We are investigating how to implement REST API security with Okta through OAuth in our applications. My understanding is that the appropriate OAuth flow for this is client credentials (e.g. if users want to access an API in an automation script).
How can we have separate credentials for separate users wanting to consume the API? Always giving out the same set of clientID and secret seems like a risky practice.
If I look at how this is solved by other companies I see them giving out API credentials per user in their GUI but I don’t see how I can achieve that in Okta OAuth apps.