Rob Temple
I’m confused as to why Mulesoft needs the authorization and token urls in the External Client configuration when the calling client application is what uses these. Does Mulesoft (which is the resource provider) actually use those urls?
I am trying to secure an API in Mulesoft using Okta Tokens. I will be using the workflow within Okta (same tenant as the one minting tokens) to send updates to user profiles. It is not a person who is performing this action but the workflow process. This procedure seems to cover users accessing the Mulesoft API- how does this get amended for what I am trying to accomplish? Also, please confirm you have created TWO apps in Okta (since the main document links to other) - one a OIDC Service app (which you call Token Introspection) and another an OIDC Web app (seen in okta-api-center/okta_setup_manual.md at master · tom-smith-okta/okta-api-center · GitHub)