diff --git a/examples/okta_app_oauth/service_with_jwks.tf b/examples/okta_app_oauth/service_with_jwks.tf index c7c97cbac..b3ddbdc8b 100644 --- a/examples/okta_app_oauth/service_with_jwks.tf +++ b/examples/okta_app_oauth/service_with_jwks.tf @@ -12,3 +12,29 @@ resource "okta_app_oauth" "test" { n = "owfoXNHcAlAVpIO41840ZU2tZraLGw3yEr3xZvAti7oEZPUKCytk88IDgH7440JOuz8GC_D6vtduWOqnEt0j0_faJnhKHgfj7DTWBOCxzSdjrM-Uyj6-e_XLFvZXzYsQvt52PnBJUV15G1W9QTjlghT_pFrW0xrTtbO1c281u1HJdPd5BeIyPb0pGbciySlx53OqGyxrAxPAt5P5h-n36HJkVsSQtNvgptLyOwWYkX50lgnh2szbJ0_O581bqkNBy9uqlnVeK1RZDQUl4mk8roWYhsx_JOgjpC3YyeXA6hHsT5xWZos_gNx98AHivNaAjzIzvyVItX2-hP0Aoscfff" } } + +resource "okta_app_oauth" "test_ec" { + label = "test_ecAcc_replace_with_uuid" + type = "service" + response_types = ["token"] + grant_types = ["client_credentials"] + token_endpoint_auth_method = "private_key_jwt" + + jwks { + kty = "EC" + kid = "testing" + x = "K37X78mXJHHldZYMzrwipjKR-YZUS2SMye0KindHp6I" + y = "8IfvsvXWzbFWOZoVOMwgF5p46mUj3kbOVf9Fk0vVVHo" + } +} + +# Test EC Key +# { +# "kty": "EC", +# "use": "sig", +# "crv": "P-256", +# "kid": "testing", +# "x": "K37X78mXJHHldZYMzrwipjKR-YZUS2SMye0KindHp6I", +# "y": "8IfvsvXWzbFWOZoVOMwgF5p46mUj3kbOVf9Fk0vVVHo", +# "alg": "ES256" +# } diff --git a/okta/resource_okta_app_oauth.go b/okta/resource_okta_app_oauth.go index efbb3395e..84ad8c32d 100644 --- a/okta/resource_okta_app_oauth.go +++ b/okta/resource_okta_app_oauth.go @@ -325,6 +325,16 @@ func resourceAppOAuth() *schema.Resource { Optional: true, Description: "RSA Modulus", }, + "x": { + Type: schema.TypeString, + Optional: true, + Description: "X coordinate of the elliptic curve point", + }, + "y": { + Type: schema.TypeString, + Optional: true, + Description: "Y coordinate of the elliptic curve point", + }, }, }, }, diff --git a/okta/resource_okta_app_oauth_test.go b/okta/resource_okta_app_oauth_test.go index ecb383834..7a28addfc 100644 --- a/okta/resource_okta_app_oauth_test.go +++ b/okta/resource_okta_app_oauth_test.go @@ -266,6 +266,8 @@ func TestAccResourceOktaAppOauth_serviceWithJWKS(t *testing.T) { config := mgr.GetFixtures("service_with_jwks.tf", t) resourceName := fmt.Sprintf("%s.test", appOAuth) + ecResourceName := fmt.Sprintf("%s.test2", appOAuth) + oktaResourceTest(t, resource.TestCase{ PreCheck: testAccPreCheck(t), ErrorCheck: testAccErrorChecks(t), @@ -282,6 +284,16 @@ func TestAccResourceOktaAppOauth_serviceWithJWKS(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "jwks.0.n", "owfoXNHcAlAVpIO41840ZU2tZraLGw3yEr3xZvAti7oEZPUKCytk88IDgH7440JOuz8GC_D6vtduWOqnEt0j0_faJnhKHgfj7DTWBOCxzSdjrM-Uyj6-e_XLFvZXzYsQvt52PnBJUV15G1W9QTjlghT_pFrW0xrTtbO1c281u1HJdPd5BeIyPb0pGbciySlx53OqGyxrAxPAt5P5h-n36HJkVsSQtNvgptLyOwWYkX50lgnh2szbJ0_O581bqkNBy9uqlnVeK1RZDQUl4mk8roWYhsx_JOgjpC3YyeXA6hHsT5xWZos_gNx98AHivNaAjzIzvyVItX2-hP0Aoscfff"), ), }, + { + Config: config, + Check: resource.ComposeTestCheckFunc( + ensureResourceExists(ecResourceName, createDoesAppExist(sdk.NewOpenIdConnectApplication())), + resource.TestCheckResourceAttr(ecResourceName, "jwks.0.kty", "EC"), + resource.TestCheckResourceAttr(ecResourceName, "jwks.0.kid", "testing"), + resource.TestCheckResourceAttr(ecResourceName, "jwks.0.x", "K37X78mXJHHldZYMzrwipjKR-YZUS2SMye0KindHp6I"), + resource.TestCheckResourceAttr(ecResourceName, "jwks.0.y", "8IfvsvXWzbFWOZoVOMwgF5p46mUj3kbOVf9Fk0vVVHo"), + ), + }, }, }) } @@ -352,7 +364,7 @@ func TestAccResourceOktaAppOauth_redirect_uris(t *testing.T) { "https://*.example.com/" ] response_types = ["code"] - } + } `, Check: resource.ComposeTestCheckFunc( ensureResourceExists(resourceName, createDoesAppExist(sdk.NewOpenIdConnectApplication())),