 Welcome. My name is Micah Silverman and I'm one of Okta's senior developer advocates. Today I'm going to be talking to you about Okta's new beta Heroku add-on. First, let's talk about what Okta is. Okta's an identity access management platform and in short, it solves your authentication and authorization needs in the cloud so that you don't have to reinvent that wheel. We have a whole bunch of SDKs and code examples that make it super easy to integrate Okta into your application and we support standards like OAuth and OpenID Connect as a service so that you can take advantage of those standards in your own application. Heroku is a hosting platform that supports a variety of languages and platforms including Java and JavaScript and others and it has an add-on feature where other companies can create services that you can integrate into your deployed application such as Postgres and MySQL and now Okta as well. So before we get into the nuts and bolts, let's take a look at an example in action and all of these references are available below the video and this is an authentication example using an approach called Pixi, proof key for code exchange. It's an OAuth technology and there's a whole bunch of other great links at the bottom of this page below the video where you can learn more about OAuth and OpenID Connect. Our focus today is to talk about the Heroku add-on and how it makes it easy to integrate with Okta. Now if you notice there's a friendly purple button here that will deploy this example to Heroku as well as allocate an Okta organization for your use. So let's click on the button and in order to use this you're going to need a Heroku account so go and create a Heroku account if you haven't already. I'm already logged into my Heroku account and so the only thing I have to supply it with now is an app name. So let's call it the Okta add-on demo Pixi example and it tells me that that's available so I just give it a name, I scroll down and I click deploy to app and notice that the Okta add-on is going to be allocated automatically as part of this deploy process. So I'll click deploy app. It's now going to do everything that I need to do including allocating an Okta organization. Now this is going to take a moment so I will use the magic of video editing and fast forward past this part. Most of that process that we just saw from Heroku was allocating an Okta org and then deploying this application. So let's take a look at this application in access and in action and I can do that by clicking on view. Okay, pretty straightforward application here and I'll make it a little bigger and it's using two different approaches to get to your user profile. Now let's first click on Pixi, PKCE and you'll notice that we get redirected to an Okta org. This is the Okta organization that was allocated for us. Now at this point you have no idea who to log in as because we don't have any of that information. We haven't seen that yet. So if we jump back over to this results screen and we click on manage app if we look over here on the settings tab and we reveal the config variables you'll notice that a number of environment variables have been set for you that allow you to interact with and use the Okta admin console as well as to interact with the Okta API. So first of all you have a generated email and password that you can log in with. It also shows you your org URL so this is how you can get to it directly. It shows you an API token that you can use with Okta's SDKs so the .NET, the Java SDK, the Node.js SDK you can work with this right out of the box because these SDKs are configured to work with this environment variable called Okta Client Token. It also has set up a client ID for a single page application and that's what we're going to be working with shortly. Now the important bit for now is the email and the password. So I'm going to copy these values so that we can continue with our app example. So let me go ahead and paste in that username and password and then I'll click sign in. Since this is the first time I'm ever logging into this Okta org it's going to ask me a few more questions to get my account set up it's just going to ask me to set a security question and I can create my account. And now it redirects back to the application and I can see that I have profile information here. I have an ID token, I have an access token and then these are the specific details that came from this application. So what we saw just now was I was able to deploy an application to Heroku it automatically allocated an Okta org and I was then able to use the application including authentication by grabbing the values that I saw in the environment variables from Heroku. Now that's not all we can do with the Heroku add-on we can also SSO into the Okta admin console directly from the add-on. Let me show you that in just a moment. First I want to show you that if I log out of this application and I open up the developer tools and I attempt to log in with the implicit flow that's a different OAuth flow it's going to give me an error. It says this response type is not supported by the authorization server. This is because when we allocate an Okta org through the Heroku add-on it gets set up with best practices and best practices today is to not use the older implicit flow and so by default the implicit flow isn't configured but for the purposes of demonstration we can look at that in our Okta admin console and we can do that by jumping back over to the overview here and there's this Okta link that when we click on will bring us right to the Okta admin console. So this is an SSO function of the Okta Heroku add-on. Now from here I can go to this application that was created for me automatically so two applications are created a web application and a browser application we're working with the browser application I can come over to this browser application and temporarily just for demonstration purposes I can allow the implicit flow and I'll allow both the ID token and the access token I can then save that and now back here in my application when I click on the implicit flow now this time it will work because I've set that up in my Okta org and I didn't have to re-authenticate because I'd already SSO'd in from Heroku. So generally speaking the Okta Heroku add-on is useful for any project that you want to integrate with Okta and it's super easy to do that by coming over here I'll back up to the GitHub example and if we look at this example there is an app.json file and it just specifies using the Okta add-on. So for your own projects for any of Okta's examples you can include the Okta Heroku add-on and it will be preset with all of the environment variables that you need simply by including this Heroku add-on file in your project. Now this was a very brief overview of the Okta Heroku add-on. Keep an eye out for other examples and blog posts that include links to the Heroku add-on so that you can easily create an Okta org for our examples and use the links below if you want to find out more information about OAuth and OpenID Connect and Okta's service for that. I hope you found this useful. Feel free to hit me up with any questions. You can add OktaDev on Twitter using the link below. Have a good one.