In the second tutorial of the Kong and Okta series, the focus is on implementing the authorization code flow for user authentication using the OpenID Connect (OIDC) plugin with Kong Konnect and Okta. The process involves setting up an authorization code flow where users are redirected to Okta for authentication and returned to Kong with an authorization code token. This token is then validated and exchanged for an identity token via Okta's token endpoint. The tutorial guides users through configuring services and routes in Konnect, setting up an Okta application, and applying the OIDC plugin to protect routes. Testing involves redirecting users to Okta for credential verification and ensuring successful authentication before consuming the API. Additional guidance is offered for protecting applications using Kong Konnect and Okta, with references to further tutorials on API gateway governance and security.