More Okta updates to TCK#330
Conversation
|
|
||
| // TODO - will need to make this configurable for Okta | ||
| String rawChangePasswordEmail = account.getEmail("stormpath.com") | ||
| String rawChangePasswordEmail = account.getEmail("okta.com") |
There was a problem hiding this comment.
This cannot be hard coded, the tests work against both stormpath and okta (and if sending verification emails through a non-okta domain the from from may be different) i.e. google forces the 'from' field to the sender.
(I hacked up a fix for this yesterday before seeing your PR
| .path("access_token") | ||
|
|
||
| assertTrue(JwtUtils.extractJwtClaim(accessToken, "sub") == account.href) | ||
| assertTrue(JwtUtils.extractJwtClaim(accessToken, "sub") == account.email) |
There was a problem hiding this comment.
This should probably be an href || email check ?
| facebookClientSecret = getVal("FACEBOOK_CLIENT_SECRET") | ||
| if (jwtSigningKey == null || facebookClientId == null || facebookClientSecret == null) { | ||
| fail("JWT_SIGNING_KEY, FACEBOOK_CLIENT_ID and FACEBOOK_CLIENT_SECRET environment variables are required") | ||
| if (jwtSigningKeyModulus == null || jwtSigningKeyExponent == null || facebookClientId == null || facebookClientSecret == null) { |
There was a problem hiding this comment.
we should probably allow setting both. Or we could just set the keys endpoint and download the keys as needed?
|
Hey I didn't see this PR until last night, I pushed some changes #331, that should address a couple of the things I've mentioned (but leave a few other problems, like JWT validation) I can take a shot a using the keys endpoint to validate the RSA key ( I have some similar code in the java SDK already). |
Fixed a lot of small issues.
Made the JWT support RSA (asymmetric) signed tokens, which is what Okta returns. The elegant solution would be to inspect the JWKS document on the Authorization Server's
.well-knownendpoint, but for now I just used a hack: you have to copy the key's modulus and exponent into theJWT_SIGNING_KEY_MODandJWT_SIGNING_KEY_EXPenv vars. If someone wants to make it better, be my guest 😄