Our backend server doesn't support HTTP PATCH method (only PUT). As the result we cannot properly Unassign User from SCIM app.
When I try Unassign User, Okta SCIM seems make PATCH request (not PUT).
The Okta SCIM docs says:
Okta also does a PUT if the Patch is not supported for deactivation.
So, question is how can I switch Okta SCIM app to make PUT instead PATCH?
Error message from Dashboard/Tasks tab.
The OKTA doesn't support PUT right now for deactivation. They are going to implement that feature.
Related
I need to use Apple_Sign_In option with other Google, Facebook sign in options. Even though Apple is adopted the existing open standards OAuth 2.0 and OpenID Connect (Hybrid Flow). It's difficult to get it work by simply changing the .yml configurations as described in GitHub fix for raised issue..
I have tried Customizing oauth request approach and I am stuck on reading Authorization code which is sent in body to use for token exchange and get logged user details(Apple does not support userInfoUri.)
More details can be found on github_comment
Can someone share a working code example how can we use Apple Sign In with oauth2 client ?
I'm trying to get further user details from the Slack's API.
Currently I'm authenticating users via Slack's OAuth2 that returns a code. I'm currently asking for scope=identity.basic,identity.email,identity.avatar. When I try to ask for more, like users.profile:read, the link redirects me to a crash page.
My link for signing in to my app via Slack is like this, for now:
Thanks for any help
Sign in with Slack works as a kind of sidebar form of OAuth 2.0 authorization for Slack. It's meant to be used for identity, exclusively. So whenever going through the flow and asking for an identity.* scope, you'll be restricted from combining it with others.
You can still ask for users.profile:read, but you have to do so in a separate authorization attempt where it's not among the momentarily requested scopes. It'll then be added to the user token you already hold for that user.
Hallo i am new to oAuth and i created a rest connection to Magento with that example
http://devdocs.magento.com/guides/m1x/api/rest/introduction.html
the php script is working and i can connect to magento. But i have to enter the admin credentials and after that i have to click the Authorize button.
now my "magento rest project" is triggered by a database. so i was searching the last hours how do i get the accesstoken without really clicking on the button? is there something like that for cli or is it even possible?
thank you very much for helping me to understand it.
cheers pat
It would be possible if they supported the client credential grant, or kind of possible if they supported refresh tokens. Unfortunately, they don't support either.
For the authorization code grant that you are implementing, an authorization decision is made by asking the user if they are willing to allow your client to access their data (to protect the user's privacy). This is mentioned in the Magento docs as well.
The built in Magento REST Api functionality doesn't support grant types other than authorization code grant.
I managed to use a customized oAuth2 library (https://bshaffer.github.io) (customizing the class so that it's compatible with the Zend Framework that magento is based on). It will let you choose your own grant type (in your case, Client Credential Grant).
The downside is that I had to re-create all the REST API endpoints. The upside is that it's not that hard, at least not harder than creating a custom endpoint using Magento's built in REST API functionality.
I have been able to successfully integrate Okta authorization into our application, either by using the Okata plug-in on a custom login-to-okta.html page or checking the StatusCode from the PostResponse(url As String, content As String, ByRef statusCode As HttpStatusCode) As Byte()) function provided through the StackOverflow site.
The problem I have with both of these methods is that this is only authenticating the user, it is not checking to see if the user has access to the app, and in fact, in neither of these cases are we able to pass to Okta any application specific info.
I would much prefer using the plug-in, but either method is acceptable provided we can authenticate a user’s ability to access the app that is managed in that user’s profile in Okta.
BTW, I had emailed Okta support but have not received a reply as yet.
Thanks In Advance
Basically Okta and an IDP is primarily designed to tell you who the user is via a SAML assertion. They they are getting successfully authenticated into your app and they shouldn't be, you should not permit them via the Okta application or you should implement some check at the point of authentication.
I am testing the installation of a Google Marketplace application from the developer console API.
In the corresponding API project, the following scopes are configured.
https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/userinfo.profile
I have installed the app and therefore the admin of the account has authorized the scopes. However when users in my domain log in for the first time, using the universal navigation link they get an authorization pop-up.
I am translating this from french but the pop up says something like:
This app requires your permission to
Know who you are on Google
Display your email
with 2 buttons : Accept and Cancel
I thought that the admin authorization was sufficient. What did I miss ?
Lou
The issue was mismatched scopes - the ones registered in the console did not match the scopes requested when the OAuth flow was initiated.