Benjamin Irwin
Hi Matt, many thanks for this reply - much appreciated. And thank you for the youtube video too - really useful
From the tutorial you sent, it looks like you still need to do some manual work to get that access token. We’re advised to go to oidcdebugger in order to generate it and the token we get back ultimately expires.
Is there any way to automate the process of retrieving the access token (e.g. a request to a ‘/login’ endpoint that can be done in the code, or something equivalent)? This way we can manage the authentication process in the code, so that the client doesn’t have to keep manually retrieving a new access token when it expires?
EDIT: I’ve just found the ‘Resource Owner Password flow’ which seems to do what is described (i.e. lets us handle the credentials in our code). I can see we are advised against using this by Okta. But it seems like the only option for what we want? This will enable us to have the client login once to access our API indefinitely.