I am implementing a system in which a Laravel web server has an API which must be protected only to authorized users (which can be either based on a React Native Application or a CLI). I would want the end users (which would be pre-registered in the okta admin console) to be able to authenticate once to the okta authorization server (using user/pwd credentials) and get a token (optionally with a refresh token) which they can use to access the protected API. Using the documentation I do not find any workflows which corresponds to this. The closest I found was the service client credentials workflow, but this workflow uses a single client ID and secret to get a token, whereas in my case I would like to use personal user/pwd credentials. I have also taken a look at the Native client workflow but this one requires a callback URI, which I do not need in my case as the user does not access the API right after logging in, instead it then uses it occasionally using the token directly.
What kind of workflow should I consider for this use case?