Okta bearer token - Service to service

Question

We have a scenario where we have different apps in the backend that needs to do some operation between them. Those apps are registered in the Okta console and have their own workflow. They both allow access to users that authenticate through an access token that they will get through a process the widget on the web. The two services needs to perform operations between them. For example, on one service we need information about products on another service. But it's not a "user" request, it's a service to service.

As far as my understanding goes, we still need to send a request as it would a normal user, so we need a bearer token to authenticate the request.

I cannot find in the docs a way to request an access token on the backend. I only found some libraries that can help providing a callback uri and multiple step process where you need to have a window to pop up to interact to insert your Okta login.

Is there any way to request an access token as an API call? In the backend services we won't have windows to pop up and authenticate?

We tried to use Okta-auth-js but seems to be more "front-end" oriented as most of the methods are "browser-only".

Answer 1

Yes, you need to create OIDC application of type "OAuth service", which will created "client credential" flow app for you. It supports calls to /token endpoint using client_id and client_secret available after the creation of the app in Okta. As a result of your call to /token directly from the backend, you will obtain an access token for machine-to-machine communication (no user context)