I am very new to okta in general . I am working on an initiative to create a wrapper api to validate user with credentials (userid/password) and want to return JWT token with the org/sub org for the user . This api is going to be use to authenticate and authorize (the authorization logic will be within the new api that I am writing) .
Which api should I be using to validate userid/password and get a JWT token
Question 2 : Is there any way the input userid /password can be encrypted ( does okta provide any library for encrypting the credential before calling the api
Question 3: Is there any api which can validate an existing JWT token
I looked at the documentation there several api but im not sure which one I should be using looking for some suggestion .
The idea is that once the user get this JWT token it will be passed as header to the downstream api which will make call okta ( some api) to validate the JWT token (validity /expiry ) and based on the authentication of the token it will perform the task .