openid-connectoktaokta-apioauth2-proxy

OKTA: Validating clientId and clientSecret for OIDC configuration in Okta


I want to test the Okta clientId and clientSecret provided by customer for OIDC configuration in my application. The only API I see helpful is the token API ({issuerURI}/oauth2/default/v1/token) but this API requires the admin to create a custom scope for the authorization server to be passed as value for "scope" parameter along with "grant_type: client_credentials". This impacts the user experience. The existing default scopes such as "openid, email, profile" etc. do not work with "client_credentials" grant_type. Is there a way to validate the clientId and clientSecret?


Solution

  • The only way to validate client_id/secret is to try to authenticate and get a token.

    As there is no user involved, you don't use the classic openid or email scopes, because the client_credentials flow is only for machine-to-machine communication and in this flow you don't need any user details.

    You can configure the backend to include custom claims if you need to.