Terraform resource "okta_inline_hook" with type "com.okta.saml.tokens" does not support OAuth 2.0 authentication even if API and Admin UI does #2190
Comments
|
Opened this on behalf of a customer |
|
@deepaunni2006 can you get the error output from the TF provider, it will help deduce the issue if I'm not able to reproduce this given the sparse background given in the issue. Thanks |
monde
added
triaged
|
I was trying to get this addressed in the https://github.com/okta/terraform-provider-okta/releases/tag/v4.14.0 release. But the issue is complicated by a few factors and I have work planned to address another aspect of the inline hook in my upcoming sprint. Sharing my notes for now. This resource has existed in the project since 2019 and the project started in 2018. There is sparse public documentation at Okta about the The API contract for {
"channel": {
"config": {
"authScheme": {
"key": "Authorization",
"type": "HEADER",
"value": "123"
},
"method": "POST",
"uri": "https://example.com/test"
},
"type": "HTTP",
"version": "1.0.0"
},
"name": "testAcc_4742334166877256077",
"status": "ACTIVE",
"type": "com.okta.oauth2.tokens.transform",
"version": "1.0.1"
}And the {
"channel": {
"config": {
"authScheme": {
"key": "Authorization",
"type": "HEADER",
"value": "secret"
},
"method": "POST",
"uri": "https://example.com/test"
},
"type": "HTTP",
"version": "1.0.0"
},
"name": "testAcc_4742334166877256077_twilio",
"status": "ACTIVE",
"type": "com.okta.telephony.provider",
"version": "1.0.0"
}
The implementation of the resource "okta_inline_hook" "test" {
name = "testAcc_replace_with_uuid"
version = "1.0.1"
type = "com.okta.oauth2.tokens.transform"
channel = {
type = "HTTP"
version = "1.0.0"
uri = "https://example.com/test"
method = "POST"
}
auth = {
key = "Authorization"
type = "HEADER"
value = "123"
}
}This becomes an issue when we look at the {
"status": "ACTIVE",
"version": "1.0.0",
"type": "com.okta.saml.tokens.transform",
"name": "Test Name",
"channel": {
"type": "OAUTH",
"version": "1.0.0",
"config": {
"headers": [],
"method": "POST",
"authType": "client_secret_post",
"uri": "https://example.com/hook",
"clientId": "ClientID",
"clientSecret": "ClientSecret",
"tokenUrl": "https://example.com/token",
"scope": "okta.users.read"
}
}
}I was able to get the contract example for Also, implementation is strict in that it assumes the value of auth is regular string and not a JSON string. Two things need to be addressed: Support for When this work is done I think this is what would be supported for the use cased described in the issue: resource "okta_inline_hook" "saml_hooks" {
for_each = toset(var.app1_tenants)
name = "saml-${each.key}-app1-hook"
type = "com.okta.saml.tokens.transform"
version = "1.0.2"
status = "ACTIVE"
channel_json = <<JSON
{
"type": "OAUTH",
"version": "1.0.0",
"config": {
"method": "POST",
"authType": "client_secret_post",
"uri": "$${var.hook_service_url}",
"clientId": "$${var.hook_client_id}",
"clientSecret": "$${var.hook_secret}",
"tokenUrl": "$${var.hook_token_url}",
"scope": "api"
}
}
JSON
} |
Description:
Community Note
Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment
Terraform Version
every version
Affected Resource(s)
Terraform Configuration Files
Debug Output
Panic Output
Expected Behavior
Can this be done in the Admin UI?
Can this be done in the actual API call?
Actual Behavior
Steps to Reproduce
TF_LOG=DEBUG terraform apply -auto-approve okta_plan.tfplanImportant Factoids
References
The text was updated successfully, but these errors were encountered: