Error when trying to create a okta_app_oauth resource (error finding default ACCESS_POLICY)

fatbasstard commented 1 year ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform 1.4.6
OktaProvier 4.0.0

Affected Resource(s)

okta_app_oauth

Terraform Configuration Files

Bit dynamic (handled by a custom module): https://github.com/schubergphilis/terraform-aws-mcaf-cloudfront/blob/master/auth.tf#L53

resource "okta_app_oauth" "default" {
  count                      = var.authentication ? 1 : 0
  label                      = var.okta_app_name
  status                     = "ACTIVE"
  type                       = var.okta_spa ? "browser" : "web"
  consent_method             = var.okta_spa ? "REQUIRED" : "TRUSTED"
  grant_types                = ["authorization_code", "implicit"]
  hide_ios                   = var.hide_ios
  hide_web                   = var.hide_web
  login_uri                  = local.login_uri
  login_mode                 = "SPEC"
  logo                       = var.application_logo
  pkce_required              = var.okta_spa ? true : false
  redirect_uris              = concat([local.redirect_uri], coalesce(var.additional_redirect_uris, []))
  response_types             = ["token", "id_token", "code"]
  token_endpoint_auth_method = var.okta_spa ? "none" : "client_secret_jwt"
}

Debug Output

https://gist.github.com/fatbasstard/37aabf8a6c983a1af0207d3febdb1262

Panic Output

Expected Behavior

Create the app without error
Error not occurring on existing applications

Can this be done in the Admin UI?

NO

Can this be done in the actual API call?

I don't know

Actual Behavior

Error: failed to set authentication policy for an OAuth application: error finding default ACCESS_POLICY the API returned an error: The request was not valid: Invalid policy type specified.

Steps to Reproduce

Create new app

terraform apply

Important Factoids

References

#1204
#1311

monde commented 1 year ago

Thanks @fatbasstard , @duytiennguyen-okta says he is familiar with what is causing this bug.

Okta internal reference: https://oktainc.atlassian.net/browse/OKTA-611103

mcrobbj commented 1 year ago

I have the same problem using a script that works with previous versions. I went back to 3.46.0 and it works fine.

d02540315 commented 1 year ago

I have same issue by upgrading to okta tf provider v4.0.0. Apparently, okta_app_oauth from tf provider v4.0.0 would not work with Okta Classic Org (we are still with Classic :-( ). Not sure if Okta would fix it or call it out in the tf documentation. I had to rollback to tf provider v3.46.0 and it worked.

duytiennguyen-okta commented 1 year ago

This is fixed in the release 4.0.1 from #1559

okta / terraform-provider-okta