'How to implement custom API keys using Okta
I am looking for instructions to implement API keys to protect an API using Okta.
The idea is similar to the GitHub Personal Access Tokens workflow.
The frontend application will have the access token to unblock access to the BFF.
It is not per end-user auth but about access tokens between applications ( App-2-App authorization, as opposed to End-User-2-App authentication? If that makes sense ).
Thanks, André
Solution 1:[1]
You can register an OIDC application with client_credentials OIDC flow, which will allow that application to use client id/secret pair to get an OAuth access token to call your API. It's exactly for your use case of some system app/account to get a JWT to call back-end services
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Philipp Grigoryev |