Skip to content
This repository has been archived by the owner on Jan 24, 2019. It is now read-only.

providers: add okta #406

Closed
wants to merge 1 commit into from
Closed

providers: add okta #406

wants to merge 1 commit into from

Conversation

abraithwaite
Copy link
Contributor

No description provided.

abraithwaite
abraithwaite commented Jun 21, 2017
View reviewed changes
oauthproxy.go Outdated
p.OAuthStart(rw, req)
} else {
p.SignInPage(rw, req, 200)
}
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is what #284 is referring to.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be better for this to be in a separate PR, not mixed in with this one.

@abraithwaite
Copy link
Contributor Author

Could still use some tests. Lemme know if you have any specific rules about contributing and I'm happy to comply.

@Fodoj
Copy link

Fodoj commented Jul 17, 2017

This is very much needed!

@statik
Copy link

statik commented Jul 23, 2017

See issue #428

@asms
Copy link

asms commented Aug 30, 2017
edited
Loading

@abraithwaite Validation does not work. Specifically request to /oauth2/v1/userinfo returns a 400 Bad Request. The reason is that the access_token is passed as a GET argument (i.e. /oauth2/v1/userinfo?access_token=...) rather than using the Authorization: Bearer ... header. At a glance, it seems like ValidateSessionState needs to be implemented. See the facebook provider for an example:

oauth2_proxy/providers/facebook.go

Lines 78 to 80 in a9c55bd

func (p *FacebookProvider) ValidateSessionState(s *SessionState) bool {
return validateToken(p, s.AccessToken, getFacebookHeader(s.AccessToken))
} 

2017/08/30 13:44:30 internal_util.go:67: 400 GET https://[REDACTED].okta.com/oauth2/v1/userinfo?access_token=[REDACTED]... {}

@abraithwaite
Copy link
Contributor Author

Thanks. I'll try and look at it when I have time, otherwise if someone else beats me to it please close this PR!

@rothgar
Copy link

rothgar commented Jan 5, 2018

Commenting here to show support for this and follow updates

@jehiah jehiah added this to the v2.4 milestone Jan 5, 2018
@rothgar
Copy link

rothgar commented Jan 6, 2018

I got this built but having trouble setting up the okta side of the application for testing. I think I'm not setting up my login redirect URI properly but if someone has an example it'd be helpful.
My requests are redirecting properly but I'm getting this on Okta
image

I see the request redirect to GET - "/oauth2/start?rd=%2F" HTTP/1.0 but I still receive a 400 from okta.

@reedloden reedloden mentioned this pull request Jan 19, 2018
Open
@reedloden
Copy link
Contributor

Since I can't edit this PR directly, opened #528.

@abraithwaite
Copy link
Contributor Author

Neat! Been waiting to close this. Thanks!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@ploxiln ploxiln ploxiln left review comments

Assignees
No one assigned
Labels
new-provider
Milestone
v2.4
Development

Successfully merging this pull request may close these issues.
9 participants
@abraithwaite @Fodoj @statik @asms @rothgar @reedloden @ploxiln @jehiah @tpherndon