Hello everyone. I’m investigating a use case for Okta and I was wondering if a certain scenario is possible.
Right now, Okta is used solely for authentication purposes (no custom claims, scopes or groups). Barebone as it gets.
Does Okta support generating access (or refresh) tokens for a specific user, through API?
Eq. User A has a CLI project and instead of giving a password to a coworker User B for authentication, he would like to generate a token with custom claim/scope (we would process the scope, we just need Okta to process and validate the request).
Can that be done without admin stepping in and doing it manually?
Okta does not have this capability out of the box, however you can deploy an application that runs on the back-end channel and uses for example Resource Owner Password Flow to retrieve an access token and pass it in the front-end channel.
@dragos - I see. We already use this approach with our web app, but I was hoping that there might be a way to generate a custom one, with certain data, that is different from the Bearer token.
It’s already possible to use just the access token we receive as you say and tell the user to use that in CLI configuration, but that would mean the user has to update this token as it has an expiration.
We are also not able to give user token with only certain rights (read-only for example).