programmatically access other Okta-enabled apps via API


#1

I have an application I developed that uses Okta for authentication. Once a user authenticates to Okta, can I use their token to programmatically access other Okta-enabled apps via API? Our app doesn’t have UI involved so its not browser related.

What I need is, once user is authecticated to OCTA via primary authentication API and get the session token, what would be the next step or API calls which would be require to get an access of other pre-configured apps in Okta. Salesforce.com (Federated ID) app is a assigned application to Okta users.

I saw the response on https://support.okta.com/help/answers?id=9062A000000QuZkQAK but couldn’t get the exact steps need to be followed. Please provide sample call or code if possible.

Thanks,
Hemant


#2

Are you trying to get an API token for Salesforce?

Or are you trying to SSO them into Salesforce?

Or are you trying to get a token for your APIs?


#3

Hello Tom,

I am trying to get Access token from Salesforce which is generated post successful login. So if I am able to SSO into Salesfoce using API rather than browser URL, that would help.

Let me know if you need more information.

Thanks,
Hemant


#4

I’m still confused on what you are trying to do. Are you trying to make an API call on behalf of a user to Salesforce that already authenticated with Okta? Or are you trying SSO the user and get them into Salesforce.

Tell me what the end user is seeing, that might be a better way to illustrate what you are building.


#5

“I’m still confused on what you are trying to do. Are you trying to make an API call on behalf of a user to Salesforce that already authenticated with Okta?” Yes.

end user should see the Salesforce records after authenticated with Okta.

Thanks,
Hemant


#6

end user should see the Salesforce records after authenticated with Okta.

In Salesforce or your application?


#7

Hello Tom,

in my application.


#8

yes that’s exactly I want.


#9

There isn’t anything in Okta today to help you do this today. But you could create a service that would do this for you.

On your backend, you would use Okta and OpenID Connect to authenticate the user, then allow the user to authorize your application in Salesforce for OAuth. Once this occurs, you will be able to create a JWT bearer token for the authorize user and call the Salesforce API.

https://help.salesforce.com/articleView?id=remoteaccess_oauth_jwt_flow.htm&type=5

You would need to orchestrate this in your application though

Hope this helps,
Tom