wip: add JWT as possible AuthorizationMode
#319
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is a proof-of-concept commit to demonstrate adding the ability to specify a JWT directly rather than either an access token or private key. When a JWT is configured, the Okta `RequestExecutor` class can skip the JWT generation and go straight to exchanging the JWT for an access token, which it then appends to the request. This access token can then be cached normally, as it is in the `PrivateKey` flow.
ericnorris
added a commit
to etsy/terraform-provider-okta
that referenced
this pull request
Aug 4, 2022
This is a proof-of-concept commit to demonstrate adding the ability to specify a JWT directly rather than either an access token or private key. This depends on okta/okta-sdk-golang#319.
|
As the API supports this, the SDK should as well. We need to write some tests around this PR and as well as explanation and usage documentation in the README. |
|
This PR has been marked stale because there has been no activity within the last 28 days. To keep this PR active, remove the |
|
This is now supported in v3 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This is a proof-of-concept PR in order to start a discussion around allowing users to specify pre-signed JWTs in the SDK, with the end goal being for it to be possible to use pre-signed JWTs in the Okta Terraform provider.
I will update this description with a link to the matching PR in the Terraform provider once I have submitted it.See okta/terraform-provider-okta#1237.As a reminder for context: we'd like to explore using the Okta Terraform provider in an environment where the private key is opaque to us, that is, we have a mechanism for signing JWTs with some private key, but we don't know the actual value of the private key, and so we cannot configure the provider (nor the SDK) with the private key directly.
The change to the SDK is relatively minor; instead of always generating the JWT the code can now optionally use the
WithTokenconfiguration option as the JWT. I'm not tied to the exact implementation below, and would be open to a new configuration option, etc.Type of PR
Test Information
There are no tests for this as it is a proof-of-concept, but I would absolutely add tests in order to get this merged.
Signoff
make fmton my code