I hope :slight_smile:

Did some research out of curiosity and recalled that a special URI is used for native clients. Check this section: https://github.com/openid/AppAuth-Android#capturing-the-authorization-redirect

It’s defined in this RFC https://tools.ietf.org/html/rfc8252

Yeah, saw that. That works on android because it knows how to handle that redirect url natively. Can’t use it outside of android.

Have you checked 7.3 in RFC? It’s about desktop

Huh… Missed that. That is an interesting trick. I’ll give it a try. Thanks for the info!