Okta Flask Integration

I want to protect my Flask REST endpoints using Okta and OpenID connect.

I have seen how to do it for routes that are views of the application, but is there a way to integrate Okta with REST endpoints? When I make calls to my API, I get the html for Okta as a response, even if I'm logged in in the browser.

Python 24-10-20, 3:11 p.m. junnusipra
Hi Junnu, to get Responses from Okta, you need it to configure. it easy as Routes. Iam providing an article on Okta Training Tutorial. in this article you will know how to integrate Okta with REST.
21-04-21, 3:46 p.m. sudheerpatel

Thanks for the topic of this article, let me share it with everyone. And I want to share a little bit about entertainment games. Game geometry dash is a rhythm-based action game with lots of levels and great music from Dex Arson Waterflame and F-777 Play daily quests and earn rewards Play online levels created by the Geometry community Dash.
20-01-22, 3:09 p.m. Ceridwen

I appreciate your article, do you like and download geometry dash apk gratis like me and everyone?
26-07-22, 9:15 a.m. AlAbbott

Yes, it is possible to protect your Flask REST endpoints using Okta and OpenID Connect. To do this, you can use the Okta JWT Verifier library to verify the access tokens provided by Okta in your REST API calls. Here's an overview of the steps you'll need to follow:
  1. Configure your Okta application to use OpenID Connect and ensure that you have set the proper audience and scopes for the access token. You'll need to update the Redirect URIs and Logout URLs of your application with the endpoint of your REST API.
  2. In your Flask REST API, add the flask_jwt_extended and okta_jwt_verifier libraries to your project. flask_jwt_extended will be used to protect your endpoints and okta_jwt_verifier will be used to verify the access tokens provided by Okta.
  3. Initialize the Okta JWT Verifier library by specifying your Okta issuer URL and audience.
  4. Protect your endpoints using the @jwt_required decorator provided by flask_jwt_extended. This decorator will ensure that only authenticated users with a valid access token can access your protected endpoints.
  5. In the protected endpoint, use the get_jwt_identity() function provided by flask_jwt_extended to get the user identity from the access token. This function returns the sub claim of the JWT, which is the unique identifier of the authenticated user.
Here's an example code snippet to give you an idea of how this works:
from flask import Flask, jsonify
from flask_jwt_extended import JWTManager, jwt_required, get_jwt_identity
from okta_jwt_verifier import JWTVerifier
app = Flask(__name__)
app.config['JWT_SECRET_KEY'] = 'mysecretkey'
app.config['JWT_ACCESS_TOKEN_EXPIRES'] = 3600
jwt = JWTManager(app)
verifier = JWTVerifier({
'issuer': 'https://{yourOktaDomain}/oauth2/default',
'audience': '{yourOktaClientId}'
def protected():
user_id = get_jwt_identity()
# Do something with the user_id
return jsonify({'message': 'This is a protected endpoint.'})
def home():
return 'Hello, world!'
def verify_jwt():
if 'Authorization' in request.headers:
token = request.headers.get('Authorization').split(' ')[1]
if __name__ == '__main__':
In this example, the @jwt_required decorator is used to protect the /api/protected endpoint. The get_jwt_identity() function is used to get the user identity from the access token. The verify_jwt() function is used to verify the access token in each request header, and will return a 401 error if the token is invalid. Note that the verify_jwt() function is using Flask's before_request decorator to run the verification code for each request. This ensures that every request to the API endpoint is validated.
25-04-23, 3:19 p.m. veerablog

Log-in to answer to this question.