OAuth 2.0 / OpenID Connect Authentication for Web Applications
Redirect the user to Okta for authentication/authorization. After successful authentication, Okta returns an authorization code which is exchanged for tokens.
Use the endpoints below to inspect, revoke, or end sessions for the tokens obtained above.
Call the /userinfo endpoint with the access token to retrieve the authenticated user's profile claims. API Reference ↗
Call the /introspect endpoint to inspect the token and verify its active status, scopes, and metadata. API Reference ↗
Call the /revoke endpoint to revoke an access or refresh token, rendering it unusable. API Reference ↗
Exchange a refresh token for new access and ID tokens using the /token endpoint with grant_type=refresh_token. Docs ↗
End the user's Okta session using RP-Initiated Logout. Will open in a new browser window. API Reference ↗
Use the Okta Management API to view and update the application. Requires management scopes (e.g. okta.apps.read, okta.apps.manage).
Call GET /api/v1/apps/{appId} with the access token to retrieve the application object from Okta. API Reference ↗
okta.apps.read is not included in the authorize request. Call PUT /api/v1/apps/{appId} to update the application. Use "Load Current" to fetch the current app JSON, edit it, then send the update. API Reference ↗
okta.apps.manage is not included in the authorize request.