PKCE Flow From Console .NET Core App

Hello. I have a SPA app setup with PKCE flow and .NET Core backend. I can login through the Web UI (vue) but I have odata setup on the api and would like to use it in a console app. How could I go about getting a token for my console application to use to call the odata endpoints that are secured?

Do you need to have user scoped tokens? If not, and you just need to call the endpoints, you can look into using Client Credentials flow to generate these tokens: the only call that’s required for this flow is a call to the /token endpoint with the client ID/secret (you may need a separate application to do this in Okta)

Are you looking to just test your integration? One thing you can take out is this pkce-cli tool our Evangelism team made to lets you pass in your environment variables and requested scopes so that you can get a token returned. Note that the browser is still used in this flow (to handle your Okta session and request the authorization code).

There are ways to get user scoped tokens via command line, but these user scopes flows are usually handled in a browser and there are some limitations to doing it purely server-side. Main limitation is that, because primary authentication is involved, this will only work with local Okta users (they have a password in Okta and are not Federated). If this set up interests you, check out Dragos’ advice in this thread.

Thank you Andrea. The Client Credentials flow was just what I was looking for. I can now access my odata api though another application.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.