okta / okta-cli Goto Github PK
View Code? Open in Web Editor NEWOkta CLI [Beta] tools to help bootstrap new Okta organizations, and applications.
License: Apache License 2.0
Okta CLI [Beta] tools to help bootstrap new Okta organizations, and applications.
License: Apache License 2.0
It'd be cool if refresh tokens are added by default to created apps. Especially since we're trying to fix refresh tokens in JHipster. As a follow on, we could add the offline_scope
to all sample apps.
I'm not sure what the current behavior is exactly, but from other discussions it appears that the CLI uses the term org URL
to refer to an org's Okta domain
.
All of our touchpoints should use standard terminology: https://oktawiki.atlassian.net/wiki/spaces/UX/pages/470681125/
✅ Standard: "Okta domain".
https://{yourOktaDomain}
.com
, .eu
, etc). An Okta domain is a fully-qualified domain name.https
). Protocols are part of specific URLs, but are separate from the domain.dev-123456.oktapreview.com
, company.okta.com
, id.example.org
, etc.✅ Native apps: "scheme".
{scheme}:/+expo-auth-session
com.oktapreview.dev-123456
, com.okta.company
, org.example.id
, etc.ℹ️ Related: "organization".
❌ Avoid: "subdomain", "tenant", "org URL", "Okta URL", "org domain".
Publish to Maven Central so I can show it off!
Curious if you're interested at adding those 2 features
Kind of similar to create real app, it'd be nice to allow create sample apps.
e.g.
okta create-sample --app_id=xxxxx
> 1: React
> 2: Angular
> 3: Vue
The option varies depends what kind of application (dictated by the app_id
)
What it does is
gitHub.com/okta/samples-*
to a specific folder, e.g. ~/okta-samples
--start
cause I'm not sure if we can just start native sample from cli.)login
command?okta apps config
with the --verbose
option?The JHipster option with Okta CLI expects you to be using Spring Boot. That won't always be the case since there's also Node.js, Quarkus, .NET, and Micronaut versions of JHipster. Ideally, our Okta CLI is smart enough to detect the framework used and override the appropriate environment variables. In this case, you could look for generator-jhipster-micronaut
in the dependencies.
When I tried okta apps create
on this repo and selected JHipster, it writes the following to .okta.env
:
export SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_CLIENT_SECRET="ZZZ"
export SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OIDC_ISSUER_URI="https://dev-896939.okta.com/oauth2/default"
export SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_CLIENT_ID="XXX"
Ideally, for Micronaut, it'd write:
MICRONAUT_SECURITY_OAUTH2_CLIENTS_OIDC_OPENID_ISSUER
MICRONAUT_SECURITY_OAUTH2_CLIENTS_OIDC_CLIENT_ID
MICRONAUT_SECURITY_OAUTH2_CLIENTS_OIDC_CLIENT_SECRET
And correctly formatted.
i.e. if the server responds with an error message that says the client is out of date, it likely also includes a long string with URLs, that needs to be readable
Building a Native Image is a time consuming operation. The current setup has it active in the main lifecycle which means native executables are generated every single time mvn package
or mvn verify
are issued. It would be better to move native image configuration to its own profile.
WARNING: This move likely affects release configuration.
Error: SHA256 mismatch
Expected: 2d5368a3f17ddd95146a5b691775ad0f233d230dbcfe938fbae5e2a33a3b6b22
Actual: 64f29e4c137c7dab93f3311f31040fc456ec96ea5567b943c93282da0fccac21
Tried removing the temp download file and brew untap oktadeveloper/tap and brew reinstall okta.
No luck with any of them
The JHipster Quarkus blueprint has now an Okta support.
https://github.com/jhipster/generator-jhipster-quarkus/releases/tag/v0.2.0
It would be great to propose the same level of integration as Spring Jhipster
OS: Linux 5.4.0-77-generic #86~18.04.1-Ubuntu
In the "install" function at line 73:
# check if okta is on the path
LOCATION=$(command -v okta)
This fails (and the script exits) because the script has set exit on error at line 18:
set -e
To fix this, just do this around setting the "LOCATION" var:
set +e
# check if okta is on the path
LOCATION=$(command -v okta)
set -e
or use "try" as done in the previous code block.
First name/Last name validation is missing for command command register
Is it a good idea to add some validation for First and Last name during registration?
It was possible for me to create user first/last name using two or more words and special characters.
We use the OIDC debugger in a lot of tutorials and often enable implicit flow to make things faster.
What if we could get an access token from the CLI?!
okta token --app=XXX
Equally as good: generate one from the dashboard.
register command line param should collect name, email and password
I am running OpenJDK 11 on Mac OS 10.15.7. When I run okta start
and select any number to download it fails with a PKIX error. I would really like to use the tool, but I can't get off first base. What URL is it trying to access?
com.okta.commons.http.HttpException: Unable to execute HTTP request: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.okta.commons.http.httpclient.HttpClientRequestExecutor.executeRequest(HttpClientRequestExecutor.java:191)
at com.okta.commons.http.RetryRequestExecutor.doExecuteRequest(RetryRequestExecutor.java:147)
at com.okta.commons.http.RetryRequestExecutor.executeRequest(RetryRequestExecutor.java:120)
at com.okta.sdk.impl.ds.DefaultDataStore.execute(DefaultDataStore.java:443)
at com.okta.sdk.impl.ds.DefaultDataStore.lambda$getResourceData$1(DefaultDataStore.java:196)
at com.okta.sdk.impl.ds.DefaultFilterChain.filter(DefaultFilterChain.java:47)
at com.okta.sdk.impl.ds.cache.WriteCacheFilter.filter(WriteCacheFilter.java:34)
at com.okta.sdk.impl.ds.DefaultFilterChain.filter(DefaultFilterChain.java:52)
at com.okta.sdk.impl.ds.cache.ReadCacheFilter.filter(ReadCacheFilter.java:42)
at com.okta.sdk.impl.ds.DefaultFilterChain.filter(DefaultFilterChain.java:52)
at com.okta.sdk.impl.ds.DefaultDataStore.getResourceData(DefaultDataStore.java:208)
at com.okta.sdk.impl.ds.DefaultDataStore.getResource(DefaultDataStore.java:177)
at com.okta.sdk.impl.ds.DefaultRequestBuilder.get(DefaultRequestBuilder.java:90)
at com.okta.cli.common.service.DefaultAuthorizationServerService.authorizationServersMap(DefaultAuthorizationServerService.java:33)
at com.okta.cli.commands.apps.CommonAppsPrompts.getIssuer(CommonAppsPrompts.java:36)
at com.okta.cli.commands.Start.runCommand(Start.java:122)
at com.okta.cli.commands.BaseCommand.call(BaseCommand.java:41)
at com.okta.cli.commands.BaseCommand.call(BaseCommand.java:26)
at picocli.CommandLine.executeUserObject(CommandLine.java:1783)
at picocli.CommandLine.access$900(CommandLine.java:145)
at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2150)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2144)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2108)
at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:1975)
at picocli.CommandLine.execute(CommandLine.java:1904)
at com.okta.cli.OktaCli.run(OktaCli.java:64)
at com.okta.cli.OktaCli.main(OktaCli.java:54)
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alert.createSSLException(Alert.java:131)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:349)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:292)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:287)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369)
at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421)
at sun.security.ssl.TransportContext.dispatch(TransportContext.java:182)
at sun.security.ssl.SSLTransport.decode(SSLTransport.java:171)
at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1409)
at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1315)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:440)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:411)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:436)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
at com.okta.commons.http.httpclient.HttpClientRequestExecutor.executeRequest(HttpClientRequestExecutor.java:186)
... 26 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
at sun.security.validator.Validator.validate(Validator.java:264)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:222)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638)
... 51 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
... 57 more
OktaDev Schematics supports quite a few frameworks if apps are created with said framework's CLI.
It even detects if the app is using TypeScript and configures accordingly. I think it'd be cool if the Okta CLI could take advantage of Schematics and use them to configure an app like it does for Spring Boot.
The CLI would likely need to run a few commands:
npm install -g @angular-devkit/schematics-cli
npm i -D @oktadev/schematics
schematics @oktadev/schematics:add-auth --issuer=$issuer --clientId=$clientId
You could also leverage npx
, but you'll still need to install @oktadev/schematics first.
npm i -D @oktadev/schematics
npx @angular-devkit/schematics-cli @oktadev/schematics:add-auth --issuer=$issuer --clientId=$clientId
Ideally, the CLI would detect Angular and use port 4200, React on 3000, and Vue on 8080.
If an inactive Okta Application already exists and the Okta CLI creates an app with the same name (by default the directory name).
okta start
(and likely okta apps create
) will generate a configuration for the deactivated app.
Running the app, and attempting to login (via an OAuth redirect) will result in Okta showing a 400
error with no indication of what happened (on purpose, to prevent leaking data).
The solution may be to either warn the user. Possibly writing the config but then exiting with a non-zero exit status (or both).
> okta login
Okta Org already configured: https://dev-xxxxxx.okta.com
And I don't see a logout command.
When I created a spring-boot app with command okta start
, I see message:
Run this application with:
./mvnw spring-boot:run
But command for windows to run looks like:
mvnw spring-boot:run
Do we need to change that message?
I love how the Heroku CLI allows you to use heroku config:get
to read a value, heroku config:set
to set a value, and heroku config:edit
if you want to edit all values. It'd be really sweet if we could update all the settings of an OIDC app (particularly redirect URIs) from the CLI.
The objective is to provide a first class support for Quarkus application.
I thought I had to type some form of "Yes". It took me a while to realize it was 1 or 2. 😅
okta register
An existing Okta Organization (https://dev-896939.okta.com) was found in /Users/mraible/.okta/okta.yaml
Overwrite configuration file?
> 1: Yes
> 2: No
Enter your choice [Yes]: y
Invalid choice, try again
Overwrite configuration file?
> 1: Yes
> 2: No
Enter your choice [Yes]: Yes
Invalid choice, try again
Overwrite configuration file?
> 1: Yes
> 2: No
Enter your choice [Yes]: yes
Invalid choice, try again
Overwrite configuration file?
> 1: Yes
> 2: No
Enter your choice [Yes]: Y
Invalid choice, try again
Overwrite configuration file?
Related: If I use [URL1,URL2]
for redirect URIs, it fails.
➜ ionic-social git:(master) okta apps create
Application name [ionic-social]: Ionic Social
Type of Application
(The Okta CLI only supports a subset of application types and properties):
> 1: Web
> 2: Single Page App
> 3: Native App (mobile)
> 4: Service (Machine-to-Machine)
Enter your choice [Web]: 3
Redirect URI
Common defaults:
Reverse Domain name - com.example:/callback
Enter your Redirect URI [com.okta.dev-317297:/callback]: [com.okta.dev-317297:/callback,http://localhost:8100]
Configuring a new OIDC Application, almost done:
\
An error occurred if you need more detail use the '--verbose' option
HTTP 400, Okta E0000001 (Api validation failed: redirect_uris - redirect_uris: ''redirect_uris'' must be an array of absolute URIs.), ErrorId oaenTDlC5_mQCaQhjgbe8JTpg
Using URL1,URL2
works.
Finally, how do I add/edit logout redirect URIs? It doesn't seem to be an option.
I need to configure an existing application to use Okta?
Is there any opportunity to do so via CLI tool?
I whipped one up recently.
https://github.com/oktadeveloper/okta-blog/blob/main/_source/_assets/img/cli/okta-cli.png
The winget is bundled with Windows 11 and modern versions of Windows 10 by default as the App Installer. It would be nice to see okta-cli
also in the winget repository at https://github.com/microsoft/winget-pkgs
If the Okta Spring Boot starter isn't in pom.xml
or build.gradle
, add it. If it's difficult, print instructions so the user can copy/paste.
Currently, when you create a Spring Boot App with the Okta CLI (using Spring Security or the Okta Spring Boot Starter), it adds all your configuration to src/main/resources/application.properties
. This isn't great because people often have non-sensitive configuration information in this file and they'll likely want to check it in.
I think it's better to generate application.properties
in the root directory. This will file will still be read when you start the app, and it's unlikely people will check it in by mistake.
If you're creating microservices with JHipster, and you convert the JHipster Registry to talk to Okta, its redirect URI (http://localhost:8761/login/oauth2/code/oidc
) needs to be registered. Otherwise, you get a 400 when you try to log in to it.
I added Micronaut, Quarkus, and Helidon samples to https://github.com/okta-samples tonight. Now, when I run okta start
, I get the following output:
> 1: Spring Boot + Okta
> 2: Vue + Okta
> 3: ASP.NET Core MVC + Okta
> 4: Angular + Okta
> 5: React Native + Okta
> 6: React + Okta
> 7: Okta Quarkus Sample
> 8: Android Java + Okta
> 9: Python Flask + Okta
> 10: Node.js Express + Okta
> 11: Golang Gin + Okta
> 12: Golang Gin API + Okta
> 13: Okta Micronaut Sample
> 14: Okta Helidon Sample
Is it possible to change the titles of the samples I added? It might be better to have "Quarkus + Okta" rather than "Okta Quarkus Sample".
If it's not possible to override the names, how are the titles determined? There's a lot of "Okta" that looks repetitive with the large list. It'd be cool if you could type and it'd filter in real-time. Or sort alphabetically.
Also, if OIDC login and API access can be combined into one, I think we should do that. Most of the Java examples have both.
User see activated and deactivated applications in one list by executing command 'okta apps'
Is it OK? Do we need to improve the output of 'okta apps' command by adding the status(ACTIVE/INACTIVE) for each application or separate them somehow?
odl1808008:testOktaCreate kdrozdov$ okta apps
0oakde4tQo87VFF0s5d5 okta-angular-sample
0oakdsruuyIckZPl45d5 okta-spring-boot-sample
0oamzgs9JKzuZIlWr5d5 okta-aspnet-core3-sample
0oaokytw8Gs5akrRL5d5 okta-vue-sample
0oaprkmwDga7GJJjG5d5 erere
0oapru34tjQw5RlRu5d5 ghghg
0oapryy179GK8bAgr5d5 testse
0oaps44vmPI5eaQiR5d5 rerertdgfd
0oaps600Nt3MdUyPu5d5 trtrt
0oapsc9z0ArO2n0oI5d5 tete
0oapsei46ekXWYcyp5d5 ooo
0oapskquFvW5Jg2Gu5d5 tetete
I was running an app today that kept giving me a 400 error. Using the CLI, I ran okta apps
and made sure I had the correct client ID. Once I confirmed this was correct, I was quite puzzled. Then, I logged into the Okta Admin Console and discovered the app wasn't listed. I checked my Okta org URL because I was super confused on why it wouldn't be there. Then, I realized it was disabled. Once I enabled it again, everything worked. I imagine other developers might run into this issue.
Steps to reproduce:
okta start
commandUse application name of existing application - okta-angular-sample
Change application type and URI's
Result:
HTTP 400, Okta E0000001 (Api validation failed: label - label: An active OpenID Connect Client instance with the label "okta-angular-sample " already exists.), ErrorId oaePTQoIXOWSI29R3BekDk7yw
Windows 10 'okta register' returns an error after entering verification code.
No link to set password.
okta register
An existing Okta Organization (https://dev-6224545.okta.com) was found in C:\Users\User\.okta\okta.yaml
Overwrite configuration file? [Y/n]Y
Configuration file backed: C:\Users\User\.okta\okta.yaml.20201105T1539
First name: KOstya
Last name: Drozdov
Email address: [email protected]
Company: test
Creating new Okta Organization, this may take a minute:
OrgUrl: https://dev-9044671.okta.com
An email has been sent to you with a verification code.
Check your email
Verification code: 919053
An error occurred if you need more detail use the '--verbose' option
null
Hello Here
First of all, thanks for providing flatpak image for the Linux users
It looks there are probably too many unnecessary dependencies:
flatpak install com.okta.developer.CLI
Looking for matches…
Found similar ref(s) for ‘com.okta.developer.CLI’ in remote ‘flathub’ (system).
Use this remote? [Y/n]: Required runtime for com.okta.developer.CLI/x86_64/stable (runtime/org.freedesktop.Platform/x86_64/19.08) found in remote flathub
Do you want to install it? [Y/n]: y
com.okta.developer.CLI permissions:
network file access [1]
[1] host
ID Branch Op Remote Download
1. [✓] org.freedesktop.Platform.GL.default 19.08 i flathub 88.6 MB / 89.1 MB
2. [✓] org.freedesktop.Platform.Locale 19.08 i flathub 17.6 kB / 318.3 MB
3. [✓] org.freedesktop.Platform.VAAPI.Intel 19.08 i flathub 8.6 MB / 8.7 MB
4. [✓] org.freedesktop.Platform.openh264 2.0 i flathub 266.5 kB / 1.5 MB
5. [✓] org.freedesktop.Platform 19.08 i flathub 193.9 MB / 238.5 MB
6. [✓] com.okta.developer.CLI stable i flathub 16.5 MB / 16.5 MB
For example, does Okta CLI actually require VAAPI
and openh264
(both for the video encoding). Platform.GL
does look necessary for the CLI tool either
Current OS: Ubuntu 20.10
Flatpak version: 1.8.2-1
(from the repo)
Okta CLI version: 0.7.1-1f9781e
Ref: https://devforum.okta.com/t/okta-cli-fails-to-create-app/18053
The Okta CLI should use a specific search parameter: profile.name eq "everyone"
instead of q=everyone
Today I realized that there's really no reason for .okta.env
to have export or use quotes around values. If we remove export
and the quotes from the values, running source .okta.env
will still set the environment variables.
I'm not sure if this will work on Windows. However, if it does, I think we should switch to it and update old blog posts. With the CLI include, it should be easy.
One of the nice things about moving to a syntax recognized by dotenv
is you can copy/paste into your IDE for environment variables and you can also rename it to .env
and it'll set the variables for Docker Compose.
similarly it doesn't autofill the protocol
If you don't manually include https://
at login in the string it fails
This makes the UX bad, when you copy the URL from the web dashboard it does include the protocol & causes unnecessary friction
Originally posted by @Gilgahex in #77 (comment)
JHipster uses Spring Boot, but not the Okta Spring Boot starter. Nevertheless, it'd be cool if we could configure a JHipster app with this plugin.
Here's what's required:
ROLE_ADMIN
and ROLE_USER
groups if they don't existroles
claim to include the groups/oidc
rather than /okta
, and set a logout redirect URI to http://localhost:8080
More details at https://www.jhipster.tech/security/#oauth2.
If an organization does NOT have the "/default" issuer the Okta Maven Plugin will fail.
All Developer accounts have this issuer, but it could have been removed.
Hello!
I'm not sure was intentional but okta apps create
generates effectively sh-like file.
.env
is key-value file format is very popular and has support pretty much in any language and docker
.env file is produced with format like:
KEY=VALUE
.okta.env has format like:
export KEY=VALUE
The generated file can be converted to .env
by stipping export
bit with simple command:
sed -i 's/^export //' .okta.env
Okta CLI version: 0.7.1-1f9781e
Should support:
Should collection login redirect uri (with default specified) as well as logout redirect uri (with default specified)
Similar functionality to register - should also collect name, email, password, etc.
BUT, in addition to allocating the okta org and API token, will also create specified application type and return client_id (and client_secret for web app)
I am trying 0.8 version build on Windows 10 and get the following error:
PS P:> okta apps create
Application name [Movie-Explorer]:
Type of Application
(The Okta CLI only supports a subset of application types and properties):
1: Web
2: Single Page App
3: Native App (mobile)
4: Service (Machine-to-Machine)
Enter your choice [Web]: 3
java.lang.NullPointerException
at java.net.URI$Parser.parse(URI.java:3104)
at java.net.URI.(URI.java:600)
at java.net.URI.create(URI.java:881)
at com.okta.cli.common.URIs.reverseDomain(URIs.java:27)
at com.okta.cli.commands.apps.AppsCreate.createNativeApp(AppsCreate.java:128)
at com.okta.cli.commands.apps.AppsCreate.runCommand(AppsCreate.java:88)
at com.okta.cli.commands.BaseCommand.call(BaseCommand.java:41)
at com.okta.cli.commands.BaseCommand.call(BaseCommand.java:26)
at picocli.CommandLine.executeUserObject(CommandLine.java:1783)
at picocli.CommandLine.access$900(CommandLine.java:145)
at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2150)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2144)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2108)
at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:1975)
at picocli.CommandLine.execute(CommandLine.java:1904)
at com.okta.cli.OktaCli.run(OktaCli.java:64)
at com.okta.cli.OktaCli.main(OktaCli.java:54)
PS P:> java -version
openjdk version "11.0.7" 2020-04-14 LTS
OpenJDK Runtime Environment 18.9 (build 11.0.7+10-LTS)
OpenJDK 64-Bit Server VM 18.9 (build 11.0.7+10-LTS, mixed mode)
Is there something I did wrong?
Running apps create
in an empty directory and creating a Spring Boot application will create a src/main/resources/application.properties
while this IS expected. If there is no pom.xml
, build.gradle
, build.gradle.kts
, in that directory it seems odd.
Steps to reproduce:
I created a new Okta account via okta-cli.
Then I run command okta apps create:
okta apps create
Application name [Downloads]: test-app
Type of Application
(The Okta CLI only supports a subset of application types and properties):
> 1: Web
> 2: Single Page App
> 3: Native App (mobile)
> 4: Service (Machine-to-Machine)
Enter your choice [Web]: 1
Type of Application
> 1: Okta Spring Boot Starter
> 2: Spring Boot
> 3: JHipster
> 4: Other
Enter your choice [Other]: 1
Redirect URI
Common defaults:
Spring Security - http://localhost:8080/login/oauth2/code/okta
JHipster - http://localhost:8080/login/oauth2/code/oidc
Enter your Redirect URI [http://localhost:8080/login/oauth2/code/okta]:
Enter your Post Logout Redirect URI [http://localhost:8080/]:
Configuring a new OIDC Application, almost done:
Created OIDC application, client-id: 0oanrcmrnULlncLNc5d5
Okta application configuration has been written to: /home/kostya/Downloads/src/main/resources/application.properties
Then I found a new application in Developer console, but also in my current directory 'src' folder was created.
Do we need extra description in readme, how okta apps create should work?
When I copied org url from Okta dev console I accidentally copied an extra space character in front of the URL. Running Okta login
didn't fail but running any command resulted in Illegal character in scheme name
error.
If I use this plugin in a Micronaut app (created using instructions in this blog post), it adds the Okta Spring Boot starter and properties to application.properties
.
I think it'd be best if this plugin had some logic to confirm it's a Spring Boot app before adding dependencies and properties.
Semantic UI has a dependency on jQuery and I can't seem to get around the error below. I've tried importing jQuery in main.js and in the file where I need to use jQuery (for semantic UI's form validation). Any ideas how to fix it?
TypeError: jquery__WEBPACK_IMPORTED_MODULE_0___default(...)(...).form is not a function"
I noticed that most of the install commands in the README don't require a version. However, the Chocolately example does use a version:
choco install okta --version=0.7.0
Is this necessary? If so, we might want to automate updating the README as part of the release process.
Let's face it, configuring social login and custom domains is kinda painful because there are so many steps. Let's automate them with the CLI!
Maybe Cloudflare has an API we can use to automate our guide? I'm not sure.
Sample commands:
okta add custom-domain <URL>
okta add social-login
Related: what if okta add
was a way of adding plugins? Kinda like Oh My Zsh's plugins? It might be cool to have an architecture where developers can extend the CLI for their own needs. I could see it being used by DevOps teams to automate adding/removing apps as part of their CI process.
Just wanted to point out the second step for installing via Flatpak requires the flathub remote name before the package name.
Is it ok if I submit a PR?
From this:
flatpak install com.okta.developer.CLI
To this:
flatpak install flathub com.okta.developer.CLI
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.