Open mxmader opened 4 years ago
@mxmader Thanks for the Okta API information. I've ran into the same issue with validating tokens (SPA frontend with a Connexion/Flask API app), as the Okta account does not have the feature enabled for authorization servers.
Was your solution to make a post request from your resource server with the provided access token and client ID?
@HenrikR effectively, yes. I've since moved on from the project I was maintaining whereby I created my own solution, but the high level steps were:
/authorize
with /inspect
.I had the same problem, but after changing issuer from https://dev-XXXXXX.okta.com to https://dev-XXXXXX.okta.com/oauth2/default on client (angular) and backend (django) it started to work.
Per:
https://github.com/adithyasampatoor/okta_jwt/blob/b1072da18b467bc7e37199813573e25c904194ea/okta_jwt/jwt.py#L145
I cannot use this library for a "stock" Okta account that does not have the ability (or necessity in my case) to create a "custom authorization server" since the URL pattern above is imposed.
If this is intentional, perhaps you should state as much on your README.md page. I subsequently discovered that this Okta API call is sufficient for my needs in the use case of a python API sitting behind a React / SPA app (using the PKCE flow for authentication):
https://developer.okta.com/docs/reference/api/oidc/#introspect
As an aside, thank you for writing and publishing this library as it helped spur my investigation and knowledge acquisition of implementation detail with respect to the combination of Okta, OAuth2, OpenID Connect, Single-page applications, and Python REST API development.