Hi egrabs, I’ve managed to move mine on a bit so thought I’d share my issue.
My thinking of how Okta works was a little off. I was thinking I create the app, I have my client ID and secret to do the integration and other orgs would just “add it”.
In fact an app on their OIN is essentially the just information required to create an instance of the app. So when they “add it”, it creates their own client ID and secret, which will be different for every organisation. So, in my case anyway, they were asking what information I needed, it was their client ID and secret (as well as the issuer in my case). They added my app to their org, which created those credentials, and they sent them to me to use when getting a user to login or or exchanging for a token.
What really made it click for me was seeing what an organisation goes through to add the app. Here is a link to our (still unapproved by Okta) configuration guide, which may help: https://docs.google.com/document/d/1pF2Dp3cmGjOWuR0OwRaML--2160EFA5YT51SuHp8l84/edit?usp=sharing (at time of writing it’s still no approved so you won’t actually be able to find our app, but should give you an idea)
I found the whole process very painful and frustrating, and not much support from their side. Getting information from them was difficult. If none of that makes sense, I’m happy to discuss more as I wish I could have got 10min of someones time a week or so ago which would have saved me SO much time!