Add support for creating 'Okta API scopes'

[ghost]

@rachrdfds commented on Dec 2, 2019, 3:01 PM UTC:

Is your feature request related to a problem? Please describe.
When creating an application that is to be used to create and maintain other Okta applications etc. in Okta, some Okta API scopes must be enabled/granted on the application.

Currently I can create the application using Terraform but the I ahve to set the Okta API scopes manually (GUI):

Describe the solution you'd like
A way to create the application with the specified Okta API scopes. It could be an array of strings containing one or more of (below is currently a complete list):

• okta.apps.manage
• okta.apps.read
• okta.authorizationServers.manage
• okta.authorizationServers.read
• okta.clients.manage
• okta.clients.read
• okta.clients.register
• okta.eventHooks.manage
• okta.eventHooks.read
• okta.events.read
• okta.factors.manage
• okta.factors.read
• okta.groups.manage
• okta.groups.read
• okta.idps.manage
• okta.idps.read
• okta.inlineHooks.manage
• okta.inlineHooks.read
• okta.logs.read
• okta.roles.manage
• okta.roles.read
• okta.schemas.manage
• okta.schemas.read
• okta.users.manage
• okta.users.manage.self
• okta.users.read
• okta.users.read.self

Describe alternatives you've considered
I don't see any workaround for this.

This issue was moved by noinarisak from articulate/terraform-provider-okta#361.

[ghost]

@quantumew commented on Dec 2, 2019, 5:16 PM UTC:

We will investigate this one. Often Okta only exposes features like this on their internal API which is subject to change and generally doesn't accept API token auth. If this is the case, we will open a feature request and wait for an endpoint to get publicly released.

[ghost]

@rachrdfds commented on Dec 4, 2019, 12:33 PM UTC:

Okta feature request for exposing Okta API scopes created: https://ideas.okta.com/app/#/case/114235

[ghost]

@mbudnek commented on Mar 5, 2020, 5:32 PM UTC:

To update, the API for this is currently available in early access: https://developer.okta.com/docs/reference/api/apps/#application-oauth-2-0-scope-consent-grant-operations

OAuth authorization for Okta APIs went GA in their preview environment today, so this would be really nice to have.

[github-actions]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days

[Ruffio]

this is still a feature request

[github-actions]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days

[khitrenovich]

this is still a feature request

[noinarisak]

Related #87

[adw1n]

I thought only apps created using the /oauth2/v1/clients endpoint can take advantage of Okta Management API scopes https://developer.okta.com/docs/guides/implement-oauth-for-okta-serviceapp/overview/. okta-sdk-golang doesn't support /oauth2/v1/clients endpoint which means terraform-provider-okta also doesn't support it. So I think granting these scopes to any app created with terraform-provider-okta won't have any effect but I may very well be mistaken.

[mbudnek]

@adw1n From experimentation it seems that it doesn't matter how an app is created. Any OAuth app can be granted scopes and use them to access the Okta API.

[ymylei]

@adw1n I'm pretty sure the difference between apps and clients is the dynamic oauth client support. For example I can see this EA API doc for the apps endpoint for configuring the OKTA management scopes: https://developer.okta.com/docs/reference/api/apps/#application-oauth-2-0-scope-consent-grant-operations

[github-actions]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days

[mbudnek]

Please keep this open

[mbudnek]

@noinarisak Can you re-open this issue. It is still relevant. Also, can you investigate why the GitHub Actions bot is closing things despite my comment?