search

okta / okta-auth-js

The official js wrapper around Okta's auth API
Other
453 stars 265 forks source link

extraParams is not passed in /authorize request when initializing Okta #1537

Closed Roman-Kacharaba closed 1 month ago

Roman-Kacharaba commented 1 month ago

Describe the bug

When I'm trying to initialize Okta with extraParams: {.foo: 'bar' }, they are not visibly in /authorize call

Reproduction Steps?

When I'm trying to initialize Okta with extraParams: {.foo: 'bar' }, they are not visibly in /authorize call

const tokenParams = { clientId: oktaConfig.clientId, issuer: oktaConfig.issuer, redirectUri: ${window.location.origin}/login/callback, pkce: true,

scopes: [
  'email',
  'openid',
  'profile',
  'security-cloud',
  'feature-flag',
  'security:enterprise',
  'security:context',
  'security:scc',
],
extraParams: {
  foo: 'bar'
},
tokenUrl,
postLogoutRedirectUri: `${window.location.origin}/logout/callback`,

};

const oktaAuth = new OktaAuth(tokenParams);

I'm passing const oktaAuth = new OktaAuth(tokenParams); to Security component from @okta/okta-react library like - <Security oktaAuth={oktaAuth} restoreOriginalUri={restoreOriginalUri}> {children}

SDK Versions

Version 7.9.0

Additional Information?

No response

jaredperreault-okta commented 1 month ago

extraParams should be passed to the method you're using to send a request to /authorize, like getWithRedirect

Roman-Kacharaba commented 1 month ago

extraParams should be passed to the method you're using to send a request to /authorize, like getWithRedirect

Can we pass extraParams to config when initialiazing Okta ( like new OktaAuth(config) ) without getWithRedirect or getWithoutPrompt ?

jaredperreault-okta commented 1 month ago

That is not currently supported. Do mind elaborating on your use case?

Roman-Kacharaba commented 1 month ago

That is not currently supported. Do mind elaborating on your use case?

Is there any other way to pass extraParams except getWithoutPrompt or getWithRedirect ?

Maybe we can pass some addional field to config object to avoid calling getWithoutPrompt or getWithRedirect ?

jaredperreault-okta commented 1 month ago

That is not supported

Roman-Kacharaba commented 1 month ago

That is not currently supported. Do mind elaborating on your use case?

Can you add support for this use case ?

jaredperreault-okta commented 1 month ago

Can you elaborate on your use case? How does your app result in an /authorize call without using a method to do so?