terraform-provider-okta icon indicating copy to clipboard operation
terraform-provider-okta copied to clipboard

Published 20 hours ago verified publisher icon okta

Add "optional" option for resource "okta_auth_server_scope"

Open clementbaroudilyvoc opened this issue 1 year ago • 4 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

In Okta the scope object has a "optional" property which is not available in the auth_server_scope resource: https://developer.okta.com/docs/reference/api/authorization-servers/#scope-object As such it is not possible to set a scope to optional from Okta with terraform

New or Affected Resource(s)

  • okta_auth_server_scope

Potential Terraform Configuration

resource "okta_auth_server_scope" "example" {
  auth_server_id   = "<auth server id>"
  metadata_publish = "NO_CLIENTS"
  name             = "example"
  consent          = "FLEXIBLE"
  optional         = true <== ALLOW THIS
}

Thank you

clementbaroudilyvoc avatar Aug 03 '23 08:08 clementbaroudilyvoc

OKTA internal reference https://oktainc.atlassian.net/browse/OKTA-636381

duytiennguyen-okta avatar Aug 08 '23 15:08 duytiennguyen-okta

It appears as part of this fix the FLEXIBLE consent no longer works as posted in the initial issue. With the latest provider we now get Error: failed to get auth server scope: FLEXIBLE is not a valid OAuth2ScopeConsentType. This was working before changes in https://github.com/okta/terraform-provider-okta/commit/c55f4286ca19456b40f481033b78c15fb551174d

The changes use https://github.com/okta/okta-sdk-golang/blob/3.0.14/okta/model_o_auth2_scope_consent_type.go#L43 which does not conform to docs https://developer.okta.com/docs/reference/api/authorization-servers/#scope-object that show that FLEXIBLE is an option. Although it adds ADMIN that isn't defined in the api docs.

Let me know if I should submit a new issue with this or if you can resolve this as part of this issue.

dmsolutionsmn avatar Sep 13 '23 16:09 dmsolutionsmn

Close with #1680

duytiennguyen-okta avatar Sep 25 '23 14:09 duytiennguyen-okta

Opening this back up to cover

  • https://github.com/okta/okta-management-openapi-spec/pull/179
  • https://github.com/okta/okta-sdk-golang/issues/414 cc @russellsanborn

monde avatar Nov 15 '23 20:11 monde