I have an application in which backend is in Java SpringBoot 2.5.2 and front end in angular 8.
Front end application is hosted on nginx and the same is authenticated using OKTA SSO and backend is running in springboot integrated tomat.My UI is communicating to backend through rest-api. As of now there is no security for backend rest-api calls.I thought of using JWT for securing rest-api requests but I am not able to as I don't want to users to enter user name and password 2 times (1st time for OKTA authentication). Kindly suggest how to secure my backend api.
Secure Java SPringboot backend application api requests