Skip to content

Commit 4c57c64

Browse files
Kristián LeškoJared Murrell
Kristián Leško
authored and
Jared Murrell
committed
Enable OAuth authentication method for Okta
In addition to API tokens, support the auth using an OAuth 2.0 service app credentials.
1 parent effc1e4 commit 4c57c64

3 files changed

Lines changed: 36 additions & 7 deletions

File tree

.env.example.okta

Lines changed: 18 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -30,12 +30,28 @@ USER_SYNC_ATTRIBUTE=username
3030
###################
3131
## Your organizations Okta URL
3232
OKTA_ORG_URL=https://example.okta.com
33-
## The bot's access token
34-
OKTA_ACCESS_TOKEN=asdfghkjliptojkjsj00294759
3533
## The attribute which corresponds to the GitHub Username
3634
## NOTE: This cannot be an email address
3735
OKTA_USERNAME_ATTRIBUTE=github_username
3836

37+
###############################
38+
## Okta token authentication ##
39+
###############################
40+
## The bot's access token
41+
OKTA_ACCESS_TOKEN=asdfghkjliptojkjsj00294759
42+
43+
###############################
44+
## Okta OAuth authentication ##
45+
###############################
46+
## Auth method switch
47+
OKTA_AUTH_METHOD=oauth
48+
## Okta OIDC app client ID
49+
OKTA_CLIENT_ID=abcdefghijkl
50+
## Okta OIDC auth scopes
51+
OKTA_SCOPES=okta.users.read
52+
## Okta OIDC app private key (JWK format)
53+
OKTA_PRIVATE_KEY='{"kty": "RSA", ...}'
54+
3955
#########################
4056
## Additional settings ##
4157
#########################

README.md

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -168,8 +168,16 @@ AZURE_USER_IS_UPN=true
168168
### Sample `.env` for Okta
169169
```env
170170
OKTA_ORG_URL=https://example.okta.com
171-
OKTA_ACCESS_TOKEN=asdfghkjliptojkjsj00294759
172171
OKTA_USERNAME_ATTRIBUTE=github_username
172+
173+
# token login
174+
OKTA_ACCESS_TOKEN=asdfghkjliptojkjsj00294759
175+
176+
# OAuth login
177+
OKTA_AUTH_METHOD=oauth
178+
OKTA_CLIENT_ID=abcdefghijkl
179+
OKTA_SCOPES=okta.users.read
180+
OKTA_PRIVATE_KEY='{"kty": "RSA", ...}'
173181
```
174182

175183
### Sample `.env` for OneLogin

githubapp/okta.py

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -10,10 +10,15 @@
1010
class Okta:
1111
def __init__(self):
1212
self.USERNAME_ATTRIBUTE = os.environ.get("OKTA_USERNAME_ATTRIBUTE", "login")
13-
config = {
14-
"orgUrl": os.environ["OKTA_ORG_URL"],
15-
"token": os.environ["OKTA_ACCESS_TOKEN"],
16-
}
13+
auth_method = os.environ.get("OKTA_AUTH_METHOD", "token")
14+
config = {"orgUrl": os.environ["OKTA_ORG_URL"]}
15+
if auth_method == "oauth":
16+
config["authorizationMode"] = "PrivateKey"
17+
config["clientId"] = os.environ["OKTA_CLIENT_ID"]
18+
config["scopes"] = os.environ["OKTA_SCOPES"]
19+
config["privateKey"] = os.environ["OKTA_PRIVATE_KEY"]
20+
else:
21+
config["token"] = os.environ["OKTA_ACCESS_TOKEN"]
1722
self.client = OktaClient(config)
1823

1924
def get_group_members(self, group_name=None):

0 commit comments

Comments
 (0)