Direct Authentication — Password + Okta Verify Push MFA
Send credentials to get an mfa_token for the push challenge.
/oauth2/default/v1/token
password
Send an MFA challenge request to trigger an Okta Verify push notification.
/oauth2/default/v1/challenge
Poll the token endpoint while waiting for user to approve the push notification.
/oauth2/default/v1/token
urn:okta:params:oauth:grant-type:mfa-oob
Test the access token by making an authenticated API request to a resource server.
Use the endpoints below to inspect, revoke, or end sessions for the tokens obtained above.
Call the /userinfo endpoint with the access token to retrieve the authenticated user's profile claims. API Reference ↗
Call the /introspect endpoint to inspect the token and verify its active status, scopes, and metadata. API Reference ↗
Call the /revoke endpoint to revoke an access or refresh token, rendering it unusable. API Reference ↗
End the user's Okta session using RP-Initiated Logout. Will open in a new browser window. API Reference ↗
Use the Okta Management API to view and update the application. Requires management scopes (e.g. okta.apps.read, okta.apps.manage).
Call GET /api/v1/apps/{appId} with the access token to retrieve the application object from Okta. API Reference ↗
okta.apps.read is not included in the authorize request. Call PUT /api/v1/apps/{appId} to update the application. Use "Load Current" to fetch the current app JSON, edit it, then send the update. API Reference ↗
okta.apps.manage is not included in the authorize request.