Auth Server change for authorization code + pkce


Do I need to make any change in the default authorization server to handle OIDC authorization code + PKCE? Or is it better that I create a separate authorization server to handle that? What configuration changes should I make?

Thanks in advance for you help!


Hi Wei,

The Default authorization server doesn’t need any changes. You can also use the standard authorization server.

If you are not going to use the standard authorization server however, it is best practice to create a separate authorization server for each OIDC app.

Hope that helps,

Thank you for the advice Ryan! Sorry I am new to Okta. What’s the difference between default authorization server and the standard authorization server?


mostly licensing.
The standard OAuth server is included in the Single Sign-On product, while the default, and all custom OAuth servers are part of the API Access Management product.

If you are already paying for SSO licenses, use the standard server, If you are primarily using API Access Management licenses, then use a custom server.


Got it. Thank you very much for the clarification Ryan!