Closed d02540315 closed 7 months ago
Thanks @d02540315 I can see the boolean in the POST body of /api/v1/idps
at protocol.credentials.client.pkce_required
so this is a public attribute, see JSON body below. However, looking at our internal openapi spec I can see it's not listed on IdentityProviderCredentialsClient
therefore it won't be available in out golang SDK or API docs https://developer.okta.com/docs/api/openapi/okta-management/management/tag/IdentityProvider/#tag/IdentityProvider/operation/createIdentityProvider
I'll open an internal work item on this.
{
"type": "OIDC",
"status": "ACTIVE",
"features": [],
"name": "Test",
"protocol": {
"endpoints": {
"authorization": {
"binding": "HTTP-REDIRECT",
"url": "https://example.com/auth"
},
"token": {
"binding": "HTTP-POST",
"url": "https://example.com/token"
},
"userInfo": null,
"jwks": {
"binding": "HTTP-REDIRECT",
"url": "https://example.com/jwks"
}
},
"scopes": [
"email",
"openid",
"profile"
],
"settings": {
"nameFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
},
"type": "SAML2",
"algorithms": null,
"credentials": {
"client": {
"pkce_required": true,
"client_id": "abc123",
"client_secret": "xyx123"
}
},
"issuer": {
"url": "test"
}
},
"policy": {
"accountLink": {
"action": "DISABLED",
"filter": null
},
"provisioning": {
"action": "AUTO",
"conditions": {
"userOffboarding": {
"action": "NONE"
},
"deprovisioned": {
"action": "NONE"
},
"suspended": {
"action": "NONE"
}
},
"groups": {
"action": "NONE"
}
},
"maxClockSkew": 120000,
"subject": {
"userNameTemplate": {
"template": "idpuser.email"
},
"matchType": "USERNAME",
"matchAttribute": "",
"filter": ""
}
},
"_links": {
"acs": {
"hints": {
"allow": []
}
},
"metadata": {
"hints": {
"allow": []
}
},
"users": {
"hints": {
"allow": []
}
},
"authorize": {
"hints": {
"allow": []
}
},
"clientRedirectUri": {
"hints": {
"allow": []
}
}
}
}
Okta internal reference: https://oktainc.atlassian.net/browse/OKTA-649252
Terraform Version
terraform v1.4.6 okta provider v4.4.2
Affected Resource(s)
Terraform Configuration Files
How to enable PKCE in okta_idp_oidc module?
I don't find corresponding attribute in the terraform module (okta_idp_oidc) https://registry.terraform.io/providers/okta/okta/latest/docs/resources/idp_oidc