Closed anupbvr closed 3 years ago
Our front end application was using SPA OKTA application to generate the access token. How ever registering this as OKTA key manager was not supported. We followed below steps and made it working.
It would be good, if these information shall be furnished under documentation of "Configuring OKTA as a key manager" section. This issue can be either moved as a document improvement or shall close it.
@anupbvr yes, Subscription of an API identified from Consumer key of application if you need to provide already existing OAuth app you need to go with steps as mentioned in [1].
Description:
Custom Key Manager OKTA doesn't work when API is subscribed to application other than Default Application in DevPortal.
Steps to reproduce:
Login to admin portal using admin credentials.
Register OKTA key manager by details collected from OKTA. Ensure the steps mentioned here is followed.
Keep Token Generation, Out Of Band Provisioning, Oauth App Creation options enabled.
Login to Publisher Portal using admin credentials.
Deploy the PizzaShack API.
Go to Run time configurations, Under application security, Keep only OKTA Key manager allowed for API.
Save and Publish the API.
Login to Developer Portal using admin credentials.
Create a new Application for OKTA exactly as mentioned here https://apim.docs.wso2.com/en/latest/administer/key-managers/configure-okta-connector/.
Subscribe the PizzaShack API to the new application.
Generate the access token for a OKTA end user directly via okta API.
Make a request to pizzashack api using the generated access token.
WSO2 shows the below error,
Go to devportal and unsubscribe the PizzaShack from new application.
Subscribe the PizzaShack API to default application and save.
Make a request to pizzashack api using the earlier generated access token.
WSO2 respond with API result.
Affected Product Version:
WSO2 APIM 3.2.0
Environment details (with versions):
Optional Fields
Related Issues:
Suggested Labels:
Bug Defect Priority-High
Suggested Assignees: