Kong and Okta Authorization Code Flow

Okta and Kong Konnect Part 2: Applying Authorization Code Flow

In our second Kong Konnect and Okta tutorial, we’ll go through the authorization code flow applied to user authentication processes. Learn more about Konnect and start a free trial.

• Konnect and Okta Integration Topology (0:33)

• Authorization Code Flow (0:53)

• Okta Application Settings (2:00)

• Apply the OpenID Connect Plugin (2:47)

• Test the OpenID Connect Plugin (3:40)


How Does Authorization Code Flow Work?

The authorization code flow goes through the following steps:

1. A user tries to consume the API.

2. If the user doesn’t have a token injected, Kong redirects the user to Okta, the identity provider.

3. The user authenticates on Okta and is sent back to Kong with an authorization code token.

4. Kong validates the parameters and exchanges the authorization code token by calling Okta’s token endpoint.


Read the full tutorial blog post.


Contact us if you have any questions as you’re getting set up.