Hi, new to Okta and OAuth.
I’m a bit thrown off when I keep reading API gateways should handle authorization. Should requests for auth codes / code for token exchanges be sent to the API gateway which then forwards them to Okta? Or should these requests just skip over the API gateway and go straight from an app / front end website to Okta?
API gateways can be used in order to filter the requests based on number, IP address, content, etc. and not expose the Okta endpoints directly. If you would like to have control over the flow and avoid any potential malicious requests or rate limits, then the solution is for the application to access the API gateway and then the API gateway will verify the request and forward it to Okta.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.