Closed demircis closed 1 week ago
can confirm that the issue is fixed if the correct URI is used in the htu claim.
Issue occurs here: https://github.com/okta/okta-sdk-golang/blob/v4.1.2/okta/response.go#L133
NextPage()
returns the full URI including query params, and that is passed as the path
argument, while the queryParams
argument is left as nil.
OKTA internal reference https://oktainc.atlassian.net/browse/OKTA-742331
Describe the bug?
When trying to get the next set of users, the response using the
Next
method on the response from the initial ListUsers execution gives back a 400 Bad Request status with the following message inside the "WWW-Authenticate" header:What is expected to happen?
The next batch of users should be retrieved and the correct DPoP proof JWT should be set in the SDK.
What is the actual behavior?
Call to
Next
gives back a 400 Bad Request response and the next users could not be retrieved.Reproduction Steps?
client config:
List users using the UsersAPI method, then use the response to check if there are more users with
HasNextPage()
, if true, useNext()
on the response to get more users.Additional Information?
I did some investigation and it seems like the DPoP htu claim is set to https://dev-55958234.okta.com/api/v1/users?after={someid}&limit=1 when doing
Next
, but according to the JWT spec, the htu claim should only contain the path and no query params (https://www.iana.org/assignments/jwt/jwt.xhtml), so maybe that is the issue?Golang Version
go version go1.22.0 darwin/arm64
SDK Version
v4.1.2
OS version
No response