Documentation
¶
Index ¶
- Constants
- func CheckResponse(r *http.Response) error
- type ActivationResponse
- type App
- type AppFilterOptions
- type AppGroups
- type AppUser
- type AppsService
- func (a *AppsService) GetByID(appID string) (*App, *Response, error)
- func (a *AppsService) GetGroups(appID string) (appGroups []AppGroups, resp *Response, err error)
- func (a *AppsService) GetUser(appID string, userID string) (appUser AppUser, resp *Response, err error)
- func (a *AppsService) GetUsers(appID string, opt *AppFilterOptions) (appUsers []AppUser, resp *Response, err error)
- type Client
- func NewClient(httpClient *http.Client, orgName string, apiToken string, isProduction bool) *Client
- func NewClientWithBaseURL(httpClient *http.Client, baseURL *url.URL, apiToken string) *Client
- func NewClientWithDomain(httpClient *http.Client, orgName string, domain string, apiToken string) (*Client, error)
- type Group
- type GroupFilterOptions
- type GroupUserFilterOptions
- type GroupsService
- func (g *GroupsService) Add(groupName string, groupDescription string) (*Group, *Response, error)
- func (g *GroupsService) AddUserToGroup(groupID string, userID string) (*Response, error)
- func (g *GroupsService) Delete(groupID string) (*Response, error)
- func (g *GroupsService) GetByID(groupID string) (*Group, *Response, error)
- func (g *GroupsService) GetUsers(groupID string, opt *GroupUserFilterOptions) (users []User, resp *Response, err error)
- func (g *GroupsService) ListWithFilter(opt *GroupFilterOptions) ([]Group, *Response, error)
- func (g *GroupsService) RemoveUserFromGroup(groupID string, userID string) (*Response, error)
- type NewUser
- type Rate
- type RateLimitError
- type ResetPasswordResponse
- type Response
- type User
- type UserListFilterOptions
- type UsersService
- func (s *UsersService) Activate(id string, sendEmail bool) (*ActivationResponse, *Response, error)
- func (s *UsersService) Create(userIn NewUser, createAsActive bool) (*User, *Response, error)
- func (s *UsersService) Deactivate(id string) (*Response, error)
- func (s *UsersService) GetByID(id string) (*User, *Response, error)
- func (s *UsersService) ListWithFilter(opt *UserListFilterOptions) ([]User, *Response, error)
- func (s *UsersService) NewUser() NewUser
- func (s *UsersService) PopulateEnrolledFactors(user *User) (*Response, error)
- func (s *UsersService) PopulateGroups(user *User) (*Response, error)
- func (s *UsersService) PopulateMFAFactors(user *User) (*Response, error)
- func (s *UsersService) ResetPassword(id string, sendEmail bool) (*ResetPasswordResponse, *Response, error)
- func (s *UsersService) SetPassword(id string, newPassword string) (*User, *Response, error)
- func (s *UsersService) Suspend(id string) (*Response, error)
- func (s *UsersService) Unlock(id string) (*Response, error)
- func (s *UsersService) Unsuspend(id string) (*Response, error)
Constants ¶
const ( // MFAStatusActive is a constant to represent OKTA User State returned by the API MFAStatusActive = "ACTIVE" // MFAStatusPending is a user MFA Status of NOT Active MFAStatusPending = "PENDING_ACTIVATION" )
const ( // GroupTypeOKTA - group type constant for an OKTA Mastered Group GroupTypeOKTA = "OKTA_GROUP" // GroupTypeBuiltIn - group type constant for a Built in OKTA groups GroupTypeBuiltIn = "BUILT_IN" // GroupTypeApp -- group type constant for app mastered group GroupTypeApp = "APP_GROUP" )
const ( // FilterEqualOperator Filter Operatorid for "equal" FilterEqualOperator = "eq" // FilterStartsWithOperator - filter operator for "starts with" FilterStartsWithOperator = "sw" // FilterGreaterThanOperator - filter operator for "greater than" FilterGreaterThanOperator = "gt" // FilterLessThanOperator - filter operator for "less than" FilterLessThanOperator = "lt" )
const ( // UserStatusActive is a constant to represent OKTA User State returned by the API UserStatusActive = "ACTIVE" // UserStatusStaged is a constant to represent OKTA User State returned by the API UserStatusStaged = "STAGED" // UserStatusProvisioned is a constant to represent OKTA User State returned by the API UserStatusProvisioned = "PROVISIONED" // UserStatusRecovery is a constant to represent OKTA User State returned by the API UserStatusRecovery = "RECOVERY" // UserStatusLockedOut is a constant to represent OKTA User State returned by the API UserStatusLockedOut = "LOCKED_OUT" // UserStatusPasswordExpired is a constant to represent OKTA User State returned by the API UserStatusPasswordExpired = "PASSWORD_EXPIRED" // UserStatusSuspended is a constant to represent OKTA User State returned by the API UserStatusSuspended = "SUSPENDED" // UserStatusDeprovisioned is a constant to represent OKTA User State returned by the API UserStatusDeprovisioned = "DEPROVISIONED" )
Variables ¶
This section is empty.
Functions ¶
func CheckResponse ¶
CheckResponse checks the API response for errors, and returns them if present. A response is considered an error if it has a status code outside the 200 range. API error responses are expected to have either no response body, or a JSON response body that maps to ErrorResponse. Any other response body will be silently ignored.
The error type will be *RateLimitError for rate limit exceeded errors, and *TwoFactorAuthError for two-factor authentication errors. TODO - check un-authorized
Types ¶
type ActivationResponse ¶
type ActivationResponse struct {
ActivationURL string `json:"activationUrl"`
}
ActivationResponse - Response coming back from a user activation
type App ¶
type App struct {
ID string `json:"id"`
Name string `json:"name"`
Label string `json:"label"`
Status string `json:"status"`
LastUpdated time.Time `json:"lastUpdated"`
Created time.Time `json:"created"`
Accessibility struct {
SelfService bool `json:"selfService"`
ErrorRedirectURL interface{} `json:"errorRedirectUrl"`
LoginRedirectURL interface{} `json:"loginRedirectUrl"`
} `json:"accessibility"`
Visibility struct {
AutoSubmitToolbar bool `json:"autoSubmitToolbar"`
Hide struct {
IOS bool `json:"iOS"`
Web bool `json:"web"`
} `json:"hide"`
AppLinks struct {
TestorgoneCustomsaml20App1Link bool `json:"testorgone_customsaml20app_1_link"`
} `json:"appLinks"`
} `json:"visibility"`
Features []interface{} `json:"features"`
SignOnMode string `json:"signOnMode"`
Credentials struct {
UserNameTemplate struct {
Template string `json:"template"`
Type string `json:"type"`
} `json:"userNameTemplate"`
Signing struct {
} `json:"signing"`
} `json:"credentials"`
Settings struct {
App struct {
} `json:"app"`
Notifications struct {
Vpn struct {
Network struct {
Connection string `json:"connection"`
} `json:"network"`
Message interface{} `json:"message"`
HelpURL interface{} `json:"helpUrl"`
} `json:"vpn"`
} `json:"notifications"`
SignOn struct {
DefaultRelayState string `json:"defaultRelayState"`
SsoAcsURL string `json:"ssoAcsUrl"`
IdpIssuer string `json:"idpIssuer"`
Audience string `json:"audience"`
Recipient string `json:"recipient"`
Destination string `json:"destination"`
SubjectNameIDTemplate string `json:"subjectNameIdTemplate"`
SubjectNameIDFormat string `json:"subjectNameIdFormat"`
ResponseSigned bool `json:"responseSigned"`
AssertionSigned bool `json:"assertionSigned"`
SignatureAlgorithm string `json:"signatureAlgorithm"`
DigestAlgorithm string `json:"digestAlgorithm"`
HonorForceAuthn bool `json:"honorForceAuthn"`
AuthnContextClassRef string `json:"authnContextClassRef"`
SpIssuer interface{} `json:"spIssuer"`
RequestCompressed bool `json:"requestCompressed"`
AttributeStatements []interface{} `json:"attributeStatements"`
} `json:"signOn"`
} `json:"settings"`
Links struct {
Logo []struct {
Name string `json:"name"`
Href string `json:"href"`
Type string `json:"type"`
} `json:"logo"`
AppLinks []struct {
Name string `json:"name"`
Href string `json:"href"`
Type string `json:"type"`
} `json:"appLinks"`
Help struct {
Href string `json:"href"`
Type string `json:"type"`
} `json:"help"`
Users struct {
Href string `json:"href"`
} `json:"users"`
Deactivate struct {
Href string `json:"href"`
} `json:"deactivate"`
Groups struct {
Href string `json:"href"`
} `json:"groups"`
Metadata struct {
Href string `json:"href"`
Type string `json:"type"`
} `json:"metadata"`
} `json:"_links"`
}
App is the Model for an OKTA Application
type AppFilterOptions ¶
type AppFilterOptions struct {
NextURL *url.URL `url:"-"`
GetAllPages bool `url:"-"`
NumberOfPages int `url:"-"`
Limit int `url:"limit,omitempty"`
}
AppFilterOptions is used to generate a "Filter" to search for different Apps The values here coorelate to API Search paramgters on the group API
type AppGroups ¶
type AppGroups struct {
ID string `json:"id"`
LastUpdated time.Time `json:"lastUpdated"`
Priority int `json:"priority"`
Links struct {
User struct {
Href string `json:"href"`
} `json:"user"`
} `json:"_links"`
}
AppGroups - Groups assigned to Application
type AppUser ¶
type AppUser struct {
ID string `json:"id"`
ExternalID string `json:"externalId"`
Created time.Time `json:"created"`
LastUpdated time.Time `json:"lastUpdated"`
Scope string `json:"scope"`
Status string `json:"status"`
StatusChanged *time.Time `json:"statusChanged"`
PasswordChanged *time.Time `json:"passwordChanged"`
SyncState string `json:"syncState"`
LastSync *time.Time `json:"lastSync"`
Credentials struct {
UserName string `json:"userName"`
Password struct {
} `json:"password"`
} `json:"credentials"`
Profile struct {
SecondEmail interface{} `json:"secondEmail"`
LastName string `json:"lastName"`
MobilePhone interface{} `json:"mobilePhone"`
Email string `json:"email"`
SalesforceGroups []string `json:"salesforceGroups"`
Role string `json:"role"`
FirstName string `json:"firstName"`
Profile string `json:"profile"`
} `json:"profile"`
Links struct {
App struct {
Href string `json:"href"`
} `json:"app"`
User struct {
Href string `json:"href"`
} `json:"user"`
} `json:"_links"`
}
AppUser is the model for a user of an OKTA App
type AppsService ¶
type AppsService service
AppsService is a service to retreives applications from OKTA.
func (*AppsService) GetByID ¶
func (a *AppsService) GetByID(appID string) (*App, *Response, error)
GetByID gets a group from OKTA by the Gropu ID. An error is returned if the group is not found
func (*AppsService) GetGroups ¶
func (a *AppsService) GetGroups(appID string) (appGroups []AppGroups, resp *Response, err error)
GetGroups returns groups assigned to the application - Input appID is the Application GUID
func (*AppsService) GetUser ¶
func (a *AppsService) GetUser(appID string, userID string) (appUser AppUser, resp *Response, err error)
GetUser returns the AppUser model for one app users
func (*AppsService) GetUsers ¶
func (a *AppsService) GetUsers(appID string, opt *AppFilterOptions) (appUsers []AppUser, resp *Response, err error)
GetUsers returns the members in an App
Pass in an optional AppFilterOptions struct to filter the results The Users in the app are returned
type Client ¶
type Client struct {
// Base URL for API requests.
// This will be built automatically based on inputs to NewClient
// If needed you can override this if needed (your URL is not *.okta.com or *.oktapreview.com)
BaseURL *url.URL
// User agent used when communicating with the GitHub API.
UserAgent string
PauseOnRateLimit bool
// RateRemainingFloor - If the API returns a "X-Rate-Limit-Remaining" header less than this the SDK will either pause
// Or throw RateLimitError depending on the client.PauseOnRateLimit value. It defaults to 30
// One client doing too much work can lock out all API Access for every other client
// We are trying to be a "good API User Citizen"
RateRemainingFloor int
Limit int
// Services used for talking to different parts of the API.
// Service for Working with Users
Users *UsersService
// Service for Working with Groups
Groups *GroupsService
// Service for Working with Apps
Apps *AppsService
// contains filtered or unexported fields
}
A Client manages communication with the API.
func NewClient ¶
NewClient returns a new OKTA API client. If a nil httpClient is provided, http.DefaultClient will be used.
func NewClientWithBaseURL ¶
NewClientWithBaseURL creates a client based on the full base URL and api token
func NewClientWithDomain ¶
func NewClientWithDomain(httpClient *http.Client, orgName string, domain string, apiToken string) (*Client, error)
NewClientWithDomain creates a client based on the organziation name and base domain for requests (okta.com, okta-emea.com, oktapreview.com, etc).
func (*Client) Do ¶
Do sends an API request and returns the API response. The API response is JSON decoded and stored in the value pointed to by v, or returned as an error if an API error has occurred. If v implements the io.Writer interface, the raw response body will be written to v, without attempting to first decode it. If rate limit is exceeded and reset time is in the future, Do returns rate immediately without making a network API call.
func (*Client) NewRequest ¶
NewRequest creates an API request. A relative URL can be provided in urlStr, in which case it is resolved relative to the BaseURL of the Client. Relative URLs should always be specified without a preceding slash. If specified, the value pointed to by body is JSON encoded and included as the request body.
type Group ¶
type Group struct {
ID string `json:"id"`
Created time.Time `json:"created"`
LastUpdated time.Time `json:"lastUpdated"`
LastMembershipUpdated time.Time `json:"lastMembershipUpdated"`
ObjectClass []string `json:"objectClass"`
Type string `json:"type"`
Profile struct {
Name string `json:"name"`
Description string `json:"description"`
SamAccountName string `json:"samAccountName"`
Dn string `json:"dn"`
WindowsDomainQualifiedName string `json:"windowsDomainQualifiedName"`
ExternalID string `json:"externalId"`
} `json:"profile"`
Links struct {
Logo []struct {
Name string `json:"name"`
Href string `json:"href"`
Type string `json:"type"`
} `json:"logo"`
Users struct {
Href string `json:"href"`
} `json:"users"`
Apps struct {
Href string `json:"href"`
} `json:"apps"`
} `json:"_links"`
}
Group represents the Group Object from the OKTA API
type GroupFilterOptions ¶
type GroupFilterOptions struct {
// This will be built by internal - may not need to export
FilterString string `url:"filter,omitempty"`
NextURL *url.URL `url:"-"`
GetAllPages bool `url:"-"`
NumberOfPages int `url:"-"`
Limit int `url:"limit,omitempty"`
NameStartsWith string `url:"q,omitempty"`
GroupTypeEqual string `url:"-"`
LastUpdated dateFilter `url:"-"`
LastMembershipUpdated dateFilter `url:"-"`
}
GroupFilterOptions is used to generate a "Filter" to search for different groups The values here coorelate to API Search paramgters on the group API
type GroupUserFilterOptions ¶
type GroupUserFilterOptions struct {
Limit int `url:"limit,omitempty"`
NextURL *url.URL `url:"-"`
GetAllPages bool `url:"-"`
NumberOfPages int `url:"-"`
}
GroupUserFilterOptions is a struct that you populate which will limit or control group fetches and searches
The values here will coorelate to the search filtering allowed in the OKTA API. These values are turned into Query Parameters
type GroupsService ¶
type GroupsService service
GroupsService handles communication with the Groups data related methods of the OKTA API.
func (*GroupsService) Add ¶
Add - Adds an OKTA Mastered Group with name and description. GroupName is required.
func (*GroupsService) AddUserToGroup ¶
func (g *GroupsService) AddUserToGroup(groupID string, userID string) (*Response, error)
AddUserToGroup - Adds a user to a group.
func (*GroupsService) Delete ¶
func (g *GroupsService) Delete(groupID string) (*Response, error)
Delete - Deletes an OKTA Mastered Group with ID
func (*GroupsService) GetByID ¶
func (g *GroupsService) GetByID(groupID string) (*Group, *Response, error)
GetByID gets a group from OKTA by the Gropu ID. An error is returned if the group is not found
func (*GroupsService) GetUsers ¶
func (g *GroupsService) GetUsers(groupID string, opt *GroupUserFilterOptions) (users []User, resp *Response, err error)
GetUsers returns the members in a group
Pass in an optional GroupFilterOptions struct to filter the results The Users in the group are returned
func (*GroupsService) ListWithFilter ¶
func (g *GroupsService) ListWithFilter(opt *GroupFilterOptions) ([]Group, *Response, error)
ListWithFilter - Method to list groups with different filter options.
Pass in a GroupFilterOptions to specify filters. Values in that struct will turn into Query parameters
func (*GroupsService) RemoveUserFromGroup ¶
func (g *GroupsService) RemoveUserFromGroup(groupID string, userID string) (*Response, error)
RemoveUserFromGroup - Removes a user to a group.
type NewUser ¶
type NewUser struct {
Profile userProfile `json:"profile"`
Credentials *credentials `json:"credentials,omitempty"`
}
NewUser object to create user objects in OKTA
func (*NewUser) SetPassword ¶
SetPassword Adds a specified password to the new User
func (*NewUser) SetRecoveryQuestion ¶
SetRecoveryQuestion - Sets a custom security question and answer on a user object
type Rate ¶
type Rate struct {
// The number of requests per minute the client is currently limited to.
RatePerMinuteLimit int
// The number of remaining requests the client can make this minute
Remaining int
// The time at which the current rate limit will reset.
ResetTime time.Time
}
Rate represents the rate limit for the current client.
type RateLimitError ¶
type RateLimitError struct {
Rate Rate // Rate specifies last known rate limit for the client
ErrorDetail apiError
Response *http.Response //
}
RateLimitError occurs when OKTA returns 429 "Too Many Requests" response with a rate limit remaining value of 0, and error message starts with "API rate limit exceeded for ".
func (*RateLimitError) Error ¶
func (r *RateLimitError) Error() string
type ResetPasswordResponse ¶
type ResetPasswordResponse struct {
ResetPasswordURL string `json:"resetPasswordUrl"`
}
ResetPasswordResponse struct that returns data about the password reset
type Response ¶
type Response struct {
*http.Response
NextURL *url.URL
// PrevURL *url.URL
SelfURL *url.URL
OKTARequestID string
Rate
}
Response is a OKTA API response. This wraps the standard http.Response returned from OKTA and provides convenient access to things like pagination links.
type User ¶
type User struct {
Activated string `json:"activated,omitempty"`
Created string `json:"created,omitempty"`
Credentials credentials `json:"credentials,omitempty"`
ID string `json:"id,omitempty"`
LastLogin string `json:"lastLogin,omitempty"`
LastUpdated string `json:"lastUpdated,omitempty"`
PasswordChanged string `json:"passwordChanged,omitempty"`
Profile userProfile `json:"profile"`
Status string `json:"status,omitempty"`
StatusChanged string `json:"statusChanged,omitempty"`
Links userLinks `json:"_links,omitempty"`
MFAFactors []userMFAFactor `json:"-,"`
Groups []Group `json:"-"`
}
User is a struct that represents a user object from OKTA.
type UserListFilterOptions ¶
type UserListFilterOptions struct {
Limit int `url:"limit,omitempty"`
EmailEqualTo string `url:"-"`
LoginEqualTo string `url:"-"`
StatusEqualTo string `url:"-"`
IDEqualTo string `url:"-"`
FirstNameEqualTo string `url:"-"`
LastNameEqualTo string `url:"-"`
// This will be built by internal - may not need to export
FilterString string `url:"filter,omitempty"`
NextURL *url.URL `url:"-"`
GetAllPages bool `url:"-"`
NumberOfPages int `url:"-"`
LastUpdated dateFilter `url:"-"`
}
UserListFilterOptions is a struct that you can populate which will "filter" user searches the exported struct fields should allow you to do different filters based on what is allowed in the OKTA API.
The filter OKTA API is limited in the fields it can search NOTE: In the current form you can't add parenthesis and ordering
OKTA API Supports only a limited number of properties: status, lastUpdated, id, profile.login, profile.email, profile.firstName, and profile.lastName. http://developer.okta.com/docs/api/resources/users.html#list-users-with-a-filter
type UsersService ¶
type UsersService service
UsersService handles communication with the User data related methods of the OKTA API.
func (*UsersService) Activate ¶
func (s *UsersService) Activate(id string, sendEmail bool) (*ActivationResponse, *Response, error)
Activate Activates a user. You can have OKTA send an email by including a "sendEmail=true" If you pass in sendEmail=false, then activationResponse.ActivationURL will have a string URL that can be sent to the end user. You can discard response if sendEmail=true
func (*UsersService) Create ¶
Create - Creates a new user. You must pass in a "newUser" object created from Users.NewUser() There are many differnt reasons that OKTA may reject the request so you have to check the error messages
func (*UsersService) Deactivate ¶
func (s *UsersService) Deactivate(id string) (*Response, error)
Deactivate - Deactivates a user
func (*UsersService) GetByID ¶
func (s *UsersService) GetByID(id string) (*User, *Response, error)
GetByID returns a user object for a specific OKTA ID. Generally the id input string is the cryptic OKTA key value from User.ID. However, the OKTA API may accept other values like "me", or login shortname
func (*UsersService) ListWithFilter ¶
func (s *UsersService) ListWithFilter(opt *UserListFilterOptions) ([]User, *Response, error)
ListWithFilter will use the input UserListFilterOptions to find users and return a paged result set
func (*UsersService) NewUser ¶
func (s *UsersService) NewUser() NewUser
NewUser - Returns a new user object. This is used to create users in OKTA. It only has the properties that OKTA will take as input. The "User" object has more feilds that are OKTA returned like the ID, etc
func (*UsersService) PopulateEnrolledFactors ¶
func (s *UsersService) PopulateEnrolledFactors(user *User) (*Response, error)
PopulateEnrolledFactors will populate the Enrolled MFA Factors a user is a member of. You pass in a pointer to an existing users http://developer.okta.com/docs/api/resources/factors.html#list-enrolled-factors
func (*UsersService) PopulateGroups ¶
func (s *UsersService) PopulateGroups(user *User) (*Response, error)
PopulateGroups will populate the groups a user is a member of. You pass in a pointer to an existing users
func (*UsersService) PopulateMFAFactors ¶
func (s *UsersService) PopulateMFAFactors(user *User) (*Response, error)
PopulateMFAFactors will populate the MFA Factors a user is a member of. You pass in a pointer to an existing users
func (*UsersService) ResetPassword ¶
func (s *UsersService) ResetPassword(id string, sendEmail bool) (*ResetPasswordResponse, *Response, error)
ResetPassword - Generates a one-time token (OTT) that can be used to reset a user’s password. The OTT link can be automatically emailed to the user or returned to the API caller and distributed using a custom flow. http://developer.okta.com/docs/api/resources/users.html#reset-password If you pass in sendEmail=false, then resetPasswordResponse.resetPasswordUrl will have a string URL that can be sent to the end user. You can discard response if sendEmail=true
func (*UsersService) SetPassword ¶
SetPassword - Sets a user password to an Admin provided String
func (*UsersService) Suspend ¶
func (s *UsersService) Suspend(id string) (*Response, error)
Suspend - Suspends a user - If user is NOT active an Error will come back based on OKTA API: http://developer.okta.com/docs/api/resources/users.html#suspend-user
func (*UsersService) Unlock ¶
func (s *UsersService) Unlock(id string) (*Response, error)
Unlock - Unlocks a user - Per docs, only for OKTA Mastered Account http://developer.okta.com/docs/api/resources/users.html#unlock-user
func (*UsersService) Unsuspend ¶
func (s *UsersService) Unsuspend(id string) (*Response, error)
Unsuspend - Unsuspends a user - If user is NOT SUSPENDED, an Error will come back based on OKTA API: http://developer.okta.com/docs/api/resources/users.html#unsuspend-user
Source Files