OKTA Auth0 Client Integration Guide

Owned by Abhineet Mittal
Last updated: yesterday at 7:35 pm by Abhineet Mittal
1 min read

Overview

The USTA API uses Okta as an identity provider organized using the OAuth2 access model. Web and mobile applications interact with Okta using https.

Grant Types - Okta

Applications can use one of two OAuth2 grant types:

  • Authorization Code used for browser applications where the user authenticates as themselves.

  • Client Credentials used for server-side applications where the service authenticates as the service and establishes a session.

Credentials

After discussion with the USTA API team, USTA will issue credentials for the appropriate grant type to the application developers.

API Endpoints

Stage Domain Name: Replace {OKTA_DOMAIN} with stage-account-auth0.usta.com

 

Okta (Target)

Cognito (Legacy)

Authorize endpoint

Method: GET

URL: https://{OKTA_DOMAIN}/authorize

Parameters:

  • client_id={client_id}

  • response_type=code

  • scope=openid offline_access

  • redirect_uri={client_redirect_uri}

  • audience={resource_server_identificator}

  • organization={organization_id}

  • state={state}

Method: GET

URL: https://{USTA_SERVICES}/dev/v1/oauth2/authorize

Parameters:

  • redirect_uri={client_redirect_uri}

  • state={state}

Token endpoint

(Authorization code flow)

Method: POST

URL: https://{OKTA_DOMAIN}/oauth/token

Headers:

  • Authorization='Basic {client_id&client_secret}'

Body:

  • client_id={client_id}

  • grant_type=refresh_token

  • refresh_token={refresh_token}

Method: POST

URL: https://{USTA_SERVICES}/dev/v1/oauth2/token

Headers:

  • Authorization='Basic {client_id&client_secret}'

Body:

  • client_id={client_id}

  • grant_type=refresh_token

  • refresh_token={refresh_token}

Token endpoint

(Client credentials flow)

Method: POST

URL: https://{OKTA_DOMAIN}/oauth/token

Body:

  • grant_type=client_credentials

  • client_id={client_id}

  • client_secret={client_secret}

  • audience={resource_server_identificator}

Content-type: x-www-form-urlencoded

Method: POST

URL: https://{USTA_SERVICES}/dev/v1/oauth2/token

Headers:

  • Authorization='Basic {client_id&client_secret}'

Body:

  • client_id={client_id}

  • grant_type=client_credentials

Refresh token endpoint

Method: POST

URL: https://{OKTA_DOMAIN}/oauth/token

Parameters:

  • client_id={client_id}

  • grant_type=refresh_token

  • refresh_token={refresh_token}

Method: POST

URL: https://{USTA_SERVICES}/dev/v1/oauth2/token

Parameters:

  • client_id={client_id}

  • grant_type=refresh_token

  • refresh_token={refresh_token}

Logout endpoint

Method: GET

URL: https://{OKTA_DOMAIN}/v2/logout

Parameters:

  • client_id={client_id}

  • returnTo={logout_uri}

Method: GET

URL: https://{USTA_SERVICES}/dev/v1/oauth2/logout

Parameters:

  • logout_uri={logout_uri}

  • state={state}

Userinfo endpoint

Method: GET

URL: https://{OKTA_DOMAIN}/userinfo

Headers:

  • Authorization='Bearer {ACCESS_TOKEN}'

Method: GET

URL: https://{USTA_SERVICES}/dev/v1/oauth2/userInfo

Headers:

  • Authorization='Bearer {ACCESS_TOKEN}'

Forgot password endpoint

Not directly supported by OKTA. Flow needs to be changed https://community.auth0.com/t/feature-request-allow-a-direct-link-to-forgot-password/60754

Method: GET

URL: https://{USTA_SERVICES}/dev/v1/forgotPassword

Parameters:

  • redirect_uri={client_redirect_uri}

  • state={state}

 

Signup endpoint

Method: GET

URL: https://{OKTA_DOMAIN}/authorize

Parameters:

  • client_id={client_id}

  • response_type=code

  • scope=openid offline_access

  • redirect_uri={client_redirect_uri}

  • audience={resource_server_identificator}

  • organization={organization_id}

  • state={state}

  • screen_hint=signup

Method: GET

URL: https://{USTA_SERVICES}/dev/v1/oauth2/signup

Parameters:

  • redirect_uri={client_redirect_uri}

  • state={state}

Login endpoint

Method: GET

URL: https://{OKTA_DOMAIN}/authorize

Parameters:

  • client_id={client_id}

  • response_type=code

  • scope=openid offline_access

  • redirect_uri={client_redirect_uri}

  • audience={resource_server_identificator}

  • organization={organization_id}

  • state={state}

Method: GET

URL: https://{USTA_SERVICES}/dev/v1/oauth2/login

Parameters:

  • redirect_uri={client_redirect_uri}

  • state={state}

Get Customer endpoint

https://stage2-services.usta.com/v1/customers/me

 

Post Customer endpoint

https://stage2-services.usta.com/v1/customers

 

 

On This Page:

Subtopics:

 

Â