h1sr5 (h1sr5) asked a question.
We need to read users in Okta directory of an organization. For that we are asking for access token with permission okta.users.read we created a dev account & implemented the OAuth client for that account. It is in working condition. Now we want this application to be used by multiple tenants of Okta.
e.g. tenant be like exampleone.okta.com, exampletwo.okta.com
So our OAuth client makes authorize requests to domain based server, i.e. https://{TENANT_OKTA_DOMAIN}/oauth2/v1/authorize
For above domains it will be,
https://exampleone.okta.com/oauth2/v1/authorize
https://exampletwo.okta.com/oauth2/v1/authorize
But when we request for OAuth for accounts which are external to us we get 400 bad request. For our dev account it works.
So my questions are,
How do we create a global OAuth client which works across the different domains?
Do we need to submit application for review to OKta to be able to access other domains?
Hi Prashant,
Okta does not currently offer an option to set a global OIDC client to be used together with the OAuth for Okta feature.
The Okta Integration Network OIDC applications are published in order to assist customers in performing single sign-on and authenticating to service provider applications.
I'd like to encourage you to raise this as a new feature request over our Okta Community by going to your Okta Admin Panel >> Help and Training >> Product >> Ideas. Features suggested in our community are reviewed and can be voted and commented on by other members of the community, therefore making it much easier for the engineering team to understand the priorities that you have for feature requests.
Once feature requests are submitted they are visible to other Okta admins, who can vote on them to provide more visibility. Using this method will allow you to maintain visibility on your feature requests throughout the process.
Dragos Gaftoneanu
Developer Support Engineer
Okta Global Customer Care