okta

package
v0.0.0-...-3430665 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 12, 2018 License: MIT Imports: 14 Imported by: 32

Documentation

Index

Constants

View Source 
const (
	// MFAStatusActive is a  constant to represent OKTA User State returned by the API
	MFAStatusActive = "ACTIVE"
	// MFAStatusPending is a user MFA Status of NOT Active
	MFAStatusPending = "PENDING_ACTIVATION"
)
View Source 
const (
	// GroupTypeOKTA - group type constant for an OKTA Mastered Group
	GroupTypeOKTA = "OKTA_GROUP"
	// GroupTypeBuiltIn - group type constant for a Built in OKTA groups
	GroupTypeBuiltIn = "BUILT_IN"
	// GroupTypeApp -- group type constant for app mastered group
	GroupTypeApp = "APP_GROUP"
)
View Source 
const (

	// FilterEqualOperator Filter Operatorid for "equal"
	FilterEqualOperator = "eq"
	// FilterStartsWithOperator - filter operator for "starts with"
	FilterStartsWithOperator = "sw"
	// FilterGreaterThanOperator - filter operator for "greater than"
	FilterGreaterThanOperator = "gt"
	// FilterLessThanOperator - filter operator for "less than"
	FilterLessThanOperator = "lt"
)
View Source 
const (

	// UserStatusActive is a  constant to represent OKTA User State returned by the API
	UserStatusActive = "ACTIVE"
	// UserStatusStaged is a  constant to represent OKTA User State returned by the API
	UserStatusStaged = "STAGED"
	// UserStatusProvisioned is a  constant to represent OKTA User State returned by the API
	UserStatusProvisioned = "PROVISIONED"
	// UserStatusRecovery is a  constant to represent OKTA User State returned by the API
	UserStatusRecovery = "RECOVERY"
	// UserStatusLockedOut is a  constant to represent OKTA User State returned by the API
	UserStatusLockedOut = "LOCKED_OUT"
	// UserStatusPasswordExpired is a  constant to represent OKTA User State returned by the API
	UserStatusPasswordExpired = "PASSWORD_EXPIRED"
	// UserStatusSuspended is a  constant to represent OKTA User State returned by the API
	UserStatusSuspended = "SUSPENDED"
	// UserStatusDeprovisioned is a  constant to represent OKTA User State returned by the API
	UserStatusDeprovisioned = "DEPROVISIONED"
)

Variables

This section is empty.

Functions

func CheckResponse 

func CheckResponse(r *http.Response) error

CheckResponse checks the API response for errors, and returns them if present. A response is considered an error if it has a status code outside the 200 range. API error responses are expected to have either no response body, or a JSON response body that maps to ErrorResponse. Any other response body will be silently ignored.

The error type will be *RateLimitError for rate limit exceeded errors, and *TwoFactorAuthError for two-factor authentication errors. TODO - check un-authorized

Types

type ActivationResponse 

type ActivationResponse struct {
	ActivationURL string `json:"activationUrl"`
}

ActivationResponse - Response coming back from a user activation

type App 

type App struct {
	ID            string    `json:"id"`
	Name          string    `json:"name"`
	Label         string    `json:"label"`
	Status        string    `json:"status"`
	LastUpdated   time.Time `json:"lastUpdated"`
	Created       time.Time `json:"created"`
	Accessibility struct {
		SelfService      bool        `json:"selfService"`
		ErrorRedirectURL interface{} `json:"errorRedirectUrl"`
		LoginRedirectURL interface{} `json:"loginRedirectUrl"`
	} `json:"accessibility"`
	Visibility struct {
		AutoSubmitToolbar bool `json:"autoSubmitToolbar"`
		Hide              struct {
			IOS bool `json:"iOS"`
			Web bool `json:"web"`
		} `json:"hide"`
		AppLinks struct {
			TestorgoneCustomsaml20App1Link bool `json:"testorgone_customsaml20app_1_link"`
		} `json:"appLinks"`
	} `json:"visibility"`
	Features    []interface{} `json:"features"`
	SignOnMode  string        `json:"signOnMode"`
	Credentials struct {
		UserNameTemplate struct {
			Template string `json:"template"`
			Type     string `json:"type"`
		} `json:"userNameTemplate"`
		Signing struct {
		} `json:"signing"`
	} `json:"credentials"`
	Settings struct {
		App struct {
		} `json:"app"`
		Notifications struct {
			Vpn struct {
				Network struct {
					Connection string `json:"connection"`
				} `json:"network"`
				Message interface{} `json:"message"`
				HelpURL interface{} `json:"helpUrl"`
			} `json:"vpn"`
		} `json:"notifications"`
		SignOn struct {
			DefaultRelayState     string        `json:"defaultRelayState"`
			SsoAcsURL             string        `json:"ssoAcsUrl"`
			IdpIssuer             string        `json:"idpIssuer"`
			Audience              string        `json:"audience"`
			Recipient             string        `json:"recipient"`
			Destination           string        `json:"destination"`
			SubjectNameIDTemplate string        `json:"subjectNameIdTemplate"`
			SubjectNameIDFormat   string        `json:"subjectNameIdFormat"`
			ResponseSigned        bool          `json:"responseSigned"`
			AssertionSigned       bool          `json:"assertionSigned"`
			SignatureAlgorithm    string        `json:"signatureAlgorithm"`
			DigestAlgorithm       string        `json:"digestAlgorithm"`
			HonorForceAuthn       bool          `json:"honorForceAuthn"`
			AuthnContextClassRef  string        `json:"authnContextClassRef"`
			SpIssuer              interface{}   `json:"spIssuer"`
			RequestCompressed     bool          `json:"requestCompressed"`
			AttributeStatements   []interface{} `json:"attributeStatements"`
		} `json:"signOn"`
	} `json:"settings"`
	Links struct {
		Logo []struct {
			Name string `json:"name"`
			Href string `json:"href"`
			Type string `json:"type"`
		} `json:"logo"`
		AppLinks []struct {
			Name string `json:"name"`
			Href string `json:"href"`
			Type string `json:"type"`
		} `json:"appLinks"`
		Help struct {
			Href string `json:"href"`
			Type string `json:"type"`
		} `json:"help"`
		Users struct {
			Href string `json:"href"`
		} `json:"users"`
		Deactivate struct {
			Href string `json:"href"`
		} `json:"deactivate"`
		Groups struct {
			Href string `json:"href"`
		} `json:"groups"`
		Metadata struct {
			Href string `json:"href"`
			Type string `json:"type"`
		} `json:"metadata"`
	} `json:"_links"`
}

App is the Model for an OKTA Application

func (App) String 

func (a App) String() string

type AppFilterOptions 

type AppFilterOptions struct {
	NextURL       *url.URL `url:"-"`
	GetAllPages   bool     `url:"-"`
	NumberOfPages int      `url:"-"`
	Limit         int      `url:"limit,omitempty"`
}

AppFilterOptions is used to generate a "Filter" to search for different Apps The values here coorelate to API Search paramgters on the group API

type AppGroups 

type AppGroups struct {
	ID          string    `json:"id"`
	LastUpdated time.Time `json:"lastUpdated"`
	Priority    int       `json:"priority"`
	Links       struct {
		User struct {
			Href string `json:"href"`
		} `json:"user"`
	} `json:"_links"`
}

AppGroups - Groups assigned to Application

type AppUser 

type AppUser struct {
	ID              string     `json:"id"`
	ExternalID      string     `json:"externalId"`
	Created         time.Time  `json:"created"`
	LastUpdated     time.Time  `json:"lastUpdated"`
	Scope           string     `json:"scope"`
	Status          string     `json:"status"`
	StatusChanged   *time.Time `json:"statusChanged"`
	PasswordChanged *time.Time `json:"passwordChanged"`
	SyncState       string     `json:"syncState"`
	LastSync        *time.Time `json:"lastSync"`
	Credentials     struct {
		UserName string `json:"userName"`
		Password struct {
		} `json:"password"`
	} `json:"credentials"`
	Profile struct {
		SecondEmail      interface{} `json:"secondEmail"`
		LastName         string      `json:"lastName"`
		MobilePhone      interface{} `json:"mobilePhone"`
		Email            string      `json:"email"`
		SalesforceGroups []string    `json:"salesforceGroups"`
		Role             string      `json:"role"`
		FirstName        string      `json:"firstName"`
		Profile          string      `json:"profile"`
	} `json:"profile"`
	Links struct {
		App struct {
			Href string `json:"href"`
		} `json:"app"`
		User struct {
			Href string `json:"href"`
		} `json:"user"`
	} `json:"_links"`
}

AppUser is the model for a user of an OKTA App

type AppsService 

type AppsService service

AppsService is a service to retreives applications from OKTA.

func (*AppsService) GetByID 

func (a *AppsService) GetByID(appID string) (*App, *Response, error)

GetByID gets a group from OKTA by the Gropu ID. An error is returned if the group is not found

func (*AppsService) GetGroups 

func (a *AppsService) GetGroups(appID string) (appGroups []AppGroups, resp *Response, err error)

GetGroups returns groups assigned to the application - Input appID is the Application GUID

func (*AppsService) GetUser 

func (a *AppsService) GetUser(appID string, userID string) (appUser AppUser, resp *Response, err error)

GetUser returns the AppUser model for one app users

func (*AppsService) GetUsers 

func (a *AppsService) GetUsers(appID string, opt *AppFilterOptions) (appUsers []AppUser, resp *Response, err error)

GetUsers returns the members in an App 

Pass in an optional AppFilterOptions struct to filter the results
The Users in the app are returned

type Client 

type Client struct {

	// Base URL for API requests.
	//  This will be built automatically based on inputs to NewClient
	//  If needed you can override this if needed (your URL is not *.okta.com or *.oktapreview.com)
	BaseURL *url.URL

	// User agent used when communicating with the GitHub API.
	UserAgent string

	PauseOnRateLimit bool

	// RateRemainingFloor - If the API returns a "X-Rate-Limit-Remaining" header less than this the SDK will either pause
	//  Or throw  RateLimitError depending on the client.PauseOnRateLimit value. It defaults to 30
	// One client doing too much work can lock out all API Access for every other client
	// We are trying to be a "good API User Citizen"
	RateRemainingFloor int

	Limit int

	// Services used for talking to different parts of the  API.
	// Service for Working with Users
	Users *UsersService

	// Service for Working with Groups
	Groups *GroupsService

	// Service for Working with Apps
	Apps *AppsService
	// contains filtered or unexported fields
}

A Client manages communication with the API.

func NewClient 

func NewClient(httpClient *http.Client, orgName string, apiToken string, isProduction bool) *Client

NewClient returns a new OKTA API client. If a nil httpClient is provided, http.DefaultClient will be used.

func NewClientWithBaseURL 

func NewClientWithBaseURL(httpClient *http.Client, baseURL *url.URL, apiToken string) *Client

NewClientWithBaseURL creates a client based on the full base URL and api token

func NewClientWithDomain 

func NewClientWithDomain(httpClient *http.Client, orgName string, domain string, apiToken string) (*Client, error)

NewClientWithDomain creates a client based on the organziation name and base domain for requests (okta.com, okta-emea.com, oktapreview.com, etc).

func (*Client) Do 

func (c *Client) Do(req *http.Request, v interface{}) (*Response, error)

Do sends an API request and returns the API response. The API response is JSON decoded and stored in the value pointed to by v, or returned as an error if an API error has occurred. If v implements the io.Writer interface, the raw response body will be written to v, without attempting to first decode it. If rate limit is exceeded and reset time is in the future, Do returns rate immediately without making a network API call.

func (*Client) NewRequest 

func (c *Client) NewRequest(method, urlStr string, body interface{}) (*http.Request, error)

NewRequest creates an API request. A relative URL can be provided in urlStr, in which case it is resolved relative to the BaseURL of the Client. Relative URLs should always be specified without a preceding slash. If specified, the value pointed to by body is JSON encoded and included as the request body.

type Group 

type Group struct {
	ID                    string    `json:"id"`
	Created               time.Time `json:"created"`
	LastUpdated           time.Time `json:"lastUpdated"`
	LastMembershipUpdated time.Time `json:"lastMembershipUpdated"`
	ObjectClass           []string  `json:"objectClass"`
	Type                  string    `json:"type"`
	Profile               struct {
		Name                       string `json:"name"`
		Description                string `json:"description"`
		SamAccountName             string `json:"samAccountName"`
		Dn                         string `json:"dn"`
		WindowsDomainQualifiedName string `json:"windowsDomainQualifiedName"`
		ExternalID                 string `json:"externalId"`
	} `json:"profile"`
	Links struct {
		Logo []struct {
			Name string `json:"name"`
			Href string `json:"href"`
			Type string `json:"type"`
		} `json:"logo"`
		Users struct {
			Href string `json:"href"`
		} `json:"users"`
		Apps struct {
			Href string `json:"href"`
		} `json:"apps"`
	} `json:"_links"`
}

Group represents the Group Object from the OKTA API

func (Group) String 

func (g Group) String() string

type GroupFilterOptions 

type GroupFilterOptions struct {
	// This will be built by internal - may not need to export
	FilterString  string   `url:"filter,omitempty"`
	NextURL       *url.URL `url:"-"`
	GetAllPages   bool     `url:"-"`
	NumberOfPages int      `url:"-"`
	Limit         int      `url:"limit,omitempty"`

	NameStartsWith string `url:"q,omitempty"`
	GroupTypeEqual string `url:"-"`

	LastUpdated           dateFilter `url:"-"`
	LastMembershipUpdated dateFilter `url:"-"`
}

GroupFilterOptions is used to generate a "Filter" to search for different groups The values here coorelate to API Search paramgters on the group API

type GroupUserFilterOptions 

type GroupUserFilterOptions struct {
	Limit         int      `url:"limit,omitempty"`
	NextURL       *url.URL `url:"-"`
	GetAllPages   bool     `url:"-"`
	NumberOfPages int      `url:"-"`
}

GroupUserFilterOptions is a struct that you populate which will limit or control group fetches and searches 

The values here will coorelate to the search filtering allowed in the OKTA API. These values are turned into Query Parameters

type GroupsService 

type GroupsService service

GroupsService handles communication with the Groups data related methods of the OKTA API.

func (*GroupsService) Add 

func (g *GroupsService) Add(groupName string, groupDescription string) (*Group, *Response, error)

Add - Adds an OKTA Mastered Group with name and description. GroupName is required.

func (*GroupsService) AddUserToGroup 

func (g *GroupsService) AddUserToGroup(groupID string, userID string) (*Response, error)

AddUserToGroup - Adds a user to a group.

func (*GroupsService) Delete 

func (g *GroupsService) Delete(groupID string) (*Response, error)

Delete - Deletes an OKTA Mastered Group with ID

func (*GroupsService) GetByID 

func (g *GroupsService) GetByID(groupID string) (*Group, *Response, error)

GetByID gets a group from OKTA by the Gropu ID. An error is returned if the group is not found

func (*GroupsService) GetUsers 

func (g *GroupsService) GetUsers(groupID string, opt *GroupUserFilterOptions) (users []User, resp *Response, err error)

GetUsers returns the members in a group 

Pass in an optional GroupFilterOptions struct to filter the results
The Users in the group are returned

func (*GroupsService) ListWithFilter 

func (g *GroupsService) ListWithFilter(opt *GroupFilterOptions) ([]Group, *Response, error)

ListWithFilter - Method to list groups with different filter options. 

Pass in a GroupFilterOptions to specify filters. Values in that struct will turn into Query parameters

func (*GroupsService) RemoveUserFromGroup 

func (g *GroupsService) RemoveUserFromGroup(groupID string, userID string) (*Response, error)

RemoveUserFromGroup - Removes a user to a group.

type NewUser 

type NewUser struct {
	Profile     userProfile  `json:"profile"`
	Credentials *credentials `json:"credentials,omitempty"`
}

NewUser object to create user objects in OKTA

func (*NewUser) SetPassword 

func (u *NewUser) SetPassword(passwordIn string)

SetPassword Adds a specified password to the new User

func (*NewUser) SetRecoveryQuestion 

func (u *NewUser) SetRecoveryQuestion(questionIn string, answerIn string)

SetRecoveryQuestion - Sets a custom security question and answer on a user object

type Rate 

type Rate struct {
	// The number of requests per minute the client is currently limited to.
	RatePerMinuteLimit int

	// The number of remaining requests the client can make this minute
	Remaining int

	// The time at which the current rate limit will reset.
	ResetTime time.Time
}

Rate represents the rate limit for the current client.

type RateLimitError 

type RateLimitError struct {
	Rate        Rate // Rate specifies last known rate limit for the client
	ErrorDetail apiError
	Response    *http.Response //
}

RateLimitError occurs when OKTA returns 429 "Too Many Requests" response with a rate limit remaining value of 0, and error message starts with "API rate limit exceeded for ".

func (*RateLimitError) Error 

func (r *RateLimitError) Error() string

type ResetPasswordResponse 

type ResetPasswordResponse struct {
	ResetPasswordURL string `json:"resetPasswordUrl"`
}

ResetPasswordResponse struct that returns data about the password reset

type Response 

type Response struct {
	*http.Response

	NextURL *url.URL
	// PrevURL       *url.URL
	SelfURL       *url.URL
	OKTARequestID string
	Rate
}

Response is a OKTA API response. This wraps the standard http.Response returned from OKTA and provides convenient access to things like pagination links.

type User 

type User struct {
	Activated       string          `json:"activated,omitempty"`
	Created         string          `json:"created,omitempty"`
	Credentials     credentials     `json:"credentials,omitempty"`
	ID              string          `json:"id,omitempty"`
	LastLogin       string          `json:"lastLogin,omitempty"`
	LastUpdated     string          `json:"lastUpdated,omitempty"`
	PasswordChanged string          `json:"passwordChanged,omitempty"`
	Profile         userProfile     `json:"profile"`
	Status          string          `json:"status,omitempty"`
	StatusChanged   string          `json:"statusChanged,omitempty"`
	Links           userLinks       `json:"_links,omitempty"`
	MFAFactors      []userMFAFactor `json:"-,"`
	Groups          []Group         `json:"-"`
}

User is a struct that represents a user object from OKTA.

func (User) String 

func (u User) String() string

type UserListFilterOptions 

type UserListFilterOptions struct {
	Limit         int    `url:"limit,omitempty"`
	EmailEqualTo  string `url:"-"`
	LoginEqualTo  string `url:"-"`
	StatusEqualTo string `url:"-"`
	IDEqualTo     string `url:"-"`

	FirstNameEqualTo string `url:"-"`
	LastNameEqualTo  string `url:"-"`

	// This will be built by internal - may not need to export
	FilterString  string     `url:"filter,omitempty"`
	NextURL       *url.URL   `url:"-"`
	GetAllPages   bool       `url:"-"`
	NumberOfPages int        `url:"-"`
	LastUpdated   dateFilter `url:"-"`
}

UserListFilterOptions is a struct that you can populate which will "filter" user searches the exported struct fields should allow you to do different filters based on what is allowed in the OKTA API. 

The filter OKTA API is limited in the fields it can search
NOTE: In the current form you can't add parenthesis and ordering

OKTA API Supports only a limited number of properties: status, lastUpdated, id, profile.login, profile.email, profile.firstName, and profile.lastName. http://developer.okta.com/docs/api/resources/users.html#list-users-with-a-filter

type UsersService 

type UsersService service

UsersService handles communication with the User data related methods of the OKTA API.

func (*UsersService) Activate 

func (s *UsersService) Activate(id string, sendEmail bool) (*ActivationResponse, *Response, error)

Activate Activates a user. You can have OKTA send an email by including a "sendEmail=true" If you pass in sendEmail=false, then activationResponse.ActivationURL will have a string URL that can be sent to the end user. You can discard response if sendEmail=true

func (*UsersService) Create 

func (s *UsersService) Create(userIn NewUser, createAsActive bool) (*User, *Response, error)

Create - Creates a new user. You must pass in a "newUser" object created from Users.NewUser() There are many differnt reasons that OKTA may reject the request so you have to check the error messages

func (*UsersService) Deactivate 

func (s *UsersService) Deactivate(id string) (*Response, error)

Deactivate - Deactivates a user

func (*UsersService) GetByID 

func (s *UsersService) GetByID(id string) (*User, *Response, error)

GetByID returns a user object for a specific OKTA ID. Generally the id input string is the cryptic OKTA key value from User.ID. However, the OKTA API may accept other values like "me", or login shortname

func (*UsersService) ListWithFilter 

func (s *UsersService) ListWithFilter(opt *UserListFilterOptions) ([]User, *Response, error)

ListWithFilter will use the input UserListFilterOptions to find users and return a paged result set

func (*UsersService) NewUser 

func (s *UsersService) NewUser() NewUser

NewUser - Returns a new user object. This is used to create users in OKTA. It only has the properties that OKTA will take as input. The "User" object has more feilds that are OKTA returned like the ID, etc

func (*UsersService) PopulateEnrolledFactors 

func (s *UsersService) PopulateEnrolledFactors(user *User) (*Response, error)

PopulateEnrolledFactors will populate the Enrolled MFA Factors a user is a member of. You pass in a pointer to an existing users http://developer.okta.com/docs/api/resources/factors.html#list-enrolled-factors

func (*UsersService) PopulateGroups 

func (s *UsersService) PopulateGroups(user *User) (*Response, error)

PopulateGroups will populate the groups a user is a member of. You pass in a pointer to an existing users

func (*UsersService) PopulateMFAFactors 

func (s *UsersService) PopulateMFAFactors(user *User) (*Response, error)

PopulateMFAFactors will populate the MFA Factors a user is a member of. You pass in a pointer to an existing users

func (*UsersService) ResetPassword 

func (s *UsersService) ResetPassword(id string, sendEmail bool) (*ResetPasswordResponse, *Response, error)

ResetPassword - Generates a one-time token (OTT) that can be used to reset a user’s password. The OTT link can be automatically emailed to the user or returned to the API caller and distributed using a custom flow. http://developer.okta.com/docs/api/resources/users.html#reset-password If you pass in sendEmail=false, then resetPasswordResponse.resetPasswordUrl will have a string URL that can be sent to the end user. You can discard response if sendEmail=true

func (*UsersService) SetPassword 

func (s *UsersService) SetPassword(id string, newPassword string) (*User, *Response, error)

SetPassword - Sets a user password to an Admin provided String

func (*UsersService) Suspend 

func (s *UsersService) Suspend(id string) (*Response, error)

Suspend - Suspends a user - If user is NOT active an Error will come back based on OKTA API: http://developer.okta.com/docs/api/resources/users.html#suspend-user

func (*UsersService) Unlock 

func (s *UsersService) Unlock(id string) (*Response, error)

Unlock - Unlocks a user - Per docs, only for OKTA Mastered Account http://developer.okta.com/docs/api/resources/users.html#unlock-user

func (*UsersService) Unsuspend 

func (s *UsersService) Unsuspend(id string) (*Response, error)

Unsuspend - Unsuspends a user - If user is NOT SUSPENDED, an Error will come back based on OKTA API: http://developer.okta.com/docs/api/resources/users.html#unsuspend-user

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.