Which API to use

Hi Team
I am very new to okta in general . I am working on an initiative to create a wrapper api to validate user with credentials (userid/password) and want to return JWT token with the org/sub org for the user . This api is going to be use to authenticate and authorize (the authorization logic will be within the new api that I am writing) .
Question 1:
Which api should I be using to validate userid/password and get a JWT token
Question 2 : Is there any way the input userid /password can be encrypted ( does okta provide any library for encrypting the credential before calling the api
Question 3: Is there any api which can validate an existing JWT token

I looked at the documentation there several api but im not sure which one I should be using looking for some suggestion .
The idea is that once the user get this JWT token it will be passed as header to the downstream api which will make call okta ( some api) to validate the JWT token (validity /expiry ) and based on the authentication of the token it will perform the task .

q3: you can do local validation with okta-jwt-verifier (https://github.com/okta/okta-oidc-js/tree/master/packages/jwt-verifier), or call okta /introspect endpoint to perform online validation
q2: no
q1: you can use either resource_owner OIDC flow, if you need to capture user credentials, but I’d rather recommend redirecting your users to Okta for authentication, if it’s not against your rules, with authorization_code flow (for web-app) or PKCE flow (for SPA)

as for API it’s https://developer.okta.com/docs/reference/api/oidc/

1 Like