Okta allows you to create multiple custom OAuth 2.0 authorization servers that you can use to protect your own resource servers. Within each authorization server you can define your own OAuth 2.0 scopes, claims, and access policies.
If you have an Okta Developer Edition account, you already have a custom authorization server created for you, called
default. For simple use cases this default custom authorization server should suffice. If your application has requirements such as additional scopes, customizing rules for when to grant scopes, or you need additional authorization servers with different scopes and claims, then this guide is for you.
If you only need one authorization server, but you'd like to know more about customizing it, you can skip ahead and find out how to:
Note: For a high-level explanation of OAuth 2.0 and OpenID Connect see our OAuth 2.0 Overview. See Authorization Servers for more information on the types of authorization servers available to you and what you can use them for.