Using the OAuth 2.0 framework provides better security than Basic Authentication, and is less work than setting up an IP allowlisting solution. A new Key Management API and Admin Console page is also available to create public/private key pairs for use with OAuth 2.0 inline hooks.
When creating inline hooks in the Admin Console (or by API), administrators or developers can now select OAuth 2.0 authentication and choose between two methods of OAuth 2.0: Client Secret or Private Key. Tokens ensure secure calls to external web services. To improve the security of inline hooks, Okta now supports authentication with OAuth 2.0 access tokens. Although sent with SSL, the header or custom header authentication didn’t meet more stringent security requirements for various clients and industries. Okta inline hook calls to third-party external web services previously provided only header-based authentication for security. OAuth 2.0 authentication for inline hooks
0 kommentar(er)
