omniauth-okta icon indicating copy to clipboard operation
omniauth-okta copied to clipboard

Published 20 hours ago verified publisher icon omniauth

Allow to configure `authorization_server_path` - i.e. JWT `iss`

Open tegon opened this issue 3 years ago • 2 comments

Context

The omniauth-okta Gem assumes an authorization server is being used, so it appends /oauth2/default to the token issuer.

https://github.com/omniauth/omniauth-okta/blob/master/lib/omniauth/strategies/okta.rb#L89

This causes an Invalid issuer error when authorizing with our organization's Okta account. Since we don't use an authorization server, we need to only use the site as the issuer. We are getting around this issue with the following patch:

module OmniAuth
  module Strategies
    class Okta < OmniAuth::Strategies::OAuth2
      def authorization_server_path
        client_options.fetch(:site)
      end
    end
  end
end

Proposal

Add a configuration option to the strategy, allowing the full authorization server path - or JWT token issuer, if we want to be more explicit - to be inputted. By doing so, we give users of the Gem more flexibility to set any value they need.

Let me know if this sounds like a good idea so I can work on a pull request for it.

tegon avatar Jan 03 '22 18:01 tegon

Is this addressed by #31?

stevenharman avatar Nov 02 '22 15:11 stevenharman

@stevenharman Looks like it does (although I don't work on that codebase anymore to test it myself).

tegon avatar Nov 03 '22 14:11 tegon