Not able to enable PKCE within okta_idp_oidc module #1731

d02540315 · 2023-09-15T20:18:38Z

Terraform Version

terraform v1.4.6
okta provider v4.4.2

Affected Resource(s)

okta_idp_oidc

Terraform Configuration Files

How to enable PKCE in okta_idp_oidc module?

I don't find corresponding attribute in the terraform module (okta_idp_oidc) https://registry.terraform.io/providers/okta/okta/latest/docs/resources/idp_oidc

monde · 2023-09-19T15:21:53Z

Thanks @d02540315 I can see the boolean in the POST body of /api/v1/idps at protocol.credentials.client.pkce_required so this is a public attribute, see JSON body below. However, looking at our internal openapi spec I can see it's not listed on IdentityProviderCredentialsClient therefore it won't be available in out golang SDK or API docs https://developer.okta.com/docs/api/openapi/okta-management/management/tag/IdentityProvider/#tag/IdentityProvider/operation/createIdentityProvider

I'll open an internal work item on this.

{
  "type": "OIDC",
  "status": "ACTIVE",
  "features": [],
  "name": "Test",
  "protocol": {
    "endpoints": {
      "authorization": {
        "binding": "HTTP-REDIRECT",
        "url": "https://example.com/auth"
      },
      "token": {
        "binding": "HTTP-POST",
        "url": "https://example.com/token"
      },
      "userInfo": null,
      "jwks": {
        "binding": "HTTP-REDIRECT",
        "url": "https://example.com/jwks"
      }
    },
    "scopes": [
      "email",
      "openid",
      "profile"
    ],
    "settings": {
      "nameFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
    },
    "type": "SAML2",
    "algorithms": null,
    "credentials": {
      "client": {
        "pkce_required": true,
        "client_id": "abc123",
        "client_secret": "xyx123"
      }
    },
    "issuer": {
      "url": "test"
    }
  },
  "policy": {
    "accountLink": {
      "action": "DISABLED",
      "filter": null
    },
    "provisioning": {
      "action": "AUTO",
      "conditions": {
        "userOffboarding": {
          "action": "NONE"
        },
        "deprovisioned": {
          "action": "NONE"
        },
        "suspended": {
          "action": "NONE"
        }
      },
      "groups": {
        "action": "NONE"
      }
    },
    "maxClockSkew": 120000,
    "subject": {
      "userNameTemplate": {
        "template": "idpuser.email"
      },
      "matchType": "USERNAME",
      "matchAttribute": "",
      "filter": ""
    }
  },
  "_links": {
    "acs": {
      "hints": {
        "allow": []
      }
    },
    "metadata": {
      "hints": {
        "allow": []
      }
    },
    "users": {
      "hints": {
        "allow": []
      }
    },
    "authorize": {
      "hints": {
        "allow": []
      }
    },
    "clientRedirectUri": {
      "hints": {
        "allow": []
      }
    }
  }
}

monde · 2023-09-19T15:24:00Z

Okta internal reference: https://oktainc.atlassian.net/browse/OKTA-649252

monde added public-api-missing-attribute The Okta public API is missing documentation on an attribute of an otherwise public resource triaged Triaged into internal Jira labels Sep 19, 2023

monde mentioned this issue Sep 19, 2023

deprovisioned_action and suspended_action attributes not supported in OIDC IdP #1729

Open

duytiennguyen-okta mentioned this issue Jan 24, 2024

add pkce_required for okta_idp_oidc #1878

Merged

duytiennguyen-okta closed this as completed in #1878 Jan 24, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Not able to enable PKCE within okta_idp_oidc module #1731

Not able to enable PKCE within okta_idp_oidc module #1731

d02540315 commented Sep 15, 2023

monde commented Sep 19, 2023

monde commented Sep 19, 2023

Not able to enable PKCE within okta_idp_oidc module #1731

Not able to enable PKCE within okta_idp_oidc module #1731

Comments

d02540315 commented Sep 15, 2023

Terraform Version

Affected Resource(s)

Terraform Configuration Files

monde commented Sep 19, 2023

monde commented Sep 19, 2023