OKTA Auth0 Client Integration Guide

Overview

The USTA API uses Okta as an identity provider organized using the OAuth2 access model. Web and mobile applications interact with Okta using https.

Grant Types - Okta

Applications can use one of two OAuth2 grant types:

  • Authorization Code used for browser applications where the user authenticates as themselves.

  • Client Credentials used for server-side applications where the service authenticates as the service and establishes a session.

Credentials

After discussion with the USTA API team, USTA will issue credentials for the appropriate grant type to the application developers.

API Endpoints

Stage Domain Name:

 

Okta (Target)

Cognito (Legacy)

Authorize endpoint

Method: GET

URL: https://{OKTA_DOMAIN}/authorize

Parameters:

  • client_id={client_id}

  • response_type=code

  • scope=openid offline_access

  • redirect_uri={client_redirect_uri}

  • audience= {AUDIENCE}

  • organization={organization_id}

  • state={state}

Method: GET

URL: https://{USTA_SERVICES}/dev/v1/oauth2/authorize

Parameters:

  • redirect_uri={client_redirect_uri}

  • state={state}

Token endpoint

(Authorization code flow)

Method: POST

URL: https://{OKTA_DOMAIN}/oauth/token

Headers:

  • Authorization='Basic {client_id&client_secret}'

Body:

  • client_id={client_id}

  • grant_type=refresh_token

  • refresh_token={refresh_token}

Method: POST

URL: https://{USTA_SERVICES}/dev/v1/oauth2/token

Headers:

  • Authorization='Basic {client_id&client_secret}'

Body:

  • client_id={client_id}

  • grant_type=refresh_token

  • refresh_token={refresh_token}

Token endpoint

(Client credentials flow)

Method: POST

URL: https://{OKTA_DOMAIN}/oauth/token

Body:

  • grant_type=client_credentials

  • client_id={client_id}

  • client_secret={client_secret}

  • audience= {AUDIENCE}

Content-type: x-www-form-urlencoded

Method: POST

URL: https://{USTA_SERVICES}/dev/v1/oauth2/token

Headers:

  • Authorization='Basic {client_id&client_secret}'

Body:

  • client_id={client_id}

  • grant_type=client_credentials

Refresh token endpoint

Method: POST

URL: https://{OKTA_DOMAIN}/oauth/token

Parameters:

  • client_id={client_id}

  • grant_type=refresh_token

  • refresh_token={refresh_token}

Method: POST

URL: https://{USTA_SERVICES}/dev/v1/oauth2/token

Parameters:

  • client_id={client_id}

  • grant_type=refresh_token

  • refresh_token={refresh_token}

Logout endpoint

Method: GET

URL: https://{OKTA_DOMAIN}/v2/logout

Parameters:

  • client_id={client_id}

  • returnTo={logout_uri}

Method: GET

URL: https://{USTA_SERVICES}/dev/v1/oauth2/logout

Parameters:

  • logout_uri={logout_uri}

  • state={state}

Userinfo endpoint

Method: GET

URL: https://{OKTA_DOMAIN}/userinfo

Headers:

  • Authorization='Bearer {ACCESS_TOKEN}'

Method: GET

URL: https://{USTA_SERVICES}/dev/v1/oauth2/userInfo

Headers:

  • Authorization='Bearer {ACCESS_TOKEN}'

Forgot password endpoint

Not directly supported by OKTA. Flow needs to be changed Feature Request: Allow a direct link to forgot password

Method: GET

URL: https://{USTA_SERVICES}/dev/v1/forgotPassword

Parameters:

  • redirect_uri={client_redirect_uri}

  • state={state}

 

Signup endpoint

Method: GET

URL: https://{OKTA_DOMAIN}/authorize

Parameters:

  • client_id={client_id}

  • response_type=code

  • scope=openid offline_access

  • redirect_uri={client_redirect_uri}

  • audience= {AUDIENCE}

  • organization={organization_id}

  • state={state}

  • screen_hint=signup

Method: GET

URL: https://{USTA_SERVICES}/dev/v1/oauth2/signup

Parameters:

  • redirect_uri={client_redirect_uri}

  • state={state}

Login endpoint

Method: GET

URL: https://{OKTA_DOMAIN}/authorize

Parameters:

  • client_id={client_id}

  • response_type=code

  • scope=openid offline_access

  • redirect_uri={client_redirect_uri}

  • audience= {AUDIENCE}

  • organization={organization_id}

  • state={state}

Method: GET

URL: https://{USTA_SERVICES}/dev/v1/oauth2/login

Parameters:

  • redirect_uri={client_redirect_uri}

  • state={state}

Get Customer endpoint

https://stage2-services.usta.com/v1/customers/me

 

Post Customer endpoint

https://stage2-services.usta.com/v1/customers

 

 

On This Page:

Subtopics:

 

Â