Hello, we are having difficulties migrating to the okta identity server.
Current our state:
For now we use our identity server. And we get token like this:
POST: {identity server url}/token
POST DATA:
grant_type=zso
user_token={token}
scope=openid offline_access
client_id={client_id}
Our identity server check user_token in our storage and gives auth token.
This auth is used for apple tv boxes to login to tv provider and sign-on technology “Apple TV Provider Authentication and Zero Sign-On” which means only “Embedded authentication”.
user_token is a token which issued and sewn up in apple tv box.
Our goal:
We want to migrate to okta identity server.
We want to send request which are identical to our server. And then there’s two ways:
- Okta syncs with our tokens and used ids. Then okta checks user_token. → Inline hooks(token hook as I understand) triggers and adds claims and issues an auth token. → Okta issues an auth token
- Okta uses inline hook → Our hook validates user_token and adds additional claims → Okta see that token is validated and issues an auth token
Question:
Is this authentication flow possible using okta identity server? If yes, what steps should we take conceptually to achieve this flow using okta?