Native to Web SSO

1

Native App

Select Tokens from Wallet

Select an access token (actor) and an ID token (subject) from your wallet. The ID token list auto-filters to match the selected access token's issuer.

AT Actor Token (access_token)

Loading wallet tokens...

ID Subject Token (id_token)

Select an actor token first

Need a token?

2

Native App

Exchange for Interclient Token

Exchange the access token (actor) and ID token (subject) for an interclient token targeted at the web application.

/oauth2/default/v1/token grant_type=urn:ietf:params:oauth:grant-type:token-exchange

Configuration

Target Web App Client ID (audience)

cURL Command

Explain cURL | regenerate curl

Response

3

TARGET WEB APP

Web App Generates Tokens

The Source Application will securely transfer the interclient_token to the Target Web Application, in our example we obfuscate via a GUID & copy/paste to the target browser. The additional OAuth parameters are included here as a convenience for saving the configuration in this simulation tool, the target application would designate the launch parameters.

/oauth2/default/v1/authorize interclient_token={web_sso_token}

Configuration

Authorization Server

/oauth2/default/v1/

Client ID

Client Secret

Redirect URI

Code Verifier

State

Nonce

Scopes (optional)

Configure Okta Domain and Authorization Server to load scopes

Response Type (optional)

code token id_token authorization_code

Authorize URL

Explain parameters

Save Configuration

Saved Configurations

Select Tokens from Wallet

Exchange for Interclient Token

Securely Transfer interclient_token to Web App

Web App Generates Tokens

Parameter Details

Authorization Server Info

Message

Token Details