Default Authorization Server

I am new to OKTA. I want to secure my API with Token. This token I am getting from OKTA in dev account. There is just one Authorization Server that is default.

I wanted one clarification on OKTA Authorization Server. What is the use of https://{domain account}/oauth2/default url? Why this gets created by default? Can we get token without calling this url? What if I deactivate this default url without creating any other Authorization Server url?

Hi @saroj641 - first, welcome to Okta!

Okta provides the default authorization server as a convenience, but you are not obligated to use it. However, if you are planning to secure your api with access tokens you will want to use this default server or create another custom auth server.

This is because our custom auth servers are designed for use with OAuth API Access Management. Technically you can receive tokens from your Okta org itself and ignore the custom auth servers, but that flow only supports OIDC which most likely is not pertinent to your use case. Here’s a good article explaining the differences in more detail:

https://support.okta.com/help/s/article/Difference-Between-Okta-as-An-Authorization-Server-vs-Custom-Authorization-Server?language=en_US

TL;DR: You don’t HAVE to use the default auth server but for your use case you probably should.