I was mentioning about
-> Users, who use the apps built by these developers.

Here:
Developer -------------------------------> The persons who are our clients and they are using our apis to build their applications.

how do we authenticate them?

Sorry, again. I am still not clear. Which are you talking about? When you say "how do we authenticate THEM?" - does the THEM refer to Developers? or users?

Developers authenticate to the developer portal. You can use Okta or other IdP here.  From the developer portal experience, the developers provision and obtain app credentials. After downloading credentials, they can build apps that use those credentials to that consume your APIs. 

The apps, at runtime, do not authenticate the developer.  The apps carry credentials that have been inserted by the developer, but there is no authentication of the developer as a user, happening inside the app when the app executes. The developer could be sleeping, or surfing, or at the top of Mount Kilimanjaro with no access to internet. But the app still executes.  There is no authentication of the developer at runtime. The USER may authenticate.  Depending on the design of the app and the APIs, the user may authenticate with Okta, using a 3-legged OAuth flow.  In addition to authenticating the end user, the token dispensary will also validate the app credentials that were obtained by the developer. But that is not the same as authenticating the developer. There is a subtle difference here, I hope you get it.  At that point the app will have an ID token and an access token for the user. 

The example I linked to earlier, shows this. Shows how to embed Apigee into a 3-legged oauth flow for USERS. Have you looked at that example?