public async Task <IActionResult> Register(RegisterViewModel model, string returnUrl = null) { ViewData["ReturnUrl"] = returnUrl; if (ModelState.IsValid) { var client = new OktaClient(new OktaClientConfiguration { OktaDomain = this._oktaSettings.OktaDomain, Token = this._oktaSettings.ApiKey, }); var user = await client.Users.CreateUserAsync(new CreateUserWithPasswordOptions { // User profile object Profile = new UserProfile { FirstName = model.FirstName, LastName = model.LasttName, Email = model.Email, Login = model.Login }, Password = model.Password, Activate = true }); } return(RedirectToAction("Index", "Home")); }
public async Task <ActionResult> OnPostSaveConsent() { //Write Consent JSON to Okta //Check with Okta to see if concent is required string userEmail = GetUserName(); //User is logged in. Check on consent if (userEmail != "ERROR") { //Create a new okta client to get profile data for the user var client = new OktaClient(new Okta.Sdk.Configuration.OktaClientConfiguration { OktaDomain = _globalConfiguration.Okta_Org, Token = helpers.GetOktaAPIToken() }); var currentUser = await client.Users.GetUserAsync(userEmail); //TODO: Clean this crap up Consent_Version = _globalConfiguration.GDPR_Consent_Version; currentUser.Profile["consent"] = @"{'Version': '" + Consent_Version + "', 'Date': '" + DateTime.Now + "'}"; var updateResult = await currentUser.UpdateAsync(); return(Redirect("~/")); } else { return(Redirect("~/")); } }
public string FindAppByName() { ILog logger = log4net.LogManager.GetLogger(System.Reflection.MethodBase.GetCurrentMethod().DeclaringType); NameValueCollection appSettings = ConfigurationManager.AppSettings; logger.Debug("FindAppByName "); string appName = appSettings["custom.StorageAppName"]; //check App profile where help desk credentials are stored try { App myApp = new App(); //myApp.Id = appId; OktaClient oktaClient = new OktaClient(_orgSettings); AppsClient appsClient = oktaClient.GetAppsClient(); PagedResults <App> integratedApps = appsClient.GetList(query: appName); myApp.Id = integratedApps.LastId; return(myApp.Id); } catch (OktaException ex) { logger.Error(" ErrorCode: " + ex.ErrorCode + " " + ex.ErrorSummary); return(null); }//end catch }
internal static Models.User CreateUser(OktaClient oktaClient, TestUser dbUser, string strDateSuffix, out string strEx) { Models.User oktaUser = null; strEx = string.Empty; Assert.IsTrue(RegexUtilities.IsValidEmail(dbUser.Login), string.Format("Okta user login {0} is not valid", dbUser.Login)); Assert.IsTrue(RegexUtilities.IsValidEmail(dbUser.Email), string.Format("Okta user email {0} is not valid", dbUser.Email)); string strUserLogin = dbUser.Login; try { var usersClient = oktaClient.GetUsersClient(); Models.User user = new Models.User(strUserLogin, dbUser.Email, dbUser.FirstName, dbUser.LastName); Models.User existingUser = usersClient.GetByUsername(strUserLogin); //in case our user already exists, we create a new user with a "more unique" username attribute if (existingUser != null) { string[] arUserLogin = strUserLogin.Split('@'); //changing the username to make it unique (since it's not yet possible to delete Okta users) strUserLogin = string.Format("{0}_{1}@{2}", arUserLogin[0], strDateSuffix, arUserLogin[1]); user = new Models.User(strUserLogin, dbUser.Email, dbUser.FirstName, dbUser.LastName); } oktaUser = usersClient.Add(user, dbUser.Activate); } catch (OktaException e) { strEx = string.Format("Error Code: {0} - Summary: {1} - Message: {2}", e.ErrorCode, e.ErrorSummary, e.Message); } return(oktaUser); }
public async Task <ActionResult> OnPostDeleteProfile() { //Tell Okta to delete profile var client = new OktaClient(new Okta.Sdk.Configuration.OktaClientConfiguration { OktaDomain = _globalConfiguration.Okta_Org, Token = helpers.GetOktaAPIToken() }); oktaProfile.Email = GetUserName(); var currentUser = await client.Users.GetUserAsync(oktaProfile.Email); // First, deactivate the user await currentUser.DeactivateAsync(); // Then delete the user await currentUser.DeactivateOrDeleteAsync(); // Then, remove cookies foreach (var cookie in Request.Cookies.Keys) { Response.Cookies.Delete(cookie); } //Log out return(Redirect("~/")); }
/************************ * On Signup Button Post * ************************/ //TODO: Currently no error handling and the user auto activates which means anyone can create as many accounts as desired with no verification. //TODO: Currently no factor enrollment is supported in API integrations. Use widget demos for now. public ActionResult OnPostSignup() { try { var client = new OktaClient(new Okta.Sdk.Configuration.OktaClientConfiguration { OktaDomain = _globalConfiguration.Okta_Org, Token = helpers.GetOktaAPIToken() }); // Create a user with the specified password //TODO: Add capcha to protect from spam. Add more profile bits like phone for mfa. //TODO: Do a check to make sure that the username is unique or there will be a crash var createUserResponse = client.Users.CreateUserAsync(new CreateUserWithPasswordOptions { // User profile object Profile = new UserProfile { FirstName = FirstNameInput, LastName = LastNameInput, Email = EmailInput, Login = UserNameInput }, Password = PasswordInput, Activate = true, }).Result; } catch (Exception ex) { //TODO: Handle Errors } return(Redirect("page-login-api")); }
/************************** * Sign Up Submit * ***************************/ public ActionResult OnPostSignup() { try { var client = new OktaClient(new Okta.Sdk.Configuration.OktaClientConfiguration { OktaDomain = Configuration.GetValue <string>("Okta:OktaDomain"), Token = Configuration.GetValue <string>("Okta:APIToken") }); // Create a user with the specified password //TODO: Add capcha to protect from spam. Add more profile bits like phone for mfa. https://blog.davem.dev/2019/03/integrating-google-recaptcha-v2-with.html //TODO: Do a check to make sure that the username is unique or there will be a crash var createUserResponse = client.Users.CreateUserAsync(new CreateUserWithPasswordOptions { // User profile object Profile = new UserProfile { FirstName = FirstNameInput, LastName = LastNameInput, Email = EmailInput, Login = EmailInput }, Activate = true, }).Result; } catch (Exception ex) { //TODO: Handle Errors } return(Redirect("Index?pendingSignUp=true")); }
internal static Models.Group CreateGroup(OktaClient oktaClient, TestGroup dbGroup, out string strEx) { Models.Group oktaGroup = null; strEx = string.Empty; string strGroupName = dbGroup.Name; try { var groupsClient = oktaClient.GetGroupsClient(); Models.Group group = new Models.Group(strGroupName, dbGroup.Description); Models.Group existingGroup = groupsClient.GetByName(strGroupName); if (existingGroup == null) { oktaGroup = groupsClient.Add(group); } else { strEx = string.Format("Group {0} already exists", existingGroup.Profile.Name); } } catch (OktaException e) { strEx = string.Format("Error Code: {0} - Summary: {1} - Message: {2}", e.ErrorCode, e.ErrorSummary, e.Message); } return(oktaGroup); }
protected async void Button3_Click(object sender, EventArgs e) { //initialize sdk client and user var sdkClient = new OktaClient(new OktaClientConfiguration { OktaDomain = ConfigurationManager.AppSettings["OktaDomain"].ToString(), Token = ConfigurationManager.AppSettings["ApiKey"].ToString(), }); var user = await sdkClient.Users.GetUserAsync(userParam); //get email factor id var emailFactor = await user.Factors.FirstOrDefaultAsync(x => x.FactorType == FactorType.Email); //ask user for otp var factorRequest = new ActivateFactorRequest() { PassCode = TextBox2.Text, }; //verify otp var factorResponse = await sdkClient.UserFactors.ActivateFactorAsync(factorRequest, user.Id, emailFactor.Id); if (factorResponse.Status == "ACTIVE") { Response.Redirect("WebForm2.aspx" + "?email=" + TextBox1.Text); } else { Label1.Text = factorResponse.Status; } }
public async Task FailIfStatusCodeIs4xx(HttpStatusCode statusCode) { var response = @"{""error"":""invalid_client"",""error_description"":""The audience claim for client_assertion must be the endpoint invoked for the request.""}"; var messageHandler = new MockHttpMessageHandler(response, statusCode); var httpClient = new HttpClient(messageHandler); var configuration = new OktaClientConfiguration(); configuration.OktaDomain = "https://myOktaDomain.oktapreview.com"; configuration.AuthorizationMode = AuthorizationMode.PrivateKey; configuration.ClientId = "foo"; configuration.PrivateKey = TestCryptoKeys.GetMockRSAPrivateKeyConfiguration(); configuration.Scopes = new List <string> { "foo" }; var oktaClient = new OktaClient(configuration); var logger = Substitute.For <ILogger>(); var resourceFactory = new ResourceFactory(oktaClient, logger); var tokenProvider = new DefaultOAuthTokenProvider(configuration, resourceFactory, httpClient); Func <Task <string> > function = async() => await tokenProvider.GetAccessTokenAsync(); function.Should().Throw <OktaOAuthException>().Where(x => x.StatusCode == (int)statusCode && x.Error == "invalid_client" && x.ErrorDescription == "The audience claim for client_assertion must be the endpoint invoked for the request."); }
public async Task FailIfAccessTokenNotFound() { var response = @"{""foo"":""bar""}"; var messageHandler = new MockHttpMessageHandler(response, HttpStatusCode.OK); var httpClient = new HttpClient(messageHandler); var configuration = new OktaClientConfiguration(); configuration.OktaDomain = "https://myOktaDomain.oktapreview.com"; configuration.AuthorizationMode = AuthorizationMode.PrivateKey; configuration.ClientId = "foo"; configuration.PrivateKey = TestCryptoKeys.GetMockRSAPrivateKeyConfiguration(); configuration.Scopes = new List <string> { "foo" }; var oktaClient = new OktaClient(configuration); var logger = Substitute.For <ILogger>(); var resourceFactory = new ResourceFactory(oktaClient, logger); var tokenProvider = new DefaultOAuthTokenProvider(configuration, resourceFactory, httpClient); Func <Task <string> > function = async() => await tokenProvider.GetAccessTokenAsync(); function.Should().Throw <MissingFieldException>(); }
public async Task EnrollSmsFactor() { var oktaClient = new OktaClient(); var guid = Guid.NewGuid(); // MFA Group w/ SMS policy var groupId = "{groupId}"; var createdUser = await oktaClient.Users.CreateUserAsync(new CreateUserWithPasswordOptions { Profile = new UserProfile { FirstName = "John", LastName = "Enroll-SMS", Email = $"john-enroll-sms-dotnet-authn-{guid}@example.com", Login = $"john-enroll-sms-dotnet-authn-{guid}@example.com", }, Password = "******", Activate = true, }); try { await oktaClient.Groups.AddUserToGroupAsync(groupId, createdUser.Id); var authnClient = TestAuthenticationClient.Create(); var authnOptions = new AuthenticateOptions() { Username = $"john-enroll-sms-dotnet-authn-{guid}@example.com", Password = "******", MultiOptionalFactorEnroll = true, WarnBeforePasswordExpired = true, }; var authnResponse = await authnClient.AuthenticateAsync(authnOptions); authnResponse.Should().NotBeNull(); authnResponse.Embedded.GetArrayProperty <Factor>("factors").Should().NotBeNull(); authnResponse.Embedded.GetArrayProperty <Factor>("factors").Should().HaveCountGreaterThan(0); authnResponse.AuthenticationStatus.Should().Be(AuthenticationStatus.MfaEnroll); var enrollOptions = new EnrollSmsFactorOptions() { PhoneNumber = "+1 415 555 5555", StateToken = authnResponse.StateToken, }; authnResponse = await authnClient.EnrollFactorAsync(enrollOptions); authnResponse.Should().NotBeNull(); authnResponse.AuthenticationStatus.Should().Be(AuthenticationStatus.MfaEnrollActivate); authnResponse.GetProperty <Factor>("factor").Should().NotBeNull(); authnResponse.GetProperty <Factor>("factor").Profile.GetProperty <string>("phoneNumber").Should().NotBeNullOrEmpty(); } finally { await createdUser.DeactivateAsync(); await createdUser.DeactivateOrDeleteAsync(); } }
public async Task ReturnAccessTokenWhenRequestSuccess() { var response = @"{""token_type"":""Bearer"",""expires_in"":3600,""access_token"":""foo"",""scope"":""okta.users.read okta.users.manage""}"; var messageHandler = new MockHttpMessageHandler(response, HttpStatusCode.OK); var httpClient = new HttpClient(messageHandler); var configuration = new OktaClientConfiguration(); configuration.OktaDomain = "https://myOktaDomain.oktapreview.com"; configuration.AuthorizationMode = AuthorizationMode.PrivateKey; configuration.ClientId = "foo"; configuration.PrivateKey = TestCryptoKeys.GetMockRSAPrivateKeyConfiguration(); configuration.Scopes = new List <string> { "foo" }; var oktaClient = new OktaClient(configuration); var logger = Substitute.For <ILogger>(); var resourceFactory = new ResourceFactory(oktaClient, logger); var tokenProvider = new DefaultOAuthTokenProvider(configuration, resourceFactory, httpClient); var token = await tokenProvider.GetAccessTokenAsync(); token.Should().Be("foo"); }
public List <string> GetAllApps() { List <string> allAppList = new List <string>(); var client = new OktaClient(new OktaClientConfiguration { OktaDomain = _config.GetValue <string>("OktaWeb:OktaDomain"), Token = _config.GetValue <string>("OktaWeb:ApiToken") }); var myList = client.Applications.ListApplications().ToListAsync().Result; //var myList = client.Users.ListAppLinks(oktaId, showAll: true).ToListAsync().Result; foreach (var item in myList) { var temp1 = item.Label.IndexOf("CVS"); if (item.Label.IndexOf("CVS") == 0) { //var temp = item.Label; allAppList.Add(item.Label); } } return(allAppList); }
private bool CreateSdkUser(string f, string l, string u, string p) { try { var client = new OktaClient(new OktaClientConfiguration { OktaDomain = oktaDomain, Token = apiKey }); // Create a user with the specified password var vader = client.Users.CreateUserAsync(new CreateUserWithPasswordOptions { // User profile object Profile = new UserProfile { FirstName = f, LastName = l, Email = u, Login = u, }, Password = p, Activate = true, }).Result; } catch { return(false); } return(true); }
public async Task CreateProfileUpdateNickNameAndCustomAttribute() { var client = new OktaClient( new OktaClientConfiguration { OrgUrl = _orgUrl, Token = _token }); var identifier = DateTime.Now.Ticks.ToString(); var email = $"Test_{identifier}@test.com"; var user = await client.Users.CreateUserAsync( // User with password new CreateUserWithPasswordOptions { // User profile object Profile = new UserProfile { FirstName = $"OktaSdk_FN_{identifier}", LastName = $"OktaSdk_LN_{identifier}", Email = email, Login = email, ["nickName"] = $"OnCreate_{identifier}", ["CrmId"] = $"{identifier}" }, Password = "******", Activate = false, }); user.Profile["nickName"] = $"OnUpdate_{identifier}"; user.Profile["CrmId"] = $"CrmId_{identifier}"; user = await user.UpdateAsync(); }
//Save new password to Okta public async Task <ActionResult> OnPostSetPassword() { if (oktaChangePasswordProfile.NewPassword == oktaChangePasswordProfile.VerifyPassword) { //Post password reset to Okta var client = new OktaClient(new Okta.Sdk.Configuration.OktaClientConfiguration { OktaDomain = _globalConfiguration.Okta_Org, Token = helpers.GetOktaAPIToken() }); oktaProfile.Email = GetUserName(); var currentUser = await client.Users.GetUserAsync(oktaProfile.Email); ChangePasswordOptions options = new ChangePasswordOptions { CurrentPassword = oktaChangePasswordProfile.CurrentPassword, NewPassword = oktaChangePasswordProfile.NewPassword }; var changePassResult = await currentUser.ChangePasswordAsync(options); //TODO: Do some error checking here SuccessMessage = "Your Password Has Been Changed"; bShowSuccessMessage = true; } else { ErrorMessage = "The Passwords Dont Match"; bShowErrorMessage = true; } //TODO Present result / error to user in banner return(Redirect("page-profile-settings-1")); }
public async Task NotRetryRequestOnceWhenResponseIsNot401AndAuthorizationModeIsPrivateKeyAsync(HttpStatusCode statusCode) { var requestMessageHandler = new MockHttpMessageHandler(string.Empty, statusCode); var httpClientRequest = new HttpClient(requestMessageHandler); var configuration = new OktaClientConfiguration(); configuration.OktaDomain = "https://myOktaDomain.oktapreview.com"; configuration.AuthorizationMode = AuthorizationMode.PrivateKey; configuration.ClientId = "foo"; configuration.PrivateKey = TestCryptoKeys.GetMockRSAPrivateKeyConfiguration(); configuration.Scopes = new List <string> { "foo" }; var oktaClient = new OktaClient(configuration); var logger = Substitute.For <ILogger>(); var resourceFactory = new ResourceFactory(oktaClient, logger); var tokenResponse = @"{""token_type"":""Bearer"",""expires_in"":3600,""access_token"":""foo"",""scope"":""okta.users.read okta.users.manage""}"; var tokenMessageHandler = new MockHttpMessageHandler(tokenResponse, HttpStatusCode.OK); var httpClientToken = new HttpClient(tokenMessageHandler); var tokenProvider = new DefaultOAuthTokenProvider(configuration, resourceFactory, httpClientToken); var requestExecutor = new DefaultRequestExecutor(configuration, httpClientRequest, logger, new NoRetryStrategy(), tokenProvider); var response = await requestExecutor.GetAsync("foo", null, default(CancellationToken)); response.StatusCode.Should().Be((int)statusCode); tokenMessageHandler.NumberOfCalls.Should().Be(1); requestMessageHandler.NumberOfCalls.Should().Be(1); }
public UserController(IConfiguration configuration) { oktaClient = new OktaClient(new OktaClientConfiguration { OktaDomain = configuration["Okta:OktaDomain"], Token = configuration["Okta:ApiToken"] }); }
//private string userId; public UserController() { client = new OktaClient(new OktaClientConfiguration { OrgUrl = "https://dev-613050.oktapreview.com", Token = "00irV9xpiSe5upDotwfq6l4wb40JAiL61GdW8ZAV9f" }); }
public GroupsToRolesTransformer(IOktaSettings settings) { client = new OktaClient(new OktaClientConfiguration { OktaDomain = settings.OktaDomain, Token = settings.Token }); }
public OktaUserStore(IConfiguration configuration, DbContext context, IdentityErrorDescriber describer = null) : base(context, describer) { oktaClient = new OktaClient(new OktaClientConfiguration { OktaDomain = configuration["Okta:Domain"], Token = configuration["Okta:ApiToken"] }); }
public HomeController() { //TODO appsettings.json (inject config object) client = new OktaClient(new OktaClientConfiguration { OrgUrl = "https://your-okta-host-url", //e.g. https://your-hostname.oktapreview.com Token = "your-okta-api-key" }); }
// TODO: SETUP DEPENDENCY INJECTION public UsersController(IConfiguration config) { Config = config; Client = new OktaClient(new OktaClientConfiguration { OktaDomain = Config["Okta:OktaDomain"], Token = Config["Okta:ApiKey"] }); }
private static void GetUserTest(string id) { var user = new OktaClient().GetUserAsync(id).GetAwaiter().GetResult(); Console.WriteLine("User (searching on '" + id + "'):"); WriteUser(user); Console.WriteLine("==============================="); Console.WriteLine(string.Empty); }
public static void CreateUser() { oktaTenantUrl = ConfigurationManager.AppSettings["OktaTenantUrl"]; oktaApiKey = ConfigurationManager.AppSettings["OktaApiKey"]; oktaUserLogin = ConfigurationManager.AppSettings["NewUserLogin"]; oktaUserEmail = ConfigurationManager.AppSettings["NewUserEmail"]; Console.WriteLine("\r\nWelcome to the {0} Okta organization.\r\n", oktaTenantUrl); //A valid Api Key IS necessary when using the generic Okta Client (a convenience client to create other clients) if (!string.IsNullOrWhiteSpace(oktaApiKey)) { oktaClient = new OktaClient(oktaApiKey, new Uri(oktaTenantUrl)); //the OktaClient object can be used to instantiate other clients such as the UsersClient object (to manage Okta users) usersClient = oktaClient.GetUsersClient(); } try { if (string.IsNullOrEmpty(oktaUserLogin)) { Console.Write("Please enter the login of the new user (as an email address) and press Enter: "); oktaUserLogin = Console.ReadLine(); } if (string.IsNullOrEmpty(oktaUserEmail)) { Console.Write("Please enter the email address for your new user and press Enter: "); oktaUserEmail = Console.ReadLine(); } //create the Okta user User newUser = new User(oktaUserLogin, oktaUserEmail, "First Name", "Last Name"); //this is what you would do to set a custom attribute on the Okta user's profile newUser.Profile.SetProperty("employeeNumber", "1234"); //Activating the user though the API will trigger an email to the user's primary email (i.e. oktaUserEmail) usersClient.Add(newUser, true); Console.WriteLine("An activation email to {0} is on its way!", oktaUserEmail); } catch (OktaException oex) { Console.WriteLine(oex.ErrorCode + ":" + oex.ErrorSummary); Console.ReadKey(); } catch (Exception ex) { Console.WriteLine(ex.ToString()); Console.ReadKey(); throw; } }
private static void UpdateUserProfileTest(string email) { var user = new OktaClient().GetUserAsync(email).GetAwaiter().GetResult(); user.Profile.FirstName = "Kyle"; Console.WriteLine("Attempting to update with email '" + email + "'..."); var updatedUser = new OktaClient().UpdateUserProfileAsync(user).GetAwaiter().GetResult(); WriteUser(updatedUser); }
public AccountController(IConfiguration configuration, IFido2 fido2) { this.fido2 = fido2; oktaClient = new OktaClient(new OktaClientConfiguration { OktaDomain = configuration["Okta:Domain"], Token = configuration["Okta:ApiToken"] }); }
public void ThrowForNullTokenWhenAuthorizationModeIsSSWS() { Assert.Throws <ArgumentNullException>(() => { var client = new OktaClient(new OktaClientConfiguration { OktaDomain = "https://dev-12345.oktapreview.com", Token = string.Empty, }); }); }
public void ThrowForNullOktaDomain() { Assert.Throws <ArgumentNullException>(() => { var client = new OktaClient(new OktaClientConfiguration { OktaDomain = string.Empty, Token = "foobar", }); }); }