Token exchange for Social Logins

Hi All,

I am trying to integrate social login to my app and did the necessary setup at both the ends(Okta and Social Identity Provider eg. facebook). Able to get the access token and id token by exchanging the authorization code. Now i need to exchange the external Identity provider’s access token with the access and refresh token from the authorization server set up on Okta for my application. Is there any way to do so, will it be via token exchange or any other way to authorize user and get the access/refresh tokens from app’s Auth server.

I’m not sure I follow your use case. With an external/social Identity Provider connected to Okta, Okta will be the one requesting tokens from the IdP in order to JIT/log the user into Okta. Once the user has an Okta session, your application can then request tokens, issued by Okta this time, for the user so they can access the app.

Thanks @andrea , the app i have set up normally (authentication without social login) issues access token and refresh token as per the policy set in authorization server on okta. My question is on the second part once i get access token and id token from okta(on behalf of external identity provider) how would then i exchange it with access and refresh tokens issued by okta auth server meant for the app. I tried token exchange allowing facebook app id(created as identity provider) in my authorization server but i get subject token is invalid. Also trusted server token exchange didnt work either.