Hey! I want to create an application with such features as
User authenticate into my app and obtain access token through OIDC connect.
The app makes API calls to Okta to fetch logs and it has to be done every day so I think it would be great to have the ability to get a refresh token
But while submitting my application I found out that the offline_access scope is not supported.
Does it mean that I cannot mix these scenarios? Or is it okay to continue this way?
Is it okay to use the OIDC application or does it look more like an API service?
So your integration needs to make calls into Okta’s /logs endpoint? If this connection does need to stay alive and will be used more like machine-to-machine integration, then I think this part would better function as an API Services integration. API Services apps will use Client Credentials flow, so there is not user that would need to re-auth and it would be able to continue to request new tokens as needed.
Then for your SSO portion, you could create an OIDC app so users can log in.
Thanks for your answer. But is it possible to make API calls using credentials obtained via SSO?
For example, the User logs in to my app obtains a token, and then makes API calls.
Or does it have to be two separate applications?
What type of calls are you looking to make? An End-User without Admin permissions typically can only make calls to get or update their own information (e.g. /api/v1/users/me, /idp/myaccount/emails (this last call is only supported for Identity Engine orgs))
I need to access the organization’s users and logs and our users will be administrators.
Some User logs in to my app and there are required that this user is an Okta Admin.
Firstly I need to authenticate the user and obtain permissions for these actions.
So my app will be acting on behalf of an admin user.