Okta-react issuer URL

We are using Okta React SDK to enable SSO to our APP for our customers using OIDC.

We have customers with different issuer/clientIDs, and the React-SDK requires us to pass in these values up-front. What should be the issuer URL passed to the okta-react SDK for each customer?

  1. Org Auth Servicer? https://${customerOktaOrg}/
  2. Default Custom Auth server? https://${customerOktaOrg}/oauth2/default
  3. Other Custom Auth server? https://${customerOktaOrg}/oauth2/<server-id>

On 1, we won’t be able to validate tokens locally as public keys are not available for Org Authorization Servers. 2 doesn’t seem to be available for some companies (https://.okta.com/oauth2/default/v1/keys). Finally, If we go with 3, how do we obtain their server-id? Ask each of our customers for server-id during setup?

Any help is much appreciated, as we are not able to get answers from React-SDK docs.

Hi @vahed

The issuer varies depending if the customers have API Access Management feature on their Okta tenants. This feature gives the possibility to create custom authorization servers in the form of https://${customerOktaOrg}/oauth/<id>. When enabling the feature for the first time, the default custom authorization server is created with the URL similar to https://${customerOktaOrg}/oauth/default.

If you would like to accept the org authorization server https://${customerOktaOrg} then, in order to verify the tokens, you would need to send the token to the /introspect endpoint of the authorization server as detailed here.