From fc4d833532dec050a3c6296691d631b64de1ee19 Mon Sep 17 00:00:00 2001
From: Oleksii Kriuchykhin <okriuchykhin@biosistemika.com>
Date: Fri, 30 Sep 2022 16:36:51 +0200
Subject: [PATCH] Add an option which allows use of Okta's org authorization
 server

---
 lib/omniauth/strategies/okta.rb | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/lib/omniauth/strategies/okta.rb b/lib/omniauth/strategies/okta.rb
index 470369a..c7f5229 100644
--- a/lib/omniauth/strategies/okta.rb
+++ b/lib/omniauth/strategies/okta.rb
@@ -19,7 +19,8 @@ class Okta < OmniAuth::Strategies::OAuth2
         user_info_url:        'https://your-org.okta.com/oauth2/default/v1/userinfo',
         response_type:        'id_token',
         authorization_server: 'default',
-        audience:             'api://default'
+        audience:             'api://default',
+        use_org_auth_server:  false
       }
       option :scope, DEFAULT_SCOPE
 
@@ -74,10 +75,14 @@ def id_token
       # This is necessary in the case where there is a custom authorization server.
       #
       # Okta provides a default, by default.
+      # There is also an option to use an org authorization server if a custom authorization server is not available
+      # in your Okta subscription, set a use_org_auth_server client option to true.
       #
       # @return [String]
       def authorization_server_path
-        site                 = client_options.fetch(:site)
+        site = client_options.fetch(:site)
+        return site if client_options.fetch(:use_org_auth_server)
+
         authorization_server = client_options.fetch(:authorization_server, 'default')
 
         "#{site}/oauth2/#{authorization_server}"