Create an Okta application
On This Page
Before you can sign a user in, you need to create an Okta application that represents your web application.
Start by signing in to the Okta Developer Console:
Select Applications, then Add Application. Pick Web as the platform. Click Next.
Enter a name for your application (or leave the default value).
Add the Base URI of your application during local development, such as
http://localhost:3000. Also, add any base URIs where your application runs in production, such as
Next, enter values for the Login redirect URI. This is the callback described in Understand the callback route. Add values for local development (such as
http://localhost:8080/authorization-code/callback) and production (such as
Click Done to finish creating the Okta application. You need to copy some values into your code later, so leave the Developer Console open.
The default refresh token behavior is Use persistent token for web apps. To enable refresh token rotation, do the following:
- Open the Web app that you just created and select the General tab.
- Click Edit.
- In the REFRESH TOKEN section, select Rotate token after every use.
- Make any adjustments to the number of seconds for the Grace period for token rotation. You can change the value to any number between 0 and 60 seconds. After the refresh token is rotated, the previous token remains valid for this amount of time to allow clients to get the new token.