Context
The omniauth-okta Gem assumes an authorization server is being used, so it appends /oauth2/default to the token issuer.
https://github.com/omniauth/omniauth-okta/blob/master/lib/omniauth/strategies/okta.rb#L89
This causes an Invalid issuer error when authorizing with our organization's Okta account. Since we don't use an authorization server, we need to only use the site as the issuer. We are getting around this issue with the following patch:
module OmniAuth
module Strategies
class Okta < OmniAuth::Strategies::OAuth2
def authorization_server_path
client_options.fetch(:site)
end
end
end
endProposal
Add a configuration option to the strategy, allowing the full authorization server path - or JWT token issuer, if we want to be more explicit - to be inputted. By doing so, we give users of the Gem more flexibility to set any value they need.
Let me know if this sounds like a good idea so I can work on a pull request for it.
Context
The
omniauth-oktaGem assumes an authorization server is being used, so it appends/oauth2/defaultto the token issuer.https://github.com/omniauth/omniauth-okta/blob/master/lib/omniauth/strategies/okta.rb#L89
This causes an
Invalid issuererror when authorizing with our organization's Okta account. Since we don't use an authorization server, we need to only use the site as the issuer. We are getting around this issue with the following patch:Proposal
Add a configuration option to the strategy, allowing the full authorization server path - or JWT token issuer, if we want to be more explicit - to be inputted. By doing so, we give users of the Gem more flexibility to set any value they need.
Let me know if this sounds like a good idea so I can work on a pull request for it.