appcues / ueberauth_okta

Okta strategy for Überauth
MIT License
9 stars 18 forks source link
elixir hacktoberfest okta okta-strategy ueberauth

Überauth Okta

Module Version Hex Docs Total Download License Last Updated

Okta strategy for Überauth.

Installation

Add :ueberauth_okta to your list of dependencies in mix.exs:

def deps do
  [{:ueberauth_okta, "~> 1.0"}]
end

Setup

You'll need to register a new application with Okta and get the client_id and client_secret. That setup is out of the scope of this library, but some notes to remember are:

Include the provider in your configuration for Ueberauth with any applicable configuration options (Okta and OAuth2 options are supported):

config :ueberauth, Ueberauth,
  providers: [
    okta: {Ueberauth.Strategy.Okta, [client_id: "12345"]}
  ]

Note: Provider options are evaluated at compile time by default (see Plug) so if you use runtime.exs or another mechanism to load options into the Application environment, you'll want to use the Ueberauth.Strategy.Okta.OAuth scope. See below for details

Okta Options

OAuth2 options

The default OAuth2 module for making the requests is Ueberauth.Strategy.Okta.OAuth which uses the following options:

These options can be provided with the provider settings, or under the Ueberauth.Strategy.Okta.OAuth scope:

config :ueberauth, Ueberauth.Strategy.Okta.OAuth,
  site: "https://your-doman.okta.com",
  client_id: System.get_env("OKTA_CLIENT_ID"),
  client_secret: System.get_env("OKTA_CLIENT_SECRET")

Multiple Providers (Multitenant)

To support multiple providers, scope the settings to the same provider key you used when configuring Ueberauth:

config :ueberauth, Ueberauth,
  providers: [
    okta: {Ueberauth.Strategy.Okta, []}
  ]

config :ueberauth, Ueberauth.Strategy.Okta.OAuth,
  okta: [
    site: "https://your-doman.okta.com"
    client_id: System.get_env("OKTA_CLIENT_ID"),
    client_secret: System.get_env("OKTA_CLIENT_SECRET")
  ]

Scoped OAuth settings will take precedence over the global settings

Adding Request Flow

If you haven't already, create a pipeline and setup routes for your callback handler

pipeline :auth do
  plug Ueberauth
end
scope "/auth" do
  pipe_through [:browser, :auth]
  get "/:provider/callback", AuthController, :callback
end

Create an endpoint for the callback where you will handle the Ueberauth.Auth struct

defmodule MyApp.AuthController do
  use MyApp.Web, :controller
  def callback_phase(%{ assigns: %{ ueberauth_failure: fails } } = conn, _params) do
    # do things with the failure
  end
  def callback_phase(%{ assigns: %{ ueberauth_auth: auth } } = conn, params) do
    # do things with the auth
  end
end

Copyright and License

Copyright (c) 2022 Jon Carstens

Released under the MIT License.