Reusing Okta auth token with 3rd party web applications


#1

I’m trying to figure out how to do something but am not sure if my assumptions are correct, so wanted to get some validation here:

We are an Okta client with an IT version of the product with API Management feature enabled.
We use API Management to secure a mobile iOS App and the asp.net core web service that the app communicates with using OpenID Connect and JWT tokens.
I would like to present a web application that is secured via Okta (Office 365 application or similar), within the iOS app in a webview without requiring the user to re-authenticate since they are viewing this web application from within an already authenticated mobile app.

My assumption was that I should be able to pass to the Office 365 application, the same Okta auth token in the Authentication header, just how I do when interacting with our web service, this doesn’t seem to work though, it still requires me to authenticate through the Office 365 interface on the web application.

Is this kind of integration possible? Am I missing a crucial step in this process? How can i get this working if it is possible?

@tom any idea about this? You were very knowledgable and helpful with the last post, hoping you might know something about this.

Thank you for your help.