When connecting OKTA for the first time with Bucketlist, you will need to provide some information on the Bucketlist integration section and create an application in OKTA.
Creating and configuring the application in OKTA:
- Create a new application using the 'Applications' menu and clicking 'Add Application'

2. Choose 'Web', then click 'Next'

3. In the Application Settings screen, enter the following information
- Name: Bucketlist
- Base URIs: https://your-subdomain.bucketlist.org/
- Login redirect URIs: https://your-subdomain.bucketlist.org/oidc/callback/
- Click 'Done'

4. In the 'General' section of the newly created app, add these settings (by clicking on 'Edit')
- Logout redirect URIS: https://your-subdomain.bucketlist.org/
- Login initiated by: App only
- Initiate login URI: https://your-subdomain.bucketlist.org/oidc/authenticate/
- Take note of the client credentials (client id and client secreet)
- Click on save
5. Go to the 'API > Authorization Server' screen

- Click on 'Add Authorization Sever'
- Click on the 'default' authorization server
- Click on the 'Claims' menu and then the 'Add Claim' button

6. Add 2 claims
- Name: first_name
- Include in token type: ID Token / Userinfo / id_token_request
- Value type: Expression
- Mapping: (appuser != null) ? appuser.user.firstName : app.user.firstName
- Include in: Any scope
7. And the 2nd claim:
- Name: last_name
- Include in token type: ID Token / Userinfo / id_token_request
- Value type: Expression
- Mapping: (appuser != null) ? appuser.user.lastName : app.user.lastName
- Include in: Any scope
The claims are used to set the user's first and last name after the first login, depending on your configuration. If you already have a source where your user list is coming from, you might not need these.