Skip to content

Commit

Permalink
Setting scopes
Browse files Browse the repository at this point in the history
  • Loading branch information
@mchavez
mchavez committed Apr 10, 2024
1 parent a05d1d4 commit 1d9a821
Show file tree
Hide file tree
Showing 3 changed files with 34 additions and 2 deletions.
2 changes: 2 additions & 0 deletions cmd/baton-okta/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ type config struct {
ApiToken string `mapstructure:"api-token"`
OktaClientId string `mapstructure:"okta-client-id"`
OktaPrivateKey string `mapstructure:"okta-private-key"`
OktaPrivateKeyId string `mapstructure:"okta-private-key-id"`
SyncInactiveApps bool `mapstructure:"sync-inactive-apps"`
}

Expand All @@ -37,6 +38,7 @@ func cmdFlags(cmd *cobra.Command) {
cmd.PersistentFlags().String("domain", "", "The URL for the Okta organization. ($BATON_DOMAIN)")
cmd.PersistentFlags().String("okta-client-id", "", "The Okta Client ID. ($BATON_OKTA_CLIENT_ID)")
cmd.PersistentFlags().String("okta-private-key", "", "The Okta Private Key. ($BATON_OKTA_PRIVATE_KEY)")
cmd.PersistentFlags().String("okta-private-key-id", "", "The Okta Private Key ID. ($BATON_OKTA_PRIVATE_KEY_ID)")
cmd.PersistentFlags().String("api-token", "", "The API token for the service account. ($BATON_API_TOKEN)")
cmd.PersistentFlags().Bool("sync-inactive-apps", true, "Whether to sync inactive apps or not. ($BATON_SYNC_INACTIVE_APPS)")
}
1 change: 1 addition & 0 deletions cmd/baton-okta/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ func getConnector(ctx context.Context, cfg *config) (types.ConnectorServer, erro
"SyncInactiveApps": cfg.SyncInactiveApps,
"OktaClientId": cfg.OktaClientId,
"OktaPrivateKey": cfg.OktaPrivateKey,
"OktaPrivateKeyId": cfg.OktaPrivateKeyId,
}
cb, err := connector.New(ctx, config)
if err != nil {
Expand Down
33 changes: 31 additions & 2 deletions pkg/connector/connector.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,22 @@ func (c *Okta) Asset(ctx context.Context, asset *v2.AssetRef) (string, io.ReadCl

func New(ctx context.Context, config map[string]any) (*Okta, error) {
var oktaClient *okta.Client
provisioningEnabled := false
// default scopes with no provisioning flag
scopes := []string{
"okta.users.read",
"okta.orgs.read",
"okta.groups.read",
"okta.roles.read",
"okta.profileMappings.read",
"okta.policies.read",
"okta.myAccount.profile.read",
"okta.myAccount.email.read",
"okta.apps.read",
"okta.appGrants.read",
"okta.apiTokens.read",
"okta.roles.read",
}
client, err := uhttp.NewClient(ctx, uhttp.WithLogger(true, nil))
if err != nil {
return nil, err
Expand All @@ -151,13 +167,26 @@ func New(ctx context.Context, config map[string]any) (*Okta, error) {

oktaPrivateKey, _ := config["OktaPrivateKey"].(string)
oktaClientId, _ := config["OktaClientId"].(string)
oktaPrivateKeyId, _ := config["OktaPrivateKeyId"].(string)
if oktaClientId != "" && oktaPrivateKey != "" && domain != "" {
if provisioningEnabled {
provisioningScopes := []string{
"okta.groups.manage",
"okta.roles.manage",
"okta.policies.manage",
"okta.apps.manage",
"okta.appGrants.manage",
"okta.apiTokens.manage",
}
scopes = append(scopes, provisioningScopes...)
}

_, oktaClient, err = okta.NewClient(ctx,
okta.WithOrgUrl(fmt.Sprintf("https://%s", domain)),
okta.WithAuthorizationMode("PrivateKey"),
okta.WithClientId(oktaClientId),
okta.WithScopes(([]string{"okta.myAccount.manage"})),
okta.WithPrivateKey(""),
okta.WithScopes(scopes),
okta.WithPrivateKey(oktaPrivateKeyId),
okta.WithPrivateKeyId(oktaPrivateKey),
)
if err != nil {
Expand Down

0 comments on commit 1d9a821

Please sign in to comment.