Merge branch 'main' into edunham-patch-1

_source/_data/authors.yml

@@ -40,7 +40,7 @@ maurice-sharp:
   email: [email protected]
   linkedin: https://www.linkedin.com/in/msharp/
   bio: Maurice is a developer, author, and documentation writer. He transitioned to developer documentation after writing a book on coding for iPhone. He went from managing a mobile development team to documenting Apple developer APIs. Then he moved to Okta where he focuses on developer content strategy and writes the occasional article.
-    Outside of work, he occasionally gives a workshop on designing and delivering engaging stories using a methodology based on cognitive biology and brain function. He's given these to presenters, entrepreneurs pitching VCs, and others. He uses the same methodology for writing documentation. 
+    Outside of work, he occasionally gives a workshop on designing and delivering engaging stories using a methodology based on cognitive biology and brain function. He's given these to presenters, entrepreneurs pitching VCs, and others. He uses the same methodology for writing documentation.
 
 
 victor-ronin:
@@ -952,3 +952,18 @@ louie-campagna:
   avatar: avatar-louie-campagna.jpeg
   linkedin: https://www.linkedin.com/in/louie-campagna/
   bio: Louie Campagna is an Okta Developer Support Engineer. He enjoys coding creative solutions to problems and writing scripts to automate processes. Louie's previous experience spans across customer service, desktop engineering, identity and access management and governance, and programming.
+
+nick-connelly:
+  full_name: Nick Connelly
+  display_name: Nick Connelly
+  avatar: avatar-nick-connelly.jpg
+  linkedin: https://www.linkedin.com/in/nicholasconnelly/
+  bio: Nick Connelly is a seasoned Professional Consultant within the Okta Professional Services team, bringing over a decade of experience in cybersecurity and identity and access management. Passionate about learning new technologies and improving processes, Nick is dedicated to delivering exceptional value for customers by leveraging the latest advancements and best practices in the industry.
+
+jeff-taylor:
+  full_name: Jeff Taylor
+  display_name: Jeff Taylor
+  avatar: avatar-jeff-taylor.jpg
+  linkedin: https://www.linkedin.com/in/jeffctaylor/
+  github: https://github.com/jefftaylor-okta
+  bio: Jeff is a Group Product Manager working on our Developer Products for Developers and Operators working with Workforce Identity Cloud including helping Integrators submitting to the Okta Integration Network easily and effectively. Jeff is a champion for Builders on the Okta ecosystem.

_source/_includes/header.html

@@ -75,7 +75,7 @@
                         </ul>
                     </li>
                     <li class="menu-item {% if page.url contains '/blog/' %}active{% endif %}">
-                        <a href="/blog" class="nav-link">Blog</a>
+                        <a href="/blog/" class="nav-link">Blog</a>
                     </li>
                     <li class="menu-item {% if page.url contains '/pricing/' %}active{% endif %}">
                         <a href="{{ site.external_domain }}/pricing/" class="nav-link external-link">

_source/_includes/promo_banner.html

@@ -1,4 +1,4 @@
-{% assign show_promo_banner = true %}
+{% assign show_promo_banner = false %}
 {% assign documentation_subdirs = "docs,standards,use_cases,reference,authentication-guide" | split:"," %}
 
 {% for dir in documentation_subdirs %}
@@ -8,11 +8,11 @@
 {% endfor %}
 
 {% if show_promo_banner %}
-  <a href="https://regionalevents.okta.com/enterprisereadyworkshops" class="DocsPromoBanner">
+  <a href="/blog/2024/09/26/oktane-saas-developers" class="DocsPromoBanner">
     <div class="Wrap">
       <!-- <svg width="26px" height="32px" viewBox="0 0 26 32" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd"><g transform="translate(1.000000, 1.000000)" stroke="#FFFFFF" stroke-width="0.5" fill="#FFFFFF"><path d="M7.73510684,22.7384868 L7.73510684,23.4543421 C9.42771234,23.4182237 10.7943389,22.0291447 10.7943389,20.3268421 C10.7943389,19.7915789 10.6564931,19.2634211 10.3955916,18.7980263 L10.2494631,18.5375 L13.529367,15.2548684 L13.7890852,15.4011184 C14.2540932,15.6622368 14.7824038,15.8001974 15.316039,15.8001974 C17.0181103,15.8001974 18.406035,14.4330263 18.4421234,12.7384211 L17.726863,12.7384211 L16.4489784,14.0173684 L13.976035,14.0173684 L13.976035,11.5423684 L15.253328,10.2634211 L15.253328,9.54401316 C13.5589476,9.57717105 12.1905462,10.9680263 12.1905462,12.6721053 C12.1905462,13.1819079 12.3100521,13.6698026 12.5466974,14.1209868 L12.6809936,14.3779605 L9.37328392,17.6884211 L9.11652377,17.5540132 C8.66571448,17.3177632 8.17881677,17.1981579 7.66825454,17.1981579 C5.96618323,17.1981579 4.57648371,18.5671053 4.54276175,20.2634868 L5.26157185,20.2634868 L6.53945646,18.9845395 L9.01299145,18.9845395 L9.01299145,21.4601316 L7.73510684,22.7384868 Z M6.9476696,24.2584211 L6.9476696,22.4122368 L8.22555422,21.1332895 L8.22555422,19.7720395 L6.86543536,19.7720395 L5.58755075,21.0509868 L3.75,21.0509868 L3.75354968,20.6536842 C3.75354968,20.6536842 3.75473291,20.4363816 3.75473291,20.3268421 C3.75473291,18.1668421 5.51064103,16.4100658 7.66825454,16.4100658 C8.20011485,16.4100658 8.73020032,16.5201974 9.21709802,16.7303947 L11.7231717,14.2216447 C11.5137407,13.7343421 11.4037006,13.2038158 11.4037006,12.6721053 C11.4037006,10.5126974 13.1590171,8.75532895 15.316039,8.75532895 C15.4266707,8.75532895 15.6432011,8.75355263 15.6437927,8.75355263 L16.0407652,8.75 L16.0407652,10.5890789 L14.7628806,11.8686184 L14.7628806,13.2292763 L16.1229995,13.2292763 L17.4008841,11.9503289 L19.2449426,11.9503289 L19.2348851,12.3547368 C19.2348851,12.3553289 19.2301522,12.5649342 19.2301522,12.6721053 C19.2301522,14.8315132 17.4742441,16.5882895 15.316039,16.5882895 C14.7480903,16.5882895 14.1860577,16.4633553 13.673129,16.2259211 L11.2197089,18.6807895 C11.4569458,19.1953289 11.5817762,19.7584211 11.5817762,20.3268421 C11.5817762,22.4856579 9.82586806,24.2430263 7.66825454,24.2430263 C7.56176416,24.2430263 7.35292468,24.2483553 7.35174145,24.2483553 L6.9476696,24.2584211 Z" id="Fill-28"></path><path d="M0.787437233,29.4140132 L23.0912567,29.4140132 L23.0912567,0.788092105 L6.85443109,0.788092105 L0.787437233,6.86013158 L0.787437233,29.4140132 Z M23.8786939,30.2021053 L0,30.2021053 L0,6.53388158 L6.52845219,0 L23.8786939,0 L23.8786939,30.2021053 Z" id="Fill-29"></path><polygon points="7.94173745 6.69730263 1.25 6.69730263 1.25 5.90921053 7.15489183 5.90921053 7.15489183 0 7.94173745 0"></polygon></g></g></svg> -->
       <svg id="Layer_2" xmlns="http://www.w3.org/2000/svg" width="26px" height="32px" viewBox="0 0 26 32"><defs><style>.cls-1{fill:#fffefa;}</style></defs><g id="Layer_1-2"><g><path class="cls-1" d="M13.48,3.28c-1.9,.69-3.89,1.04-5.91,1.04h-.82c-1.84,0-3.56,.73-4.84,2.05C.62,7.69-.05,9.43,0,11.28c.05,1.66,.75,3.17,1.84,4.33l.12,9.21H6.43l2.08-6.96c1.7,.09,3.37,.42,4.98,1l9.02,3.28V0L13.48,3.28ZM2.98,7.42c1-1.03,2.34-1.59,3.77-1.59h.82c.82,0,1.63-.07,2.43-.17v10.85c-.8-.1-1.61-.17-2.43-.17h-.57c-2.95,0-5.42-2.28-5.5-5.09-.04-1.43,.48-2.79,1.48-3.82Zm2.33,15.91h-1.86l-.08-6.51c1.05,.63,2.28,.99,3.59,1l-1.64,5.5Zm15.69-3.32l-7-2.55c-.82-.3-1.65-.52-2.5-.7V5.39c.84-.18,1.68-.4,2.5-.7l7-2.55V20Z"/><g><polygon class="cls-1" points="24 9.2 28.14 6.71 27.36 5.43 24 7.45 24 9.2"/><polygon class="cls-1" points="24 14.7 27.36 16.71 28.14 15.43 24 12.95 24 14.7"/><rect class="cls-1" x="24" y="10.32" width="5.75" height="1.5"/></g></g></g></svg>
-      <span class="promo-body">Check out the free virtual workshops on how to take your SaaS app to the next level in the enterprise-ready identity journey!</span>
+      <span class="promo-body">See you at Oktane in Las Vegas on October 15-17, 2024. Read more about the activities planned with you mind here.</span>
       <!-- <span class="cta">
         REGISTER
         <span class="code-icon cir-arrow-16"></span>

_source/_posts/2022-02-08-cookies-vs-tokens.adoc

@@ -102,7 +102,7 @@ Tokens—or JWTs in this context—are stateless in nature, meaning the server d
 
 * **Multiple storage options**: Tokens can be stored in a number of ways in browsers or front-end applications.
 
-If you use a browser's local storage, tokens can't be accessed by a subdomain. However, they can be accessed and manipulated by any JavaScript code on the webpage, as well as by browser plugins. This isn't a recommended method: first, itposes a security risk, plus you must manage the storage.
+If you use a browser's local storage, tokens can't be accessed by a subdomain. However, they can be accessed and manipulated by any JavaScript code on the webpage, as well as by browser plugins. This isn't a recommended method: first, it poses a security risk, plus you must manage the storage.
 
 Session storage is another way to store tokens. The drawback is that the token is destroyed when the browser is closed.
 

_source/_posts/2024-02-29-third-party-cookies.md

@@ -14,6 +14,7 @@ image: blog/3pc/social.jpg
 type: awareness
 ---
 
+**NOTE**: In July, Google provided an update on their [third-party cookie deprecation effort](https://privacysandbox.com/news/privacy-sandbox-update/). Okta will work with Google to understand the specific impact on Okta customers. In the meantime, we continue to advise customers to migrate away from using third-party cookies, as outlined below.
 
 
 ## What are third-party cookies?

_source/_posts/2024-04-30-express-universal-logout.md

@@ -68,6 +68,8 @@ While viewing your database locally, you'll also see an org table. By clicking t
 - client_secret = ${ClientSecret}
 - apikey = 131313
 
+>**Note**: You can also get these OIDC-related endpoints by visiting this metadata URL `https://{yourOktaOrg}/.well-known/openid-configuration` provided by the [Okta Org authorization server](https://developer.okta.com/docs/concepts/auth-servers/#discovery-endpoints-org-authorization-servers).
+
 ### Create a test user
 
 To test whether UL works for our app, we'll create a user on Okta whose account we'll forcibly sign out. 
@@ -105,7 +107,7 @@ import { Router } from 'express';
 export const universalLogoutRoute = Router();
 ```
 
-Let's add the UL route to this file:
+Let's add the UL route to this file as well:
 
 ```ts
 import { Router } from 'express';
@@ -183,22 +185,73 @@ universalLogoutRoute.post('/global-token-revocation', async (req, res) => {
   if (!req.body) {
     res.status(400);
   }
-
-  // Find the user by email linked to the org id associated with the API key provided
-  const domainOrgId = req['user']['id']
+
+  // Find the user
   const newRequest:IRequestSchema = req.body;
   const { email } = newRequest.sub_id;
   const user = await prisma.user.findFirst({
     where: {
-      email: email,
-      org: { id: domainOrgId },
+      email: email
     },
   });
 
-  // 404 User not found 
+  // 404 User not found
   if (!user) {
     res.sendStatus(404);
   }
+
+  return res.sendStatus(httpStatus);
+});
+
+universalLogoutRoute.use((err,req,res,next) => {
+  if(err){
+    return res.sendStatus(404)
+  }
+})
+```
+The apps/api/src/universalLogout.ts file now looks like the following:
+
+```ts
+import { Router } from 'express';
+export const universalLogoutRoute = Router();
+import { PrismaClient } from '@prisma/client';
+const prisma = new PrismaClient();
+
+interface IRequestSchema {
+  'sub_id': {format:string; email: string};
+}
+universalLogoutRoute.post('/global-token-revocation', async (req, res) => {
+  // 204 When the request is successful
+  const httpStatus = 204;
+
+  // 400 If the request is malformed
+  if (!req.body) {
+    res.status(400);
+  }
+
+  // Find the user
+  const newRequest:IRequestSchema = req.body;
+  const { email } = newRequest.sub_id;
+  const user = await prisma.user.findFirst({
+    where: {
+      email: email
+    },
+  });
+
+  // 404 User not found
+  if (!user) {
+    res.sendStatus(404);
+  }
+
+  return res.sendStatus(httpStatus);
+
+});
+
+universalLogoutRoute.use((err,req,res,next) => {
+  if(err){
+    return res.sendStatus(404)
+  }
+})
 ```
 
 >**Checkpoint**: Now is an excellent time to test our code. 
@@ -398,13 +451,30 @@ universalLogoutRoute.post('/global-token-revocation', async (req, res) => {
     res.sendStatus(404);
   }
 
+  return res.sendStatus(httpStatus);
+});
+
 universalLogoutRoute.use((err,req,res,next) => {
   if(err){
 
     return res.sendStatus(404)
   }
 })
 ```
+So now let's do another test to make sure the authentication piece we added is working. We'll need to modify our cURL request to include an Authorization header with a `Bearer 131313`. This should result in a 204 response. 
+
+```http
+curl --request POST \
+  --url http://localhost:3333/global-token-revocation \
+  --header 'Authorization: Bearer 131313' \
+  --header 'Content-Type: application/json' \
+  --data '{
+  "sub_id": {
+    "format": "email",
+    "email": "[email protected]"
+  }
+}'
+```
 
 Moving right along, now that we have the target user of a specific org. Let's figure out how to target their application session and end it.
 
@@ -527,7 +597,7 @@ universalLogoutRoute.post('/global-token-revocation', async (req, res) => {
   }
 
   // Find the user by email linked to the org id associated with the API key provided
- const domainOrgId = req['user']['id']
+  const domainOrgId = req['user']['id']
   const newRequest:IRequestSchema = req.body;
   const { email } = newRequest.sub_id;
   const user = await prisma.user.findFirst({
@@ -602,7 +672,7 @@ if (!res.ok)
 }}     
 ```
 
-The onNewTask function will now look like this:
+The `onNewTask` function will now look like this:
 
 ```ts
 import { useEffect, useState } from 'react';
@@ -635,8 +705,8 @@ export const Todos = () => {
         });
 
         if (!res.ok){if (res.status === 401) {
-// Redirect user back to the sign in page
-window.location.href = '/';
+        // Redirect user back to the sign in page
+        window.location.href = '/';
         } else {
           // Handle other errors
           throw new Error('Error occurred while fetching data');
@@ -659,7 +729,7 @@ window.location.href = '/';
 >**Improve your code**: Notice the code above only handles a 401 response from the server when adding a new task. How might you handle 401 errors globally? You can use fetch or [Axios Interceptor](https://axios-http.com/docs/interceptors). The completed workshop code handles this using fetch; check it out here [Universal Logout Workshop Complete](https://github.com/oktadev/okta-enterprise-ready-workshops/blob/ul-workshop-complete/apps/todo-app/src/app/components/useTodoApi.tsx).
 
 ### Revoke a user's tokens
-This web application architecture uses cookie-based sessions instead of session tokens to authenticate to the backend resources. However, in the case of mobile apps and single-page applications, you'll need to revoke refresh tokens on the front end. As per the [spec](https://datatracker.ietf.org/doc/html/draft-parecki-oauth-global-token-revocation#name-revocation-expectations), written by [Aaron Perecki](https://aaronparecki.com/) a successful sign-out will require revoking a user's refresh token. 
+This web application architecture uses cookie-based sessions instead of session tokens to authenticate to the backend resources. However, in the case of mobile apps and single-page applications, you'll need to revoke refresh tokens on the front end. As per the [spec](https://datatracker.ietf.org/doc/html/draft-parecki-oauth-global-token-revocation#name-revocation-expectations), written by [Aaron Parecki](https://aaronparecki.com/) a successful sign-out will require revoking a user's refresh token. 
 
 ## Initiate Universal Logout through Okta 
 This tutorial provides the fundamental steps to creating a UL endpoint to end a user's session or tokens. However, the UL feature isn't available yet; once released, a secondary blog will be posted with further instructions on how to initiate sign-out with Okta. Stay tuned! For now, you can find the completed project [ul-workshop-complete](https://github.com/oktadev/okta-enterprise-ready-workshops/tree/ul-workshop-complete) on our Oktadev GitHub repository.