
PhilipS.55984 (Customer) asked a question.
Hello there everyone,
I wanted to use the function in okta workflows 'Search System logs'. For that I needed to grant the okta.logs.read scope.
Now as far as I know, having granted the needed okta api scope, I have to reauthorize the Okta application in the Workflows > Connections.
I then received the warning that this will affect my already existing workflows which makes sense.
What steps do I need to take before or after reauthorizing so that my already existing Workflows still work. Does it even matter having only added an okta api scope but not removed one?
Cheers,
Phil

@PhilipS.55984 (Customer) -- Performing a Re-Auth in the scenario you are describing is not going to cause any sort of "Connection issues". The warning is just there to consider that making changes could impact other flows (assuming you are taking away scopes). Adding additional scopes is just granting more privilege than previously available.
So with Okta in general when you have OIDC apps (Such as Okta Workflows Oauth) the "Scopes" tab on the app is setting which scopes CAN be granted. The client making the request to setup the Oauth connection (Workflows - Okta connection) has a subset of scopes it will request (which is not all possible scopes).
The list can be found here:
https://help.okta.com/wf/en-us/content/topics/workflows/connector-reference/okta/overviews/guidanceforoktaconnector.htm
One last note: Performing a Reauthorization doesn't always immediately give you a new Access Token with the newly configured scopes. You may have to wait up-to about an hour for access token in use to expire and the Refresh_token to request a new access token with the updated grants.
If you want to test immediately I always recommend just making a new Okta connection after changing scopes. This will always immediately reflect your current settings.