2.2.1 • Published 1 month ago

@bizdoc/okta v2.2.1

Weekly downloads
-
License
-
Repository
-
Last release
1 month ago

Okta for BizDoc

BizDoc supports Okta for both authentication and authorization, in one of two configurations: server flow or client flow.

Server flow redirects unauthorized users to Okta sign-in page on Okta domain, and handles the redirect. Client flow prompts unauthorized users for credentials in an hosted widget, and negotiate with Okta on the background.

Setting up

1) For both modes, install BizDoc Nuget package:

dotnet add package BizDoc.Core.Okta

2) Add Okta application. If using server mode, choose Web Application. If using client mode, choose ODIC - OpenID Connect, and select SPA.

Okta sign-in redirect url should match "/authorization-code/callback" on server mode, and no path for client mode.

Create an API Token to allow BizDoc to retrieve users information.

3) In startup.cs, add Okta service.

For server flow, use AddOktaRedirect:

AddBizDoc(o=> {
    o.ApplicationUri = "https://app-domain";
  })
  .AddOktaServer(o=> {
    o.ApiToken = "api-token";
    o.Domain = "domain-name";
    o.ClientId = "client-id";
    o.ClientSecret = "client-secret";
  }).
    UseIdentityProvider();
  ...
UseBizDoc().
  .UseOktaServer();

For client mode, use AddOkta:

AddBizDoc(...)
  .AddOkta(o=> {
    o.ApiToken = "api-token";
    o.Domain = "domain-name";
  }).
    UseIdentityProvider();

The UseIdentityProvider() method registers an identity provider which retrieve user information from Okta. To use a different provider, while still authenticating via Okta, see Implementing Identity Provider.

4) Client mode only, install Angular package:

npm i @bizdoc/okta

Add Okta configuration in Angular app.module:

OktaModule.forRoot({
  domain: 'domain-name',
  clientId: 'client-id'  
})

Roles

In order to map user groups to BizDoc roles for authorization purposes, add a new claim to Okta Authorization Server with the following specifications.

PropertyValue
Namebizdoc.roles
Include in token typeID Token
Value typeGroups
FilterMatches regex, .*
Include inAny scope

System Role

Add an attribute to either application profile or all profiles and set its type to boolean. Add a claim in API server that map to the profile attribute you created.

PropertyValue
Namebizdoc.admin
Include in token typeID Token
Value typeExpression
Valueuser.{attr-name-here}
@okta/okta-angular@okta/okta-auth-js@okta/okta-signin-widgettslib
@infinitebrahmanuniverse/nolb-_biz@everything-registry/sub-chunk-129
2.2.1

1 month ago

2.2.0

2 months ago

2.1.3

4 months ago

2.1.1

8 months ago

2.0.0

11 months ago

1.19.0

12 months ago

1.18.0

1 year ago

1.17.0

2 years ago

1.16.0

2 years ago

1.15.0

2 years ago

1.14.1

2 years ago

1.14.2

2 years ago

1.14.0-next.1

2 years ago

1.13.1

2 years ago

1.13.0

2 years ago

1.11.0-next.1

2 years ago

1.10.0

2 years ago

1.9.1

2 years ago

1.9.0

2 years ago

1.8.1

2 years ago

1.8.0

3 years ago

0.1.3

3 years ago

0.1.6

3 years ago

0.1.5

3 years ago

0.1.0

3 years ago

0.1.2

3 years ago

0.1.1

3 years ago

0.0.8

3 years ago

0.0.5

3 years ago

0.0.3

3 years ago

0.0.2

3 years ago

0.0.1

3 years ago