OKTA – New Feature: API Access Management

Q: What grant types or OAuth flows do you support?
A: Currently we the Implicit or Hybrid flow which is ideal for mobile devices. The Authorization Code flow which people are the most familiar with and finally the Resource Owner Password flow. On the internal or server to server side, we support client credential grant type.
Q: Can I create custom Scopes and Claims?
A: Yes, you can create any Scopes and Claims you need to support your application. You can even have group-specific Scopes so your Legal and Marketing teams have completely different permissions.
Q: What is the lifetime of an Access Token?
A: That is mostly up to you. Our default is one hour but the minimum is 5 minutes and the maximum is 24 hours.

Leave a Reply

Your email address will not be published. Required fields are marked *