Coder Social home page Coder Social logo

Comments (18)

serhiibuniak-okta avatar serhiibuniak-okta commented on August 24, 2024

Hi @njonesuser. If I understand this sample correctly, you want to access attributes of OKTA user model through Flask-oidc user model? If it is correct, I can suggest write a bit complicated custom flask user model or get okta user manually via API, because these models represent different entities. Let me know if it works for you and I'll be able to help you in achieving this goal.

from okta-sdk-python.

serhiibuniak-okta avatar serhiibuniak-okta commented on August 24, 2024

I've investigated a bit more and it looks like you're trying to get okta user via okta_client.get_user. This method is asynchronous, thus we need to add some wrapper to get user:

import asyncio

# loop should be global as only one event loop is allowed
loop = asyncio.get_event_loop()

# modified before_request function
@app.before_request
def before_request():
    g.user = None
    if oidc.user_loggedin:
        res, resp, err = loop.run_until_complete(okta_client.get_user(oidc.user_getfield("sub")))
        if not err:
            g.user = res
            
            # then we can access different user attributes from OKTA model
            print(g.user.id)
            print(g.user.profile.first_name)

Please, let us know if it helps.

from okta-sdk-python.

njonesuser avatar njonesuser commented on August 24, 2024

from okta-sdk-python.

njonesuser avatar njonesuser commented on August 24, 2024

I will give it a try. Thanks a lot.

from okta-sdk-python.

serhiibuniak-okta avatar serhiibuniak-okta commented on August 24, 2024

Hi Nina,

Now things became more complicated.
Correct me if I'm wrong: you want to access custom attributes of OKTA user model, but you can't map claims from oidc (jwt token) to real user represented by OKTA user model? In the other words, you want to get them via OpenIDConnect user_getinfo() method, and don't use okta_client.get_user(oidc.user_getfield("sub"))?
In this case, you have to incorporate custom attributes into jwt token, see docs:
https://support.okta.com/help/s/article/How-to-add-custom-attributes-of-user-profile-as-claims-in-token?language=en_US
https://developer.okta.com/docs/guides/customize-tokens-returned-from-okta/add-custom-claim/
Let me know if it works for you.

from okta-sdk-python.

njonesuser avatar njonesuser commented on August 24, 2024

from okta-sdk-python.

serhiibuniak-okta avatar serhiibuniak-okta commented on August 24, 2024

I'm not sure if I got it, but we have UserClient accessible from okta.client:

from okta.client import UserClient

Or full path:

from okta.resource_clients.user_client import UserClient

from okta-sdk-python.

njonesuser avatar njonesuser commented on August 24, 2024

from okta-sdk-python.

serhiibuniak-okta avatar serhiibuniak-okta commented on August 24, 2024

Nina, could you please share some code or explain what're you want to achieve?
For any requests we use class Client, which inherits from many classes including UserClient, but additionally class Client has request_executor and all other stuff needed to perform requests. In other words, if you want to execute method "UserClient.list_users", you need to execute "Client.list_users"

from okta-sdk-python.

njonesuser avatar njonesuser commented on August 24, 2024

I only need to execute UserClient.get_user. I have a user logged in my Flask app. In order to control access to some pages in the app, I need to get a value for the custom attribute that was added to the user's profile in Okta by the admin.

from okta-sdk-python.

serhiibuniak-okta avatar serhiibuniak-okta commented on August 24, 2024

You need to execute Client.get_user, that's how it works.

from okta-sdk-python.

njonesuser avatar njonesuser commented on August 24, 2024

Where do I import Client from?

from okta-sdk-python.

njonesuser avatar njonesuser commented on August 24, 2024

And what should I pass to Client as user_config: dict = {}

from okta-sdk-python.

serhiibuniak-okta avatar serhiibuniak-okta commented on August 24, 2024

From README (https://github.com/okta/okta-sdk-python):

from okta.client import Client as OktaClient

client = OktaClient({'orgUrl': 'https://{yourOktaDomain}', 'token': '{yourAPIToken}'})

Then you will be able to execute

# user_id you can get from "sub" claim, as in posts above

client.get_user(user_id)

from okta-sdk-python.

njonesuser avatar njonesuser commented on August 24, 2024

And where do I get user_id from?

from okta-sdk-python.

serhiibuniak-okta avatar serhiibuniak-okta commented on August 24, 2024

Hi Nina,

user_id in most cases represented by "sub" claim (exactly, like you tried to do from the start), and here's a bit modified working example to make things more clear:

import asyncio

from okta.client import Client as OktaClient

okta_client = OktaClient({'orgUrl': 'https://{yourOktaDomain}', 'token': '{yourAPIToken}'})

# loop should be global as only one event loop is allowed
loop = asyncio.get_event_loop()

# modified before_request function
@app.before_request
def before_request():
    user = None
    if oidc.user_loggedin:
        user_id = oidc.user_getfield("sub")
        res, resp, err = loop.run_until_complete(okta_client.get_user(user_id))
        if not err:
            user = res
            
            # then we can access different user attributes from OKTA model
            print(user.id)
            print(user.profile.first_name)
            
            # or print some custom attribute if it exists (with name "custom_attribute"):
            print(user.custom_attribute)

And another way to get custom attributes (as we discussed in few posts above) - incorporate them into jwt token.

Please, let us know if either of approaches work for you.

from okta-sdk-python.

njonesuser avatar njonesuser commented on August 24, 2024

Thank you for being helpful and patient. It works.

from okta-sdk-python.

serhiibuniak-okta avatar serhiibuniak-okta commented on August 24, 2024

Thank you for the confirmation that it works. I'm going to close this issue as resolved. Feel free to reopen this issue or create a new one if you still have some questions.

from okta-sdk-python.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.