Merge pull request #2214 from okta/exitcode0_prs

@exitcode0 PRs
okta · Feb 10, 2025 · 6ed2925 · 6ed2925
2 parents 355fba1 + 5803f6e
commit 6ed2925
Show file tree

Hide file tree

Showing 5 changed files with 13 additions and 7 deletions.
diff --git a/docs/data-sources/app_oauth.md b/docs/data-sources/app_oauth.md
@@ -56,6 +56,6 @@ data "okta_app_oauth" "test" {
 - `response_types` (Set of String) List of OAuth 2.0 response type strings.
 - `status` (String) Status of application.
 - `type` (String) The type of OAuth application.
-- `wildcard_redirect` (String) Indicates if the client is allowed to use wildcard matching of redirect_uris
+- `wildcard_redirect` (String) Indicates if the client is allowed to use wildcard matching of redirect_uris. Some valid values include: "SUBDOMAIN", "DISABLED".
 
 
diff --git a/docs/resources/app_oauth.md b/docs/resources/app_oauth.md
@@ -104,10 +104,10 @@ resource "okta_app_oauth" "example" {
 - `redirect_uris` (List of String) List of URIs for use in the redirect-based flow. This is required for all application types except service. Note: see okta_app_oauth_redirect_uri for appending to this list in a decentralized way.
 - `refresh_token_leeway` (Number) *Early Access Property* Grace period for token rotation, required with grant types refresh_token
 - `refresh_token_rotation` (String) *Early Access Property* Refresh token rotation behavior, required with grant types refresh_token
-- `response_types` (Set of String) List of OAuth 2.0 response type strings.
+- `response_types` (Set of String) List of OAuth 2.0 response type strings. Valid values are any combination of: `code`, `token`, and `id_token`.
 - `status` (String) Status of application. By default, it is `ACTIVE`
 - `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts))
-- `token_endpoint_auth_method` (String) Requested authentication method for the token endpoint.
+- `token_endpoint_auth_method` (String) Requested authentication method for the token endpoint, valid values include:  'client_secret_basic', 'client_secret_post', 'client_secret_jwt', 'private_key_jwt', 'none', etc.
 - `tos_uri` (String) URI to web page providing client tos (terms of service).
 - `user_name_template` (String) Username template. Default: `${source.login}`
 - `user_name_template_push_status` (String) Push username on update. Valid values: `PUSH` and `DONT_PUSH`

diff --git a/okta/data_source_okta_app_oauth.go b/okta/data_source_okta_app_oauth.go
@@ -151,7 +151,7 @@ func dataSourceAppOauth() *schema.Resource {
 			"wildcard_redirect": {
 				Type:        schema.TypeString,
 				Computed:    true,
-				Description: "Indicates if the client is allowed to use wildcard matching of redirect_uris",
+				Description: "Indicates if the client is allowed to use wildcard matching of redirect_uris. Some valid values include: \"SUBDOMAIN\", \"DISABLED\".",
 			},
 		}),
 		Description: "Get a OIDC application from Okta.",

diff --git a/okta/data_source_okta_apps.go b/okta/data_source_okta_apps.go
@@ -152,7 +152,7 @@ func (d *AppsDataSource) Read(ctx context.Context, req datasource.ReadRequest, r
 	filterValue := strings.Join(filters, " AND ")
 
 	// Read the list of applications from Okta.
-	apiRequest := d.config.oktaSDKClientV5.ApplicationAPI.ListApplications(ctx).Filter(filterValue)
+	apiRequest := d.config.oktaSDKClientV5.ApplicationAPI.ListApplications(ctx).Filter(filterValue).Limit(int32(defaultPaginationLimit))
 	applicationList, apiResp, err := apiRequest.Execute()
 	if err != nil {
 		resp.Diagnostics.AddError("Unable to Read Okta Apps", fmt.Sprintf("Error retrieving apps: %s", err.Error()))

diff --git a/okta/resource_okta_app_oauth.go b/okta/resource_okta_app_oauth.go
@@ -10,6 +10,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/structure"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 	"github.com/okta/terraform-provider-okta/sdk"
 	"github.com/okta/terraform-provider-okta/sdk/query"
 )
@@ -182,7 +183,7 @@ other arguments that changed will be applied.`,
 				Type:        schema.TypeString,
 				Optional:    true,
 				Default:     "client_secret_basic",
-				Description: "Requested authentication method for the token endpoint.",
+				Description: "Requested authentication method for the token endpoint, valid values include:  'client_secret_basic', 'client_secret_post', 'client_secret_jwt', 'private_key_jwt', 'none', etc.",
 			},
 			// API docs say that auto_key_rotation will alwas be set true if it
 			// is missing on input therefore we can declare it's default to be
@@ -254,10 +255,15 @@ other arguments that changed will be applied.`,
 				Type: schema.TypeSet,
 				Elem: &schema.Schema{
 					Type: schema.TypeString,
+					ValidateFunc: validation.StringInSlice([]string{ // Normally we don't do input validation, but these values are unlikely to change as they are part of the OAuth 2.0 spec
+						"code",
+						"token",
+						"id_token",
+					}, false),
 				},
 				Optional:    true,
 				Computed:    true,
-				Description: "List of OAuth 2.0 response type strings.",
+				Description: "List of OAuth 2.0 response type strings. Valid values are any combination of: `code`, `token`, and `id_token`.",
 			},
 			"grant_types": {
 				Type: schema.TypeSet,