diff --git a/packages/@okta/vuepress-site/.vuepress/public/img/authorization/oauth-oob-grant-flow.png b/packages/@okta/vuepress-site/.vuepress/public/img/authorization/oauth-oob-grant-flow.png index 893ae14a4cb..bc3576eba7f 100644 Binary files a/packages/@okta/vuepress-site/.vuepress/public/img/authorization/oauth-oob-grant-flow.png and b/packages/@okta/vuepress-site/.vuepress/public/img/authorization/oauth-oob-grant-flow.png differ diff --git a/packages/@okta/vuepress-site/.vuepress/public/img/authorization/oauth-oob-phone-grant-flow.png b/packages/@okta/vuepress-site/.vuepress/public/img/authorization/oauth-oob-phone-grant-flow.png index db8c5620357..56523fcdf3f 100644 Binary files a/packages/@okta/vuepress-site/.vuepress/public/img/authorization/oauth-oob-phone-grant-flow.png and b/packages/@okta/vuepress-site/.vuepress/public/img/authorization/oauth-oob-phone-grant-flow.png differ diff --git a/packages/@okta/vuepress-site/docs/concepts/redirect-vs-embedded/index.md b/packages/@okta/vuepress-site/docs/concepts/redirect-vs-embedded/index.md index cd5f3a4cf95..14026f28010 100644 --- a/packages/@okta/vuepress-site/docs/concepts/redirect-vs-embedded/index.md +++ b/packages/@okta/vuepress-site/docs/concepts/redirect-vs-embedded/index.md @@ -119,7 +119,7 @@ Client apps may also exchange tokens with a Security Token Service (STS) to prov You can use direct authentication with your apps in Identity Engine rather than an embedded SDK, the customer-hosted Okta Sign-In Widget, or direct APIs. This allows you to directly authenticate users rather than delegating authentication to Okta identity providers and authorization servers through an HTTP redirect in a web browser. Direct authentication is beneficial in scenarios where there's a high degree of trust between the user and the app. It's also beneficial where browser-based flows aren't feasible, like with mobile apps. -See the `/challenge` [endpoint](https://developer.okta.com/docs/api/openapi/okta-oauth/oauth/tag/OrgAS/#tag/OrgAS/operation/challengeOrgAS), the `/oob-authenticate` [endpoint](https://developer.okta.com/docs/api/openapi/okta-oauth/oauth/tag/OrgAS/#tag/OrgAS/operation/oob-authenticateOrgAS), and the new `grant_types` for the `/token` [endpoint](https://developer.okta.com/docs/api/openapi/okta-oauth/oauth/tag/OrgAS/#tag/OrgAS/operation/token). Also, for information on how to set up each new grant type, see [Configure Direct Authentication](/docs/guides/configure-direct-auth-grants/). +See the `/challenge` [endpoint](https://developer.okta.com/docs/api/openapi/okta-oauth/oauth/tag/OrgAS/#tag/OrgAS/operation/challengeOrgAS), the `/primary-authenticate` [endpoint](https://developer.okta.com/docs/api/openapi/okta-oauth/oauth/tag/OrgAS/#tag/OrgAS/operation/primary-authenticateOrgAS), and the new `grant_types` for the `/token` [endpoint](https://developer.okta.com/docs/api/openapi/okta-oauth/oauth/tag/OrgAS/#tag/OrgAS/operation/token). Also, for information on how to set up each new grant type, see [Configure Direct Authentication](/docs/guides/configure-direct-auth-grants/). ### Other embedded authentication solutions diff --git a/packages/@okta/vuepress-site/docs/guides/configure-direct-auth-grants/main/coobov/flow-diagram.md b/packages/@okta/vuepress-site/docs/guides/configure-direct-auth-grants/main/coobov/flow-diagram.md index 7b4e3671f09..b1adc818bf0 100644 --- a/packages/@okta/vuepress-site/docs/guides/configure-direct-auth-grants/main/coobov/flow-diagram.md +++ b/packages/@okta/vuepress-site/docs/guides/configure-direct-auth-grants/main/coobov/flow-diagram.md @@ -16,7 +16,7 @@ participant "Authorization Server (Okta) " as okta autonumber "#." client -> user: Prompts user for username user -> client: Enters username -client -> okta: Sends OOB authentication request to `/oob-authenticate` +client -> okta: Sends OOB authentication request to `/primary-authenticate` okta -> client: Sends `oob_code`, `interval`, other parameters required by authenticator okta -> user: Sends push notification user <-> client: Per configured authenticator options, more interaction may occur @@ -33,7 +33,7 @@ At a high level, this flow has the following steps: 1. Your client app prompts the user for their username in the app interface. 1. The user enters their username. -1. Your app sends the username as a `login_hint` and `channel_hint=push` to the Okta authorization server `/oob-authenticate` endpoint. +1. Your app sends the username as a `login_hint` and `channel_hint=push` to the Okta authorization server `/primary-authenticate` endpoint. Register your app so that Okta can accept the authorization request. See [Set up your app](#set-up-your-app) to register and configure your app with Okta. After registration, your app can make an authorization request to Okta. See [Request for tokens](#request-for-tokens). diff --git a/packages/@okta/vuepress-site/docs/guides/configure-direct-auth-grants/main/coobov/use-flow.md b/packages/@okta/vuepress-site/docs/guides/configure-direct-auth-grants/main/coobov/use-flow.md index b5f14f4b89f..5d99cd5747f 100644 --- a/packages/@okta/vuepress-site/docs/guides/configure-direct-auth-grants/main/coobov/use-flow.md +++ b/packages/@okta/vuepress-site/docs/guides/configure-direct-auth-grants/main/coobov/use-flow.md @@ -2,13 +2,13 @@ The following sections outline the requests required to implement the out-of-ban ### Request for out-of-band authentication -Before you can begin this flow, collect the username from the user in a manner of your choosing. Then, make an API call to the Okta [authorization server](/docs/concepts/auth-servers/) `/oob-authenticate` endpoint. Use this endpoint to initiate an authentication flow with an out-of-band factor as the primary factor. Your request should look something like this: +Before you can begin this flow, collect the username from the user in a manner of your choosing. Then, make an API call to the Okta [authorization server](/docs/concepts/auth-servers/) `/primary-authenticate` endpoint. Use this endpoint to initiate an authentication flow with an out-of-band factor as the primary factor. Your request should look something like this: -> **Note:** The `/oob-authenticate` endpoint doesn't support multifactor authentication. +> **Note:** The `/primary-authenticate` endpoint doesn't support multifactor authentication. ```bash curl --request POST \ - --url https://{yourOktaDomain}/oauth2/v1/oob-authenticate \ + --url https://{yourOktaDomain}/oauth2/v1/primary-authenticate \ --header 'accept: application/json' \ --header 'content-type: application/x-www-form-urlencoded' \ --data 'client_id={client_id}&login_hint={testuser%40example.com}&channel_hint=push' @@ -20,7 +20,7 @@ Note the parameters that are passed: - `login_hint`: The email username of a registerd Okta user - `channel_hint`: The out-of-band channel used by the client. For Okta Verify, use `push`. -For more information on these parameters, see the `/oob-authenticate` [endpoint](https://developer.okta.com/docs/api/openapi/okta-oauth/oauth/tag/OrgAS/#tag/OrgAS/operation/oob-authenticate). +For more information on these parameters, see the `/primary-authenticate` [endpoint](https://developer.okta.com/docs/api/openapi/okta-oauth/oauth/tag/OrgAS/#tag/OrgAS/operation/primary-authenticate). ### OOB response example for Okta Verify Push diff --git a/packages/@okta/vuepress-site/docs/guides/configure-direct-auth-grants/main/eoobsv/flow-diagram.md b/packages/@okta/vuepress-site/docs/guides/configure-direct-auth-grants/main/eoobsv/flow-diagram.md index 32a97b94946..ebbf4700be5 100644 --- a/packages/@okta/vuepress-site/docs/guides/configure-direct-auth-grants/main/eoobsv/flow-diagram.md +++ b/packages/@okta/vuepress-site/docs/guides/configure-direct-auth-grants/main/eoobsv/flow-diagram.md @@ -16,7 +16,7 @@ participant "Authorization Server (Okta) " as okta autonumber "#." client <-> user: Prompts user for username, and user enters username -client -> okta: Sends `/oob-authenticate` request with `channel_hint` +client -> okta: Sends `/primary-authenticate` request with `channel_hint` okta -> client: Responds with `oob_code`, `channel`, `binding_method` okta -> user: Sends out-of-band challenge client -> user: Prompts user to enter OTP, and user enters OTP @@ -29,7 +29,7 @@ At a high level, this flow has the following steps: 1. Your client app prompts the user for their username in the app interface. 1. The user enters their username. -1. Your app sends the following parameters to the Okta authorization server `/oob-authenticate` endpoint: +1. Your app sends the following parameters to the Okta authorization server `/primary-authenticate` endpoint: * `login_hint` * `channel_hint` with a value of `sms` or `voice` diff --git a/packages/@okta/vuepress-site/docs/guides/configure-direct-auth-grants/main/eoobsv/use-flow.md b/packages/@okta/vuepress-site/docs/guides/configure-direct-auth-grants/main/eoobsv/use-flow.md index ffcf0eef42b..954ed700e76 100644 --- a/packages/@okta/vuepress-site/docs/guides/configure-direct-auth-grants/main/eoobsv/use-flow.md +++ b/packages/@okta/vuepress-site/docs/guides/configure-direct-auth-grants/main/eoobsv/use-flow.md @@ -2,15 +2,15 @@ The following sections outline the requests required to implement the out-of-ban ### Request for out-of-band authentication -Before you can begin this flow, collect the username from the user in a manner of your choosing. Then, make an API call to the Okta [authorization server](/docs/concepts/auth-servers/) `/oob-authenticate` endpoint. Use this endpoint to initiate an authentication flow with an out-of-band factor (such as SMS or Voice) as the primary factor. +Before you can begin this flow, collect the username from the user in a manner of your choosing. Then, make an API call to the Okta [authorization server](/docs/concepts/auth-servers/) `/primary-authenticate` endpoint. Use this endpoint to initiate an authentication flow with an out-of-band factor (such as SMS or Voice) as the primary factor. -> **Note:** The `/oob-authenticate` endpoint doesn't support multifactor authentication. +> **Note:** The `/primary-authenticate` endpoint doesn't support multifactor authentication. Your request should look something like this: ```bash curl --request POST \ - --url https://{yourOktaDomain}/oauth2/v1/oob-authenticate \ + --url https://{yourOktaDomain}/oauth2/v1/primary-authenticate \ --header 'accept: application/json' \ --header 'content-type: application/x-www-form-urlencoded' \ --data 'client_id={client_id}&login_hint={testuser%40example.com}&channel_hint={sms or voice}' @@ -22,7 +22,7 @@ Note the parameters that are passed: - `login_hint`: The email username of a registered Okta user - `channel_hint`: The out-of-band channel that the client wants to use. For Phone, use `sms` or `voice`. -For more information on these parameters, see the `/oob-authenticate` [endpoint](https://developer.okta.com/docs/api/openapi/okta-oauth/oauth/tag/OrgAS/#tag/OrgAS/operation/oob-authenticate). +For more information on these parameters, see the `/primary-authenticate` [endpoint](https://developer.okta.com/docs/api/openapi/okta-oauth/oauth/tag/OrgAS/#tag/OrgAS/operation/primary-authenticate). ### OOB response example diff --git a/packages/@okta/vuepress-site/docs/guides/oie-embedded-common-org-setup/main/index.md b/packages/@okta/vuepress-site/docs/guides/oie-embedded-common-org-setup/main/index.md index 48a191fd699..e8daf10785e 100644 --- a/packages/@okta/vuepress-site/docs/guides/oie-embedded-common-org-setup/main/index.md +++ b/packages/@okta/vuepress-site/docs/guides/oie-embedded-common-org-setup/main/index.md @@ -37,7 +37,7 @@ Okta provides two embedded identity solutions: This guide shows you how to set up your Okta org to support the embedded SDK or the embedded widget with SDK solutions. Ensure that you [get set up](#get-set-up) with Okta and [set up your Okta org for your use case](#set-up-your-okta-org-for-your-use-case) before you . -> **Note:** You can use direct authentication with your apps in Identity Engine rather than an embedded SDK. This enables you to directly authenticate users rather than delegating authentication to Okta Identity Providers and authorization servers through an HTTP redirect in a browser. Direct authentication is beneficial in scenarios where there's a high degree of trust between the user and the app. It's also beneficial where browser-based flows aren't feasible, like with mobile apps. See the `/challenge` [endpoint](https://developer.okta.com/docs/api/openapi/okta-oauth/oauth/tag/OrgAS/#tag/OrgAS/operation/challengeOrgAS), the `/oob-authenticate` [endpoint](https://developer.okta.com/docs/api/openapi/okta-oauth/oauth/tag/OrgAS/#tag/OrgAS/operation/oob-authenticateOrgAS), and the new `grant_types` for the `/token` [endpoint](https://developer.okta.com/docs/api/openapi/okta-oauth/oauth/tag/OrgAS/#tag/OrgAS/operation/token) to help tailor authentication to your specific use cases. Also, for information on how to set up each new grant type, see [Implement by grant type](/docs/guides/configure-direct-auth-grants/aotp/main/). +> **Note:** You can use direct authentication with your apps in Identity Engine rather than an embedded SDK. This enables you to directly authenticate users rather than delegating authentication to Okta Identity Providers and authorization servers through an HTTP redirect in a browser. Direct authentication is beneficial in scenarios where there's a high degree of trust between the user and the app. It's also beneficial where browser-based flows aren't feasible, like with mobile apps. See the `/challenge` [endpoint](https://developer.okta.com/docs/api/openapi/okta-oauth/oauth/tag/OrgAS/#tag/OrgAS/operation/challengeOrgAS), the `/primary-authenticate` [endpoint](https://developer.okta.com/docs/api/openapi/okta-oauth/oauth/tag/OrgAS/#tag/OrgAS/operation/primary-authenticateOrgAS), and the new `grant_types` for the `/token` [endpoint](https://developer.okta.com/docs/api/openapi/okta-oauth/oauth/tag/OrgAS/#tag/OrgAS/operation/token) to help tailor authentication to your specific use cases. Also, for information on how to set up each new grant type, see [Implement by grant type](/docs/guides/configure-direct-auth-grants/aotp/main/). ## Get set up