-
Notifications
You must be signed in to change notification settings - Fork 1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
50 changed files
with
2,942 additions
and
272 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
# Okta | ||
|
||
The following CLI command will install required packages and generate boilerplate code and files for Redwood Projects: | ||
|
||
```bash | ||
yarn rw setup auth okta | ||
``` | ||
|
||
Update your .env file with the following setting which can be found on your Okta project's dashboard. | ||
|
||
- `OKTA_ISSUER` The URL for your Okta organization or an Okta authentication server. | ||
- `OKTA_CLIENT_ID` Client Id pre-registered with Okta for the OIDC authentication flow. | ||
- `OKTA_REDIRECT_URI` The URL that is redirected to when using token.getWithRedirect. This must be listed in your Okta application's Login redirect URIs. | ||
- `OKTA_AUDIENCE` The audience of the Okta jwt token | ||
- `OKTA_DOMAIN` The domain for your Okta authentication server. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
export const okta = async ( | ||
token: string | ||
): Promise<null | Record<string, unknown>> => { | ||
const { OKTA_DOMAIN, OKTA_AUDIENCE } = process.env | ||
|
||
if (!OKTA_AUDIENCE || !OKTA_DOMAIN) { | ||
throw new Error('`OKTA_DOMAIN` or `OKTA_AUDIENCE` env vars are not set.') | ||
} | ||
|
||
const OktaJwtVerifier = require('@okta/jwt-verifier') | ||
|
||
const client = new OktaJwtVerifier({ | ||
issuer: `https://${OKTA_DOMAIN}/oauth2/default`, | ||
}) | ||
|
||
return new Promise((resolve) => { | ||
client | ||
.verifyAccessToken(token, OKTA_AUDIENCE) | ||
.then((res: any) => { | ||
resolve(res.claims as Record<string, unknown>) | ||
}) | ||
.catch((err: any) => console.warn('Token failed validation: ' + err)) | ||
}) | ||
} |
Oops, something went wrong.