- Login to the Okta console
- Click on "Create App Integration"
- Select "API Services"
- Provide a relevant name to the app and click on "Save"
- Copy the "Client ID" and the "Client Secret"
- From the main navigation, go to Security > API
- Edit the "default" authorization server
- Navigate to "Scopes" and click on "Add Scope"
- Add a scope with any name for testing. Keep the checkboxes at the default state
- Export the following environment variables:
- OKTA_DOMAIN=<PUT_OKTA_DOMAIN_HERE> (Example:
dev-xxxx.okta.com
)
- OKTA_CLIENT_ID=<PUT_OKTA_CLIENT_ID_HERE>
- Run the app using
yarn start
- To test the webhook, we need to obtain a valid JWT first which can be received from the Okta Auth Server
- Use the following command to obtain a JWT from Okta
curl --location 'https://<OKTA_DOMAIN_HERE>/oauth2/default/v1/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=<CLIENT_ID_HERE>' \
--data-urlencode 'client_secret=<CLIENT_SECRET_HERE>' \
--data-urlencode 'scope=<SCOPE_ADDED_ABOVE>' \
--data-urlencode 'issuer=https://<OKTA_DOMAIN_HERE>/'
- If the provided details are correct, the response should have an
access_token
- Copy this and invoke the webhook route, passing the
access_token
as a "Bearer Auth" as shown belo
curl --location 'http://localhost:3000/auth/webhook' \
--header 'Authorization: Bearer <ACCESS_TOKEN_HERE' \
--header 'Content-Type: application/json' \
--data '<ANY_JSON_PAYLOAD_HERE>'
- If the token is correct, you should receive a successful response, else a 401