Direct Authentication — Password + OTP Multi-Factor Authentication
Send the user's credentials to the token endpoint. If MFA is required, the server returns an mfa_token for the next step.
/oauth2/default/v1/token
password
Enter the one-time passcode from your authenticator app to complete multi-factor authentication.
/oauth2/default/v1/token
urn:okta:params:oauth:grant-type:mfa-otp
Test the access token by making an authenticated API request to a resource server.
Use the endpoints below to inspect, revoke, or end sessions for the tokens obtained above.
Call the /userinfo endpoint with the access token to retrieve the authenticated user's profile claims. API Reference ↗
Call the /introspect endpoint to inspect the token and verify its active status, scopes, and metadata. API Reference ↗
Call the /revoke endpoint to revoke an access or refresh token, rendering it unusable. API Reference ↗
End the user's Okta session using RP-Initiated Logout. Will open in a new browser window. API Reference ↗
Use the Okta Management API to view and update the application. Requires management scopes (e.g. okta.apps.read, okta.apps.manage).
Call GET /api/v1/apps/{appId} with the access token to retrieve the application object from Okta. API Reference ↗
okta.apps.read is not included in the authorize request. Call PUT /api/v1/apps/{appId} to update the application. Use "Load Current" to fetch the current app JSON, edit it, then send the update. API Reference ↗
okta.apps.manage is not included in the authorize request.