I have just started experimenting with Okta. I have built an angular 2 (running as part of a MEAN stack) application and successfully got authentication to work using: https://developer.okta.com/blog/2017/04/17/angular-authentication-with-oidc.
I would like to expand on this and use Okta to add authentication to the API side of my node application. I’m not sure if I just went down the wrong rabbit hole or if there is a way for my API to get the token produced with the above example and validate it.
I’ve tried usinghttps://dev-586268.oktapreview.com/oauth2/xxx/v1/introspect with the token I got back and it keeps coming back with active:false. Am i mixing solutions? Is there a document showing how to allow login to my app but also keep my API secure?