Create an OAuth 2.0 app in Okta

Create the client application that you want to use with the Okta APIs.

  1. Sign in to your Okta organization as a user with administrative privileges. Create an org for free (opens new window).

  2. In the Admin Console, go to Applications > Applications.

  3. Click Create App Integration.

  4. On the Create a new app integration page, select OIDC - OpenID Connect as the Sign-in method. Choose any Application type. Creating a web, single-page, or native app is an easy way to test scope-based access to Okta's APIs using an OAuth 2.0 bearer token. Click Next.

    Note: It is important to choose the appropriate application type for apps that are public clients. Failing to do so may result in Okta API endpoints attempting to verify an app's client secret, which public clients are not designed to have, and would break the sign-in or sign-out flow.

  5. Enter a name for your app integration. In the Sign-in redirect URIs box, specify the callback location where Okta returns a browser (along with the token) after the user finishes authenticating.

  6. We recommend that you always use the Authorization Code grant flow and clear the Implicit (Hybrid) check box.

    Note: You can leave the rest of the defaults as they work with this guide for testing purposes.

  7. Click Done. The settings page for the app integration appears, showing the General tab. Make note of the Client ID listed in the Client Credentials section at the bottom of the page. You need this in the Request an access token section.

  8. Click the Assignments tab and ensure that the right users are assigned to the app. For instructions on how to assign the app integration to individual users and groups, see the Assign app integrations (opens new window) topic in the Okta product documentation. For more information about which users have access to which scopes, see the Scopes and supported endpoints section.