Retrieve id_token from sessionToken

Hi,

I am using the com.okta.authn.sdk.client to authenticate a user. This gives me a sessionToken in the response.
From this sessionToken I would like to retrieve an id_token (jwt) from the authorization server.
Is it possible to retrieve the id_token via an api call or utlilizing any sdk from the backend?

The only way I found that I can get the id_token is to enter the following URL into a browser which contains the sessionToken as a parameter:

Request-URL
{{OKTA-HOST}}/oauth2/v1/authorize?client_id=xxxxxxxxxxxx
&response_type=id_token&scope=openid&prompt=none&redirect_uri=https://localhost:80&state=Af0ifjslDkj&nonce=n0S6_WzA2Mj&sessionToken=2012…zhN5

Response-URL:
https://localhost:80/#id_token=eyJra....VFddrg&state=Af0ifjslDkj

Any thoughts how this could work from the backend without any redirects going on?

You can retrieve an id_token by passing the sessionToken in the /authorize request so that the user is not prompted to authenticate.

Since you are using a backend, you might want to use the authorization code flow instead since you might not able to parse the id_token from the fragment (#). With the authorization code flow, you will get an authorization code as a query parameter. Your backend can then parse it and make a /token request to retrieve tokens.
https://developer.okta.com/docs/guides/implement-auth-code/overview/

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.