terraform-provider-okta icon indicating copy to clipboard operation
terraform-provider-okta copied to clipboard

Published 20 hours ago verified publisher icon okta

change for setting pkce_required to false after default value of true for browser and client apps is applied does not appear in the plan

Open cvirtucio opened this issue 1 year ago • 2 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

We discovered this in 3.45.0, although this behavior is present on 4.1.0, as well.

Affected Resource(s)

  • okta_app_oauth

Terraform Configuration Files

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key: https://keybase.io/hashicorp
resource "okta_app_oauth" "foobarbaz" {
  label                      = "foo"
  type                       = "browser"
  pkce_required = false
}

Debug Output

Panic Output

Expected Behavior

When terraform similar to this is used:

resource "okta_app_oauth" "foobarbaz" {
  label                      = "foo"
  type                       = "browser"
}

and applied, setting pkce_required to true, and we later change it to this:

resource "okta_app_oauth" "foobarbaz" {
  label                      = "foo"
  type                       = "browser"
  pkce_required = false
}

the change should show up in when we run terraform plan.

Can this be done in the Admin UI?

I don't know

Can this be done in the actual API call?

Yes

Actual Behavior

The change does not appear when we run terraform plan.

Steps to Reproduce

  1. Create an oauth app resource and apply it with HCL similar to this: 
    resource "okta_app_oauth" "foobarbaz" {
    label                      = "foo"
    type                       = "browser"
}
  2. Set pkce_required to false
  3. Run terraform plan

Important Factoids

References

  1. PR that this issue is based on
  2. PR with a suggested fix
  • #0000

cvirtucio avatar Jul 07 '23 14:07 cvirtucio

OKTA internal reference https://oktainc.atlassian.net/browse/OKTA-626967

duytiennguyen-okta avatar Jul 11 '23 15:07 duytiennguyen-okta

hi, any update on this? any chance this PR can get another set of eyes? we recently ran into this issue again while working with another customer.

cvirtucio avatar Nov 22 '23 11:11 cvirtucio