This causes an Invalid issuer error when authorizing with our organization's Okta account. Since we don't use an authorization server, we need to only use the site as the issuer. We are getting around this issue with the following patch:
module OmniAuth
module Strategies
class Okta < OmniAuth::Strategies::OAuth2
def authorization_server_path
client_options.fetch(:site)
end
end
end
end
Proposal
Add a configuration option to the strategy, allowing the full authorization server path - or JWT token issuer, if we want to be more explicit - to be inputted. By doing so, we give users of the Gem more flexibility to set any value they need.
Let me know if this sounds like a good idea so I can work on a pull request for it.
Context
The
omniauth-okta
Gem assumes an authorization server is being used, so it appends/oauth2/default
to the token issuer.https://github.com/omniauth/omniauth-okta/blob/master/lib/omniauth/strategies/okta.rb#L89
This causes an
Invalid issuer
error when authorizing with our organization's Okta account. Since we don't use an authorization server, we need to only use the site as the issuer. We are getting around this issue with the following patch:Proposal
Add a configuration option to the strategy, allowing the full authorization server path - or JWT token issuer, if we want to be more explicit - to be inputted. By doing so, we give users of the Gem more flexibility to set any value they need.
Let me know if this sounds like a good idea so I can work on a pull request for it.