In your Okta developer portal, go to the Applications item under the Applications menu, then click Create App Integration.
Select the OIDC - OpenID Connect sign-in method, select Native Application as the application type, then click Next.
Enter the following information:
Name: WorkflowGen CLI
Grant type: Check Authorization Code and Refresh token
Sign-in redirect URIs: Define the URL as http://127.0.0.1:8888/callback
✏️ Note: Port 8888 is defined by default; you can change it if it's already in use on your computer.
Sign-out redirect URIs: Don't define a URL. Clear the field if there's a default value.
Controlled access: Check Allow everyone in your organization to access
Click the Save button.
If you've configured delegated authentication to Okta on your WorkflowGen server, you should have an access policy on your Okta authorization server from the WorkflowGen GraphQL API that will allow all configured users to access it; there's nothing left to do on the Okta side. Here's a summary of the information you'll need:
A client ID, which can be found on the General tab on the WorkflowGen CLI native application's page.
A metadata endpoint, which consists of the value of Metadata URI property from the Settings tab of your WorkflowGen GraphQL API authorization server with /.well-known/oauth-authorization-server replaced by /.well-known/openid-configuration.
All of this information must be given to users who will be using the WorkflowGen CLI.
The configuration of non-interactive mode is the same as in the Okta configuration for server-side scripts section.
Here's a review of the information of the information you'll need:
A client ID, which can be found on the registered application's parameters tab.
A client secret, which can be found on the registered application's parameters tab.
The domain, which can be found on the registered application's parameters tab.
You can now use the WorkflowGen CLI in Client credentials mode.
