Hello Andreas,
Many thanks for your answer.
Though, I don’t understand, considering that the login page is public and the user not identified, how does the application can build the authorize URL toward the proper tenant (customersOktaDomain) ?
For the same flow, with OIDC SSO integration with Microsoft, the end user is carried to the global authorize URL:
https://login.microsoftonline.com/common/oauth2/authorize?client_id=<app_id>&nonce=xxx&state=yyy&redirect_uri=<redirect_uri>&response_type=code%20id_token&scope=openid%20profile%20email
It seems that Okta hasn’t got such global URL as far as I have seen. What flow do you suggest to find out the proper tenant for the authorize request ?