Strategy for authenticating using Okta.
This strategy builds on-top of AshAuthentication.Strategy.Oidc and
assent, and uses Okta's OpenID Connect
discovery endpoint to retrieve token, authorization, and user info URLs.
In order to use Okta you need to provide the following minimum configuration:
client_idclient_secretredirect_uribase_url- your Okta authorization server, typicallyhttps://YOUR_OKTA_DOMAIN/oauth2/default(the built-indefaultCustom Authorization Server).
Choosing a base_url
Okta exposes two kinds of authorization servers:
- Custom Authorization Server (recommended) — issuer
https://YOUR_OKTA_DOMAIN/oauth2/{authServerId}. Every Okta org ships with one nameddefault. - Org Authorization Server — issuer
https://YOUR_OKTA_DOMAIN. Only suitable for a small number of Okta-internal use cases.
If you're not sure, use the default Custom Authorization Server.
More documentation:
- The Okta Tutorial — covers groups
claims, step-up / MFA via
acr_values, and Org vs Custom server choice in depth. - The Okta OpenID Connect Overview.
- The OIDC documentation.
Summary
Functions
Callback implementation for AshAuthentication.Strategy.Custom.transform/2.
Callback implementation for AshAuthentication.Strategy.Custom.verify/2.
Functions
Callback implementation for AshAuthentication.Strategy.Custom.transform/2.
Callback implementation for AshAuthentication.Strategy.Custom.verify/2.