We are building a security product which has a browser extension component. We want to be able to authenticate only those requests which are coming from a browser with the extension installed. I have gone through the documentation and it seems if we user saml assertion with inline hooks we should be able to do it. But we have tried multiple ways and not able to get the inline hook to be working properly. So if we can get some guidance on how to achieve the functionality we want, it would be helpful.
We want to be able to call our custom API after okta verification and the final verdict that whether the user can access the app or not will be determined by the custom API.
I found this blog which talks about a similar scenario (Enforcing Device AuthN & Compliance at Pinterest | by Pinterest Engineering | Pinterest Engineering Blog | Medium). They are also doing some more tasks and based on that altering the verdict.
Any help is appreciated.