From 62da390194609f8f94c82ba15c1d3215f3090c6f Mon Sep 17 00:00:00 2001
From: Alisa <7586237+alisaduncan@users.noreply.github.com>
Date: Fri, 7 Feb 2025 13:52:33 -0800
Subject: [PATCH 1/2] use Org AS

---
 _source/_posts/2023-07-28-oidc_workshop.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/_source/_posts/2023-07-28-oidc_workshop.md b/_source/_posts/2023-07-28-oidc_workshop.md
index 4cb6354d95..cc9bc5df05 100644
--- a/_source/_posts/2023-07-28-oidc_workshop.md
+++ b/_source/_posts/2023-07-28-oidc_workshop.md
@@ -520,15 +520,15 @@ Open the model for `Org`, press the green **Add record** button, and press the g
   1. **Domain** - Enter the domain name of this organization. It should match the domain name of the email address they'll use. For example, if your customer's organization domain is `whiterabbit.fake`, the domain record is "whiterabbit.fake". Since we are testing with made-up customers, use the email domain you used when you signed up for the Okta Developer Edition organization.
   1. **Client ID** and **Client Secret** - Fill out the `client_id` and `client_secret` for the org with ID 1, using the values from Okta. 
   2. **Issuer** - In the "Security" section of the sidebar in the Okta Admin Console, navigate to **API**. This page lists the Issuer URI for the Okta organization, which goes into the app's database for that org as its `issuer`. 
-  3. **Authorization endpoint** and **Token endpoint** - On the same page in the Okta Admin console as the issuer, click the name of the default authorization server, find the **Metadata URI**. This URI will be of the form `your-dev-account-id.okta.com/oauth2/default/.well-known/oauth-authorization-server`. Click on the URI to open it in the browser where you will see data in JSON format. From this authorization server metadata, copy the `authorization_endpoint` to the `authorization_endpoint` field in your app's database. Copy the `token_endpoint` to the corresponding field in the database as well. 
+  3. **Authorization endpoint** and **Token endpoint** - On the same page in the Okta Admin console as the issuer, click the name of the default authorization server, find the **Metadata URI**. This URI will be of the form `your-dev-account-id.okta.com/.well-known/oauth-authorization-server`. Click on the URI to open it in the browser where you will see data in JSON format. From this authorization server metadata, copy the `authorization_endpoint` to the `authorization_endpoint` field in your app's database. Copy the `token_endpoint` to the corresponding field in the database as well. 
   4. **Userinfo endpoint** - To find the `userinfo_endpoint`, replace the string `oauth-authorization-server` in the metadata URL with `openid-configuration`, and copy the `userinfo_endpoint` from the resulting page to the database. 
 
 After this step, your database should contain the `client_id` and `client_secret` unique to the OIDC app that you made in Okta. All endpoint fields will start with the Okta organization's domain. 
 
 Check that each value is in the right database field. The subdomain of each URL will have your Okta dev account's ID in it, and: 
-- The `userinfo_endpoint` ends with `/oauth2/default/v1/userinfo`
-- The `token_endpoint` ends with `/oauth2/default/v1/token`
-- The `authorization_endpoint` ends with `/oauth2/default/v1/authorize`
+- The `userinfo_endpoint` ends with `/oauth2/v1/userinfo`
+- The `token_endpoint` ends with `/oauth2/v1/token`
+- The `authorization_endpoint` ends with `/oauth2/v1/authorize`
 
 Save the database changes in Prisma, and the first customer's OpenID configuration is ready to go! 
 

From 03cbc197d6d0fabf2f1c814fdf7f9e6dd151f773 Mon Sep 17 00:00:00 2001
From: Alisa <7586237+alisaduncan@users.noreply.github.com>
Date: Fri, 7 Feb 2025 14:28:58 -0800
Subject: [PATCH 2/2] review change

---
 _source/_posts/2023-07-28-oidc_workshop.md | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/_source/_posts/2023-07-28-oidc_workshop.md b/_source/_posts/2023-07-28-oidc_workshop.md
index cc9bc5df05..c2f883e9c3 100644
--- a/_source/_posts/2023-07-28-oidc_workshop.md
+++ b/_source/_posts/2023-07-28-oidc_workshop.md
@@ -519,9 +519,7 @@ Open the model for `Org`, press the green **Add record** button, and press the g
 
   1. **Domain** - Enter the domain name of this organization. It should match the domain name of the email address they'll use. For example, if your customer's organization domain is `whiterabbit.fake`, the domain record is "whiterabbit.fake". Since we are testing with made-up customers, use the email domain you used when you signed up for the Okta Developer Edition organization.
   1. **Client ID** and **Client Secret** - Fill out the `client_id` and `client_secret` for the org with ID 1, using the values from Okta. 
-  2. **Issuer** - In the "Security" section of the sidebar in the Okta Admin Console, navigate to **API**. This page lists the Issuer URI for the Okta organization, which goes into the app's database for that org as its `issuer`. 
-  3. **Authorization endpoint** and **Token endpoint** - On the same page in the Okta Admin console as the issuer, click the name of the default authorization server, find the **Metadata URI**. This URI will be of the form `your-dev-account-id.okta.com/.well-known/oauth-authorization-server`. Click on the URI to open it in the browser where you will see data in JSON format. From this authorization server metadata, copy the `authorization_endpoint` to the `authorization_endpoint` field in your app's database. Copy the `token_endpoint` to the corresponding field in the database as well. 
-  4. **Userinfo endpoint** - To find the `userinfo_endpoint`, replace the string `oauth-authorization-server` in the metadata URL with `openid-configuration`, and copy the `userinfo_endpoint` from the resulting page to the database. 
+  2. **Issuer**, **Authorization endpoint**, and **Token endpoint** - Visit your Okta org authorization server **Metadata URI** directly through the browser by visiting this URL `https://{yourOktaOrg}/.well-known/openid-configuration` – be sure to add your specific Okta org URL. For more information, refer to this documentation on the [Okta org authorization server](https://developer.okta.com/docs/concepts/auth-servers/#org-authorization-server). From this authorization server metadata, copy the `issuer` to the `issuer` field, then the `authorization_endpoint` to the `authorization_endpoint` field in your app's database, and finally the `token_endpoint` to the corresponding field in the database as well.
 
 After this step, your database should contain the `client_id` and `client_secret` unique to the OIDC app that you made in Okta. All endpoint fields will start with the Okta organization's domain.