We think you might be interested in this job:
Can you imagine having to give Spotify your Facebook login information for just an email address?! How can we delegate some degree of access to a third party entity without having to provide login credentials?
Knowing Teleport is expecting an authorization code, Okta will send the user back to the redirect URL with the code and the state parameter that was passed.
Two additional parameters are present: This exchange happens through a post request that will look something like: Using the client_secret and code, Okta is able to verify the Teleport client’s request and issues a JSON payload encoded with the bearer token, an expiry time, and perhaps a refresh token.
Given our chosen scopes of openid and email, we can expect the JSON payload to read as: Now that we have obtained the access token, all that is left is to make an API request on behalf of the Teleport user and receive the resources desired.