Packages
ash_authentication
5.0.0-rc.11
5.0.0-rc.12
5.0.0-rc.11
5.0.0-rc.10
5.0.0-rc.9
5.0.0-rc.8
5.0.0-rc.7
5.0.0-rc.6
5.0.0-rc.5
5.0.0-rc.4
5.0.0-rc.3
5.0.0-rc.2
5.0.0-rc.1
5.0.0-rc.0
4.14.1
4.14.0
4.13.7
4.13.6
4.13.5
4.13.4
4.13.3
4.13.2
retired
4.13.1
retired
4.13.0
4.12.0
4.11.0
4.10.0
4.9.9
4.9.8
4.9.7
4.9.6
4.9.5
4.9.4
4.9.3
4.9.2
4.9.1
4.9.0
4.8.7
4.8.6
4.8.5
4.8.3
4.8.2
4.8.1
4.8.0
4.7.6
4.7.5
4.7.4
4.7.3
4.7.2
4.7.1
4.7.0
4.6.4
4.6.3
4.6.2
4.6.1
4.6.0
4.5.6
4.5.5
4.5.4
4.5.3
4.5.2
4.5.1
4.5.0
4.4.9
4.4.8
4.4.7
4.4.6
4.4.5
4.4.4
4.4.3
4.4.2
4.4.1
4.4.0
4.3.12
4.3.11
4.3.10
4.3.9
4.3.8
4.3.7
4.3.6
4.3.5
4.3.4
4.3.3
4.3.2
4.3.1
4.3.0
4.2.7
4.2.6
4.2.5
4.2.4
4.2.3
4.2.2
4.2.1
4.2.0
4.1.0
4.0.4
4.0.3
4.0.2
4.0.1
4.0.0
4.0.0-rc.6
4.0.0-rc.5
4.0.0-rc.3
4.0.0-rc.2
4.0.0-rc.1
4.0.0-rc.0
3.12.4
3.12.3
3.12.2
3.12.1
3.12.0
3.11.16
3.11.15
3.11.14
3.11.13
3.11.12
3.11.11
3.11.10
3.11.9
3.11.8
3.11.7
3.11.6
3.11.5
3.11.4
3.11.3
3.11.2
3.11.1
3.11.0
3.10.8
3.10.7
3.10.6
3.10.5
3.10.4
3.10.3
3.10.2
3.10.1
3.10.0
3.9.6
3.9.5
3.9.4
3.9.3
3.9.2
3.9.1
3.9.0
3.8.0
3.7.9
3.7.8
3.7.6
3.7.5
3.7.4
3.7.3
3.7.2
3.7.1
3.7.0
3.6.1
3.6.0
3.5.3
3.5.2
3.5.1
3.5.0
3.3.1
3.3.0
3.2.2
3.2.1
3.2.0
3.1.0
3.0.3
Authentication extension for the Ash Framework.
Current section
Files
Jump to
Current section
Files
lib/ash_authentication/strategies/okta.ex
# SPDX-FileCopyrightText: 2022 Alembic Pty Ltd
#
# SPDX-License-Identifier: MIT
defmodule AshAuthentication.Strategy.Okta do
alias __MODULE__.Dsl
@moduledoc """
Strategy for authenticating using [Okta](https://okta.com).
This strategy builds on-top of `AshAuthentication.Strategy.Oidc` and
[`assent`](https://hex.pm/packages/assent), and uses Okta's OpenID Connect
discovery endpoint to retrieve token, authorization, and user info URLs.
In order to use Okta you need to provide the following minimum configuration:
- `client_id`
- `client_secret`
- `redirect_uri`
- `base_url` - your Okta authorization server, typically
`https://YOUR_OKTA_DOMAIN/oauth2/default` (the built-in `default`
Custom Authorization Server).
> #### Choosing a `base_url` {: .info}
>
> Okta exposes two kinds of authorization servers:
>
> - **Custom Authorization Server** (recommended) — issuer
> `https://YOUR_OKTA_DOMAIN/oauth2/{authServerId}`. Every Okta org ships
> with one named `default`.
> - **Org Authorization Server** — issuer `https://YOUR_OKTA_DOMAIN`. Only
> suitable for a small number of Okta-internal use cases.
>
> If you're not sure, use the `default` Custom Authorization Server.
## More documentation:
- The [Okta Tutorial](/documentation/tutorials/okta.md) — covers groups
claims, step-up / MFA via `acr_values`, and Org vs Custom server choice
in depth.
- The [Okta OpenID Connect Overview](https://developer.okta.com/docs/concepts/oauth-openid/).
- The [OIDC documentation](`AshAuthentication.Strategy.Oidc`).
"""
alias AshAuthentication.Strategy.{Custom, Oidc}
use Custom, entity: Dsl.dsl()
defdelegate transform(strategy, dsl_state), to: Oidc
defdelegate verify(strategy, dsl_state), to: Oidc
end