You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docusaurus/docs/dev-docs/configurations/sso-providers/okta.md
+92-16Lines changed: 92 additions & 16 deletions
Original file line number
Diff line number
Diff line change
@@ -19,12 +19,18 @@ import SSOMiddlewaresConfig from '/docs/snippets/configuration-sso-middlewares.m
19
19
:::prerequisites
20
20
21
21
-[Properly configure Strapi for SSO](#required-configuration-before-setting-up-sso)
22
-
- Create your REPLACEME OAuth2 app by following the steps in the [TODO](https://TODO).
22
+
- Create your Okta OAuth2 app by following the steps in the [Okta portal](https://developer.okta.com/docs/guides/implement-oauth-for-okta/main/).
23
23
- Gather the required information to set as environment variables in your Strapi project:
24
-
- // TODO
24
+
- OKTA_CLIENT_ID
25
+
- OKTA_CLIENT_SECRET
26
+
- OKTA_DOMAIN
25
27
26
28
:::
27
29
30
+
:::warning
31
+
When setting the `OKTA_DOMAIN` environment variable, make sure to include the protocol (e.g. `https://example.okta.com`). If you do not, you will end up in a redirect loop.
32
+
:::
33
+
28
34
## Required configuration before setting up SSO
29
35
30
36
### Server Configuration
@@ -43,21 +49,31 @@ import SSOMiddlewaresConfig from '/docs/snippets/configuration-sso-middlewares.m
43
49
44
50
### Scopes
45
51
46
-
The TODO OAuth2 provider requires the following scopes, however additional scopes can be added as needed depending on your use case and the data you need returned:
52
+
The Okta OAuth2 provider requires the following scopes, however additional scopes can be added as needed depending on your use case and the data you need returned:
Data returned from the provider is dependent on how your TODO OAuth2 application is configured. The example below assumes that the TODO OAuth2 application is configured to return the user's email, first name, and last name. Fields returned by the provider can change based on the scopes requested and the user's TODO account settings.
60
+
Data returned from the provider is dependent on how your Okta OAuth2 application is configured. The example below assumes that the Okta OAuth2 application is configured to return the user's email, first name, and last name. Fields returned by the provider can change based on the scopes requested and the user's Okta account settings.
53
61
54
62
If you aren't sure what data is being returned by the provider, you can log the `profile` object in the `createStrategy` function to see what data is available as seen in the following example.
55
63
56
64
<details>
57
65
<summary>Configuration Example with Logging</summary>
58
66
59
67
```js
60
-
// TODO
68
+
(accessToken, refreshToken, profile, done) => {
69
+
// See what is returned by the provider
70
+
console.log(profile);
71
+
72
+
done(null, {
73
+
email:profile.email,
74
+
username:profile.username,
75
+
});
76
+
}
61
77
```
62
78
63
79
</details>
@@ -69,20 +85,20 @@ The redirect URL/URI will be dependent on your provider configuration however in
0 commit comments