We are using OKTA OpenId Connect rest API for authentication, when I call /oauth2/v1/authorize with session token, client id and other parameters I am getting html form as response with token and other response parameters as hidden fields. I am expecting a json output not html form page. I might be missing something, appreciate any inputs
Here is the response I am getting
redirect uri html with these as hidden fields.
The format of the authorization response is controlled via the response_mode parameter. Okta supports several modes including query, fragment, form_post, and okta_post_message (proprietary).
The authorization endpoint is not a JSON API. Its intended to be a front channel endpoint that you redirect the browser to. The token endpoint is the back channel endpoint that returns JSON.
Are you trying to use OIDC from a Single Page App? If so, you might want to look at using okta_post_message which can use HTML5 PostMessage with a hidden iframe.
Thank you mcguinness. This is a regular spring web application, so I guess I have to use token endpoint as you suggested but I am getting missing client credentials with token end point even though I am providing client id and secret.
Our requirement is if the user exists in OKTA, authenticate the user, generate token and redirect user to a different domain with the token.
These are the steps I was trying before.
1.authenticate user with /api/v1/authn call
2. generate token using /oauth2/v1/authorize. since this is returning html response, I can’t use this as you mentioned.
so if I use /oauth2/v1/token, do I still have to authenticate the user using /api/v1/authn or can I directly use /oauth2/v1/token with password grant type?
you should be able to use the password grant_type directly for your use case and avoid going through AuthN API. You will need to use client credentials