Consider application 'X' is configured to use IDCS Component for authentication. Another application 'B' is configured to use Okta for authentication. Now, IDCS and Okta are configured in an SSO such that IDCS is the service provider and Okta is IDP. Is there a way a user logged into application 'B' can hit an API on application 'X' in terms of auth? I am expecting the auth to be handled by SSO. Application B can have whatever token generation logic is needed to do this and I am open to using SAML or OIDC. I think I will need to add the scopes of both the apps for inter-communication. Note that both are my products and I have taken care of cors and other security issues. Also, these apps will talk during the runtime so I don't expect the end-user to enter the password again.
I have tried using OIDC for now. The access tokens are successfully generated via /token API of OKTA but when I am using that token to invoke the application x API, let's say /users, it keeps throwing 401, authentication error. I thought maybe I could try as - https://${yourOktaDomain}/sso/idps/<IDP_ID>?redirectUrl=<LAND_HERE_AFTER_SSO_WITH_IDP> but it ended up as page not found.
Hopefully, I was able to explain. To summarize, I have an OKTA access token and I can invoke the OKTA APIs but am unable to invoke the API of the application which is a service provider for the OKTA. I am trying this via POSTman.
Any help or input will be appreciated. Thank you.