Skip to content

Commit 7d73d2c

Browse files
finish okta provider
1 parent ece61c0 commit 7d73d2c

File tree

1 file changed

+92
-16
lines changed
  • docusaurus/docs/dev-docs/configurations/sso-providers

1 file changed

+92
-16
lines changed

docusaurus/docs/dev-docs/configurations/sso-providers/okta.md

Lines changed: 92 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -19,12 +19,18 @@ import SSOMiddlewaresConfig from '/docs/snippets/configuration-sso-middlewares.m
1919
:::prerequisites
2020

2121
- [Properly configure Strapi for SSO](#required-configuration-before-setting-up-sso)
22-
- Create your REPLACEME OAuth2 app by following the steps in the [TODO](https://TODO).
22+
- Create your Okta OAuth2 app by following the steps in the [Okta portal](https://developer.okta.com/docs/guides/implement-oauth-for-okta/main/).
2323
- Gather the required information to set as environment variables in your Strapi project:
24-
- // TODO
24+
- OKTA_CLIENT_ID
25+
- OKTA_CLIENT_SECRET
26+
- OKTA_DOMAIN
2527

2628
:::
2729

30+
:::warning
31+
When setting the `OKTA_DOMAIN` environment variable, make sure to include the protocol (e.g. `https://example.okta.com`). If you do not, you will end up in a redirect loop.
32+
:::
33+
2834
## Required configuration before setting up SSO
2935

3036
### Server Configuration
@@ -43,21 +49,31 @@ import SSOMiddlewaresConfig from '/docs/snippets/configuration-sso-middlewares.m
4349

4450
### Scopes
4551

46-
The TODO OAuth2 provider requires the following scopes, however additional scopes can be added as needed depending on your use case and the data you need returned:
52+
The Okta OAuth2 provider requires the following scopes, however additional scopes can be added as needed depending on your use case and the data you need returned:
4753

48-
- TODO
54+
- [`openid`](https://developer.okta.com/docs/api/oauth2/)
55+
- [`profile`](https://developer.okta.com/docs/api/oauth2/)
56+
- [`email`](https://developer.okta.com/docs/api/oauth2/)
4957

5058
### Profile Data
5159

52-
Data returned from the provider is dependent on how your TODO OAuth2 application is configured. The example below assumes that the TODO OAuth2 application is configured to return the user's email, first name, and last name. Fields returned by the provider can change based on the scopes requested and the user's TODO account settings.
60+
Data returned from the provider is dependent on how your Okta OAuth2 application is configured. The example below assumes that the Okta OAuth2 application is configured to return the user's email, first name, and last name. Fields returned by the provider can change based on the scopes requested and the user's Okta account settings.
5361

5462
If you aren't sure what data is being returned by the provider, you can log the `profile` object in the `createStrategy` function to see what data is available as seen in the following example.
5563

5664
<details>
5765
<summary>Configuration Example with Logging</summary>
5866

5967
```js
60-
// TODO
68+
(accessToken, refreshToken, profile, done) => {
69+
// See what is returned by the provider
70+
console.log(profile);
71+
72+
done(null, {
73+
email: profile.email,
74+
username: profile.username,
75+
});
76+
}
6177
```
6278

6379
</details>
@@ -69,20 +85,20 @@ The redirect URL/URI will be dependent on your provider configuration however in
6985
```js
7086
callbackURL:
7187
env('PUBLIC_URL', "https://api.example.com") +
72-
strapi.admin.services.passport.getStrategyCallbackURL("TODO"),
88+
strapi.admin.services.passport.getStrategyCallbackURL("okta"),
7389
```
7490

75-
In this example the redirect URL/URI used by the provider will be `https://api.example.com/admin/connect/TODO`.
91+
In this example the redirect URL/URI used by the provider will be `https://api.example.com/admin/connect/okta`.
7692

7793
This is broken down as follows:
7894

7995
- `https://api.example.com` is the public URL of your Strapi application
8096
- `/admin/connect` is the general path for SSO callbacks in Strapi
81-
- `/TODO` is the specific provider UID for TODO
97+
- `/okta` is the specific provider UID for Okta
8298

8399
## Strapi Configuration
84100

85-
Using: // TODO
101+
Using: [passport-okta-oauth20](https://github.com/antoinejaussoin/passport-okta-oauth20/#readme)
86102

87103
### Install the Provider Package
88104

@@ -91,15 +107,15 @@ Using: // TODO
91107
<TabItem value="yarn" label="yarn">
92108

93109
```sh
94-
// TODO
110+
yarn add passport-okta-oauth20
95111
```
96112

97113
</TabItem>
98114

99115
<TabItem value="npm" label="npm">
100116

101117
```sh
102-
// TODO
118+
npm install --save passport-okta-oauth20
103119
```
104120

105121
</TabItem>
@@ -113,17 +129,77 @@ Using: // TODO
113129
<TabItem value="javascript" label="JavaScript">
114130

115131
```js title="./config/admin.js"
116-
117-
// TODO
132+
const OktaOAuth2Strategy = require("passport-okta-oauth20").Strategy;
133+
134+
module.exports = ({ env }) => ({
135+
auth: {
136+
// ...
137+
providers: [
138+
{
139+
uid: "okta",
140+
displayName: "Okta",
141+
icon: "https://www.okta.com/sites/default/files/Okta_Logo_BrightBlue_Medium-thumbnail.png",
142+
createStrategy: (strapi) =>
143+
new OktaOAuth2Strategy(
144+
{
145+
clientID: env("OKTA_CLIENT_ID"),
146+
clientSecret: env("OKTA_CLIENT_SECRET"),
147+
audience: env("OKTA_DOMAIN"),
148+
scope: ["openid", "email", "profile"],
149+
callbackURL:
150+
env('PUBLIC_URL') +
151+
strapi.admin.services.passport.getStrategyCallbackURL("okta"),
152+
},
153+
(accessToken, refreshToken, profile, done) => {
154+
done(null, {
155+
email: profile.email,
156+
username: profile.username,
157+
});
158+
}
159+
),
160+
},
161+
],
162+
},
163+
});
118164
```
119165

120166
</TabItem>
121167

122168
<TabItem value="typescript" label="TypeScript">
123169

124170
```ts title="./config/admin.ts"
125-
126-
// TODO
171+
import { Strategy as OktaOAuth2Strategy } from "passport-okta-oauth20";
172+
173+
export default ({ env }) => ({
174+
auth: {
175+
// ...
176+
providers: [
177+
{
178+
uid: "okta",
179+
displayName: "Okta",
180+
icon: "https://www.okta.com/sites/default/files/Okta_Logo_BrightBlue_Medium-thumbnail.png",
181+
createStrategy: (strapi) =>
182+
new OktaOAuth2Strategy(
183+
{
184+
clientID: env("OKTA_CLIENT_ID"),
185+
clientSecret: env("OKTA_CLIENT_SECRET"),
186+
audience: env("OKTA_DOMAIN"),
187+
scope: ["openid", "email", "profile"],
188+
callbackURL:
189+
env('PUBLIC_URL') +
190+
strapi.admin.services.passport.getStrategyCallbackURL("okta"),
191+
},
192+
(accessToken, refreshToken, profile, done) => {
193+
done(null, {
194+
email: profile.email,
195+
username: profile.username,
196+
});
197+
}
198+
),
199+
},
200+
],
201+
},
202+
});
127203
```
128204

129205
</TabItem>

0 commit comments

Comments
 (0)