I need to authorize the IOT devices that do not have a UI but are able to call some APIs after being authorized by OKTA. I have the list of devices that needs to be authenticated for calling APIs. So I went through the device code flow documentation
OKTA Playground But I am not able to understand How come the POST https://authorization-server.com/device
client_id={CLIENT_ID} will work and how this endpoint be hosted on the okta authorization server.
Please Help!
Okta currently doesn't have device flow implemented in GA, it's only in EA, I believe. So in case you want to follow it, here is the link - https://developer.okta.com/docs/reference/api/oidc/#device-authorize