OKTA Authentication from command line

Hi Team

I have a requirement to perform OKTA login through the command line without opening the user’s Web Browser. Where the user can enter the username password and also perform MFA from the command-line itself.

Currently, we are using a SAML based application and to perform the above
• From the command line, we open a browser tab
• User performs authentication
• After successful authentication the tab closes and control gets back to the command line (With the help of a local webserver)

We want to remove the browser dependency totally from our flow.

Also explored the option of OpenIdConnect.
Out of the 4-5 ways mentioned only the ‘Resource Owner Password Flow’ authentication can be done totally from the command line. But this is not at all secure as the client secret needs to be present with the user performing authentication.

All the api endpoints exposed by Okta perform redirections on the Browser and cannot be used as an AJAX call.

Can you please let me know how to proceed with this

You can try out the method outlined here. Just keep in mind that this flow will NOT work without user interaction if

  1. User is not a local Okta user (does not have a password in Okta to use for primary authentication)
  2. User needs to be prompted for MFA for the specific application (while MFA that is based on rules that apply to logging into Okta itself can be handled during primary authentication, MFA that is dependent on the application being accessed cannot)