This repository contains a working example of a NestJS web app that requests resources from a third-party app within a trust domain using the xaa.dev testing site. Please read Make Secure App-to-App Connections Using Cross App Access for a detailed guide through.
Required tools
- Node.js LTS version (v22 or higher at the time of this post)
- Command-line terminal application
- A code editor/Integrated development environment (IDE), such as Visual Studio Code (VS Code)
- Git
To run this example, run the following commands:
git clone https://github.com/oktadev/okta-nestjs-xaa-requestor-example.git
cd okta-nestjs-xaa-requestor-example
npm ciRegister a client application that uses xaa.dev's Identity Provider (IdP) and resource app by following the instructions on the Client Registration page.
Duplicate the .env.example file and rename it to .env.
Save your client_id and client_secret as values within the .env file.
Double check that the defined URL for the IDP, auth server, and todo resource server.
Serve the app
npm startNavigate to localhost:3000 to view the app.
You'll see logging of the token exchange in the console and a list of todos in a side panel after authenticating.
This example uses the following OAuth specs and resources:
Please post any questions as comments on the blog post, or visit our Okta Developer Forums.
Apache 2.0, see LICENSE.