I'm trying to use Okta's Sign-In Widget and the Okta API to find out what groups a user is associated with.
The Okta API which returns what groups a user is associated with but I'm only able to use this when I go to it from the admin console, so this must be based on a Okta admin session because if I don't I get this error:
{"errorCode":"E0000005","errorSummary":"Invalid session","errorLink":"E0000005","errorId":"oaeLznzzAC0QaaLJmjDEls5rA","errorCauses":[]}
How can I use the Okta Sign-In Widget and the "Get Member Groups" API resource to redirect the user based on the group they are associated with?
I'm trying to use Okta's Sign-In Widget and the Okta API to find out what groups a user is associated with.
The Okta API which returns what groups a user is associated with but I'm only able to use this when I go to it from the admin console, so this must be based on a Okta admin session because if I don't I get this error:
{"errorCode":"E0000005","errorSummary":"Invalid session","errorLink":"E0000005","errorId":"oaeLznzzAC0QaaLJmjDEls5rA","errorCauses":[]}
How can I use the Okta Sign-In Widget and the "Get Member Groups" API resource to redirect the user based on the group they are associated with?
Share Improve this question edited Nov 3, 2016 at 20:59 Joël Franusic 1,1888 silver badges18 bronze badges asked Nov 3, 2016 at 15:35 Brent GammonBrent Gammon 552 silver badges7 bronze badges1 Answer
Reset to default 5Rather than use the "Get Member Groups" API resource to get the groups that an Okta user is associated with, I suggest configuring the Okta Sign-In Widget to have the group claims returned to your code directly. The code below shows how to do this and check if the user is in a group named "Example".
<!DOCTYPE html>
<html>
<head>
<title>Get Groups for Okta User using the Okta Sign-In Widget</title>
<script src="https://ok1static.oktacdn./assets/js/sdk/okta-signin-widget/1.7.0/js/okta-sign-in.min.js" type="text/javascript"></script>
<link href="https://ok1static.oktacdn./assets/js/sdk/okta-signin-widget/1.7.0/css/okta-sign-in.min.css" type="text/css" rel="stylesheet">
<link href="https://ok1static.oktacdn./assets/js/sdk/okta-signin-widget/1.7.0/css/okta-theme.css" type="text/css" rel="stylesheet">
</head>
<body>
<div id="okta-login-container"></div>
<script type="text/javascript">
var OKTA_ORG_URL = 'https://example.okta.';
var OKTA_CLIENT_ID = '0abcdefgHIjkL12mn3oP';
var oktaSignIn = new OktaSignIn({
authParams: {
responseType: 'id_token',
responseMode: 'okta_post_message',
scopes: ['openid', 'groups']
},
clientId: OKTA_CLIENT_ID,
baseUrl: OKTA_ORG_URL
});
oktaSignIn.renderEl(
{ el: '#okta-login-container' },
function (res) {
if (res.status === 'SUCCESS') {
console.log('User successfully authenticated');
console.log(res);
if (res.claims.groups.includes('Example')) {
console.log("User in 'Example' group");
// Unment the line below to redirect to example.
// window.location = "http://www.example.";
}
}
}
);
</script>
</body>
</html>
Note: You must have the "Groups claim" in the "Sign On" section your Okta app is configured to pass along the groups you want. The configuration screen for the Groups claim is below. I've set the claim to pass along all groups that the user is assigned to. You'll likely want to configure it to only pass through the groups that you care about.
发布者:admin,转转请注明出处:http://www.yc00.com/questions/1745539682a4632069.html
评论列表(0条)