Sample website programmed in Python using the Litestar framework secured with OKTA as as the OpenID/OIDC provider.
See https://dev.to/pbaletkeman/secure-python-litestar-site-with-openidoidc-using-okta-hosted-login-38nf for a write up about this project.
- Python 3.11.x
- OKTA OIDC/OpenID (may work with not OKTA providers)
litestar --app main:app run --debug
- CLIENT_ID=<Value From OKTA>
- CLIENT_SECRET=<Value From OKTA>
- OKTA_DOMAIN=<dev-73804109.okta.com>
- REDIRECT_URL=<Setup in OKTA and refers to this site/project>
e.g. http://localhost:8000/authorization-code/callback - OKTA_PROMPT=
-
If no OKTA_PROMPT parameter is specified, the standard behavior occurs:
- If an Okta session already exists, the user is silently authenticated. Otherwise, the user is prompted to authenticate.
- If scopes are requested that require consent and consent isn't yet given by the authenticated user, the user is prompted to give consent.
-
Other possible values for OKTA_PROMPT parameter:
none: Don't prompt for authentication or consent. If an Okta session already exists, the user is silently authenticated. Otherwise, an error is returned.login: Always prompt the user for authentication, regardless of whether they have an Okta session.consent: Depending on the values set for consent_method in the app and consent on the scope, display the Okta consent dialog, even if the user has already given consent. User consent is available for Custom Authorization Servers (requires the API Access Management feature and the User Consent feature enabled).login consentorconsent login(order doesn't matter): The user is always prompted for authentication, and the user consent dialog appears depending on the values set for consent_method in the app and consent on the scope, even if the user has already given consent.
See https://developer.okta.com/docs/reference/api/oidc/#parameter-details for more details about PROMPT.
-