Jenkins authentication to Okta app

Hi, I want to have periodic Jenkins job to access an Okta native application. What workflow should I use for this implementation? The native app is configured for PKCE, Authorisation Code.


So you want to use OAuth to access Jenkins, or a Jenkins job to access an OAuth/OIDC app?

If you want a Jenkins job to access an OAuth protected resource then I would suggest a Client Credentials flow used for system to system where there is no user context.

If your app is a OIDC app and there is a user context associated with it how do you plan to authorize for this from the Jenkins Job? Is there a plugin or a way to pre-authorize and collect access/id tokens prior to the job?

Can you provide as much information as possible about what you are setting up and and documentation for plugins etc you will be using.

Thank You,

Thank you.
The current workflow is that user need to log via Okta SSO into the OAuth/OIDC app to access the APIs to submit tasks to the app. So we want to setup Jenkins job to do the same running as part of an automated pipeline. I’m trying to work out a solution workflow but don’t have any idea yet hence no information on any plugin or pre-authorize.

Would the client credential workflow work? Set the configuration on the OAuth/OIDC app with M2M app setup in Okta assigned with scope to the authorisation server?

or use Jenkins OpenID Connect Provider Plugin and authenticate to the authorisation server in Okta?


Hi @erik, putting some further info.
So currently user need to authenticate to a auth server through a client app with PKCE. User would then be authorised to write permission on the backend. Now we want a Jekins pipeline instead of a user, to authenticate to the auth server and have the write permission on the backend.



It might be best to create a support issue so we can go over in more detail and have a screen share.

In general if you need to do a machine to machine type of flow you would use the client credentials grant type.

If you need to obtain an access_token to call your own, or 3rd party APIs you would use the below,

If you need to obtain an access_token to call Okta Management APIs you would use the below,