Express API Quickstart Sample Code for Integrating with Okta

This repository contains a sample of protecting API endpoints in a custom resource server using a custom authorization server in Okta. The code example is a Node Express API.

The sample uses the Okta JWT Verifier SDK. Read more about getting started with Okta and authentication best practices on the Okta Developer Portal.

This code sample demonstrates

• Configuring Okta
• Protecting routes
• Verifying the JWT

Getting started

To run this example, run the following commands:

git clone https://github.com/okta-samples/okta-express-api-quickstart.git
cd okta-express-api-quickstart
npm ci

Create an OIDC organization in Okta

Create a free Okta Developer account to create your Okta organization. You can do this through the Okta CLI or through the Okta Developer admin dashboard.

When using the Okta CLI run the following command:

okta register

Ensure that your default custom authorization server has an access policy. Add an access policy if it's not there. See Create access polices.

You will need your Okta domain and Audience.

Update server.js with your Okta settings.

const oktaJwtVerifier = new OktaJwtVerifier({
    issuer: 'https://{yourOktaDomain}/oauth2/default'
});
const audience = 'api://default';

Start the app by running

npm start

Use your favorite HTTP Client to call the API. For authenticated calls, follow the steps in Send a request to your API endpoint using Postman of the quick start.

Helpful resources

• Learn about Authentication, OAuth 2.0, and OpenID Connect
• Get started with Express

Help

Please visit our Okta Developer Forums.