For more information, see Composing your base URL. Note: This endpoint's base URL varies depending on whether you are using a custom authorization server. See Create an Authorization Server for information on how to create an Authorization Server. See Authorization Servers for an overview of Authorization Servers and what you can do with them. If you have a developer account, you can use the default authorization server that was created along with your account, in which case the base URL looks like this: This kind of authorization server we call a "Custom Authorization Server", and your base URL looks like this: This is for use cases where Okta is the authorization server for your resource server (for example, you want Okta to act as the user store for your application, but Okta is invisible to your users). Okta as the identity platform for your app or API The full URL to the /authorize endpoint looks like this: When Okta is serving as the authorization server for itself, we refer to this as the "Okta Org Authorization Server" and your base URL looks like this: In OAuth 2.0 terminology, Okta is both the authorization server and the resource server. This is for the use case where your users are all part of your Okta organization, and you would just like to offer them single sign-on (for example, you want your employees to sign in to an application with their Okta accounts). You have two types of authorization servers to choose from depending on your use case: 1. Return OpenID Connect metadata related to the specified authorization server.Īll of the endpoints on this page start with an authorization server, however the URL for that server varies depending on the endpoint and the type of authorization server. Return OAuth 2.0 metadata related to the specified authorization server. Return claims about the authenticated end user. Return public keys used to sign responses.
Obtain an access and/or ID token by presenting an authorization grant or refresh token.Įnd the session associated with the given ID token.
Obtain an activation code for the resource owner. Push an authorization request payload directly to the authorization server that responds with a request URI value for use in subsequent authorization requests to the /authorize endpoint. Interact with the resource owner and obtain an authorization grant. Get startedĮxplore the OpenID Connect & OAuth 2.0 API: (opens new window) Endpoints Endpoint
For higher-level information about how to use these endpoints, see OAuth 2.0 and OpenID Connect. This page contains detailed information about the OAuth 2.0 and OpenID Connect endpoints that Okta exposes on its authorization servers. The OAuth 2.0 protocol provides API security via scoped access tokens, and OpenID Connect provides user authentication and single sign-on (SSO) functionality.
Okta is a standards-compliant OAuth 2.0 (opens new window) authorization server and a certified OpenID Connect provider (opens new window).
0 kommentar(er)
