Using Access token as Bearer token as authentication for REST endpoints

Is it possible to pass a users access token to an api gateway which then calls Okta’s REST endpoints and authenticates via a bearer token?

 ┌───┐                ┌───────────┐                     ┌────┐
 │SPA│                │API Gateway│                     │Okta│
 └─┬─┘                └─────┬─────┘                     └─┬──┘
   │/change_password        │                             │   
   │Param: {{ACCESS_TOKEN}} │                             │   
   │───────────────────────>│                             │   
   │                        │                             │   
   │                        │/change_password             │   
   │                        │Auth: Bearer {{ACCESS_TOKEN}}│   
   │                        │─────────────────────────────>   
   │                        │                             │   
   │                        │                             │

Hi @arzemieniuk

Yes, this is possible through “OAuth 2.0 for Okta APIs”. At this point, the feature is in open beta and you can apply here.

Thanks @dragos, unfortunately the dropdown list for “Okta Org Name” only shows “–None–”.

Hi @arzemieniuk

You can enroll into the beta program from oktapreview.com orgs on which you are a super administrator.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.