CPQ REST API Authentication in VBCS
We have a requirement where CPQ REST-based web service needs to be authenticated in VBCS mobile application.
Currently, VBCS offers OAuth 2.0 user assertion which essentially stamps IDCS token to be verified by a third-party application. In our case CPQ (third party application) is not federated via IDCS for SSO access instead it is directly connected to Okta which is the enterprise-level SSO platform for all applications. Since CPQ cannot see the scope of IDCS stamped token coming from VBCS how to make this authentication happen? We cannot use service accounts as well in CPQ to leverage the 'Basic Authentication feature because the API requires it to be authenticated by the actual user (basically the API is