We have existing express application and we want to integrate OKTA universal login/okta redirect login, our current login flow is client side with react and express for api… with our login flow we have multiple validation including external API call to validate member data.
Now following the okta documentation with implicit flow the client is the sole responsible for initiating a login and retrieving the access token, and this token will be use for subsequent request to resource server. Now there seems to be no way to make an external API call since the login is handled by OKTA and the only way is once the access token is return to the client… my question is, is it possible that with implicit flow the backend is the one that will retrieve the access token, and make an external api call to verify the data inside and return either 200/400 ?