Listing factors fails if a `signed_nonce` factor is encountered

okta / okta-sdk-python

Apache License 2.0

235 stars 142 forks source link

Listing factors fails if a `signed_nonce` factor is encountered #360

Closed SpencerLN closed 1 year ago

SpencerLN commented 1 year ago

The API docs specify that a signed_nonce is a valid type of factor, but the Python SDK is unable to return successfully if one is encountered and returns a KeyError('signed_nonce'):

    user_factors, user_factors_resp, user_factors_err = await okta_client.list_factors(
        user["_source"]["okta"]["id"]
    )

cizo2000 commented 1 year ago

I have same behavior.

wezham commented 1 year ago

I experience the same

eliavlivneh commented 1 year ago

I experience the same behavior. It seems that support for the signed_nonce factor hasn't been implemented in the Python SDK since being added to Okta - the OKTA_FACTOR_TYPE_TO_FACTOR dictionary in constants.py doesn't have the signed_nonce factor entry, and there is no corresponding model implemented under the models directory.

cizo2000 commented 1 year ago

Did someone regenerated SDK for the latest version of openapi spec? I still experience an issues with listing of factors as mentioned here in comments.

JackOfMostTrades commented 1 year ago

If it helps, I've been using the following manually-created request pattern from the SDK to work around this issue:

    # https://github.com/okta/okta-sdk-python/issues/360
    # user_factors, response, error = await client.list_factors(user.id)
    request, error = await client.get_request_executor().create_request(
        method='GET',
        url='/api/v1/users/' + user.id + '/factors',
        body={},
        headers={}
    )
    if error is not None:
        raise Exception(error)

    response, error = await client.get_request_executor().execute(request, None)
    if error is not None:
        raise Exception(error)
    user_factors = response.get_body()

    for user_factor in user_factors:
        df = dict({
            'okta_user_id': [user.id],
            'okta_user_login': [user.profile.login],
            'status': [user_factor['status']],
            'factorType': [user_factor['factorType']],
            'provider': [user_factor['provider']],
            'vendorName': [user_factor['vendorName']],
        })

cizo2000 commented 1 year ago

Yes, you can do it, but it's not proper solution if it's possible to fix openapi specs and refresh SDK to have all current types of factors covered. I am using it on 20+ servers.

alfredkzr commented 1 year ago

Same issue here with listing signed_nonce. Hope it can be fixed soon as I would prefer to use the SDK instead of workaround.

gili-linx commented 8 months ago

This is still happening in the latest version - 2.9.5. OKTA_FACTOR_TYPE_TO_FACTOR is missing the SIGNED_NONCE factor type. Can you please generate a new version of the SDK with this small fix?