Okta apps validation

I have 3 okta apps setup.

  1. Okta app for backend
  2. Okta spa app
  3. Okta web app

The Okta spa app is able to use the access token it got and pass to Okta app for backend and the token is validated. However, the Okta web app access token when passed to Okta app for backend, could not be validated, thus token is not valid.

Anyone know the proper setup for the Okta web app so where its access token can be validated against the Okta app for backend?

Was the access token passed with bearer authentication to the back end server?

Did the backend server reject the access token because it wasn’t a valid JWT?

Did the backend server reject the access token because it came from a random other identity provider that it is not configured to trust?

Had the access token expired? Did the web server need to use a refresh token and was it configured to do so?

Was it a problem with the claims in the JWT?

Have you registered the client id correctly to start with?

I guess you are using Scala for this, but how do you connect with Okta - via Spring or hand-rolled code?

I don’t know your level of familiarity with OAUTH/OIDC - I’m a rank amateur myself, so if these questions don’t make sense, try reading this and branching out from there: https://developer.okta.com/blog/2023/04/04/spa-auth-tokens. That is for SPA but it sets the stage.

Otherwise you’ll have to wait for someone more experienced to help you - I imagine other groups will specialise in this subject, is there an Okta or general OAUTH group out there?

1 Like