My company is using Okta Developer Edition and we have an existing integration that uses the default Authorization Server. It’s configured like so (orgid redacted):
Name: default
Audience: api://default
Issuer URI: https://dev-XXXXXXXXX.oktapreview.com/oauth2/default
We want to use a Custom Domain for our authentication flows so we went through the Custom Domain walkthrough, added DNS records, got everything verified and was eventually able to setup the new custom domain.
We then created a second Authorization Server without modifying the default one and configured the custom domain on the new server from the drop-down, similar to:
Name: Custom Domain
Audience: https://account.mycompany.com
Issuer URI: https://dev-XXXXXXXXX.oktapreview.com/oauth2/default
HOWEVER after saving this new auth server it broke our existing authentication flow in production!
Has anyone else encountered this before or know how to resolve? We had to delete the new auth server and custom domain and wait for DNS propagation for the issue to finally resolve itself so now we are afraid of creating the custom domain again. Please help.
UPDATE
Ok one thing we realized- the first time we created the new Authorization server we mistakenly set the audience to the same value as the default Authorization Server, ie:
Audience: api://default
Is it possible that this is what broke our production authentication flow once this update was made and not removed until a few hours later?
