We will need to use the applications group API to retrieve an application's groups to pass along to any service.
Description/Use Case
Application groups cannot be automatically appended to the token with Okta. We need to bypass this method that users currently use and grab the groups directly from the Okta API.
Risks/Impacts/Considerations
Any additional api call during the authn/authz process can be another point of failure.
Dev Notes
Have to add code to retrieve the okta private key secret from Azure.
Perhaps secret retrieving code can be moved into the shared project?
Base 64 encode the private key to avoid issues with length and formatting (decode after retrieving)
Use Okta SDK libraries to make the call out to groups
Wrap all external calls into coroutines to not block threads
Only call this API for applications using client credentials flow.
You can check the claims to be able to tell the difference between an application and a user
the presence (or lack of) the "organization" claim will tell you what type of user it is
jalbinson
commented
6 days ago
User Story
We will need to use the applications group API to retrieve an application's groups to pass along to any service.
Description/Use Case
Application groups cannot be automatically appended to the token with Okta. We need to bypass this method that users currently use and grab the groups directly from the Okta API.
Risks/Impacts/Considerations
Any additional api call during the authn/authz process can be another point of failure.
Dev Notes
Acceptance Criteria