Ok, I’m hitting a roadblock, and feel like I may have made a bad assumption somewhere. If anyone can tell me if I’ve gotten this wrong, then please let me know where and how. (Or if this should work, then that’s good to know as well.)
I’m trying to make an integration that helps automate Okta for me. (Imagine a slackbot that you can talk to in order to add people to Okta groups, so they can get access to apps.)
- I’ve picked up a Okta dev instance. (dev-xxxxx.okta.com)
- I’ve created an application within my dev instance.
- For signon with my new app, I setup OpenID
- I added
okta.groups.manageto the Okta API Scopes for my app (along with a few others.)
- I tested that I can trigger a call to https://dev-xxxxx/oauth2/v1/authorize?bunch_of_args&scope=offline_access+okta.groups.manage+… and log in this way.
- I’ve tested that afterward, the resulting app can in fact add people to groups, and do the things I want it to.
- I want to publish this cool integration for other people on OIN Partner
- I ask my buddy to help me test
- When I trigger a call to my buddy’s dev instance: https://dev-yyyyyy/oauth2/v1/authorize?all_the_same_args I get a mysterious 400 and no detail.
So I’m kinda stumped.
Is this just something that shouldn’t work?
Is distributing apps to OIN that use the Okta API not a thing?
Does my buddy need to manually add my app into their instance somehow?
Do I need to add some extra args to the authorize call when it’s not my original dev instance of Okta?