1. Create 2 APIs. One API authorized by JWT (let's name it Payment API) and the other is Authentication token (let's name it noop).
2. Create 3 Policies.
Product policy for Payment API
Plan policy for Payment API
Create a No Operation Policy for noop API
3. Edit the Payment API and add the No Operation Policy as Default Policy. Then configure the Scope Mapping and add claim names for plan and product policy. Note to use 'scp' as scope name. These claim name will be set in the OKTA on the next steps.
4. In OKTA, go to Security > API > Edit the default Authorization server:
5. Go to Scope and add scope for free_plan and payment_product. The one you set in your Payment API:
6. Open this link in your browser or you can make a curl then take note of the value of jwks_uri .
https://{oktadomain.com}.com/oauth2/default/.well-known/openid-configuration
7. Open your Payment API, then put the value of jwks_uri in the Public Key. Make sure that the authorization server name (default) is included.
8. Take note of your OIDC URL and token that you will set in your Enterprise Portal later
OIDC URL: {oktadomain.com}/oauth2/default/.well-known/openid-configuration
Registration Access Token: Okta Admin Console → Security → API → Tokens → create new
9. In your Enterprise Portal Admin, Add an OAuth2.0 Provider. This is where you put the OIDC URL and token generated above.
10. Scroll down and then create a client type with the following values:
11. Make sure you synchronized your Portal with the Dashboard Providers so that the Products and Plans will appear on Portal.
12. In your API Products, set up the Payment Product with your chosen Catalogue and OAuth2.0 Provider Config as below:
13. In your Plans, edit the Free Plan and put the scope free_plan on it as seen below:
14. In your LIVE PORTAL CATALOGUE, you can now request access to product and plan and put it in the selected Apps. Once it was in the app, You'll see a client ID and secret will be generated:
15. In order to access the Payment API we need to generate a JWT for us to supply on its authorization. We can do this by making a token request to Okta on this endpoint
Follow the payload below:
16. Then You can use this access_token as the value of your Authorization :
Comments
0 comments
Please sign in to leave a comment.