Machine 2 Machine communication in OKTA

I have a following usecase:

I need to call multiple okta apis like /groups, /users etc for some internal requirements.
How can I call these api using client_credentials flow using client_id and client_secret without signin?

I am able to call api using private key pair, but is it possible to achieve the same using client_id and client_secret?

Hi,

To interact with Okta APIs with a service app you can try following this doc Implement OAuth for Okta with a service app | Okta Developer

You will need to use public private key pair since using client_id/client_secret is not supported with this

2 Likes

@vk-giri Thanks for you response. I just wanted to know a few things:

Since we cannot ask our clients to create another service app via public private key pair,and using API access token , expiry is max 30 days for token, Is there any other way via which okta apis can be called? Just like in Azure, Apis can be called directly using client_id, client_secret and tenant_id

The private_key_jwt client authentication method is the only supported method for OAuth service apps that want to get access tokens with Okta scopes.

As @vk-giri said and the documentation they linked to confirms, Okta does not support requesting Access Tokens that can be used against Okta’s endpoints using Client Credentials flow with Client ID:Client Secret auth, as we require that Private Key JWT client authentication be used for enhanced security.

2 Likes