v2.34.20 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Mar 23, 2022 License: MIT Imports: 28 Imported by: 0


Okta provider


Retrieve the AWS application URL from your Okta tenant. This will (may) look something like:


The path segments /home/amazon_aws in the above URL may vary.


  • Supports MFA (Okta Push, Okta TOTP, Duo, and Google Authenticator), when configured at organization or application level.




View Source
const (
	IdentifierDuoMfa          = "DUO WEB"
	IdentifierSmsMfa          = "OKTA SMS"
	IdentifierPushMfa         = "OKTA PUSH"
	IdentifierTotpMfa         = "GOOGLE TOKEN:SOFTWARE:TOTP"
	IdentifierOktaTotpMfa     = "OKTA TOKEN:SOFTWARE:TOTP"
	IdentifierSymantecTotpMfa = "SYMANTEC TOKEN"
	IdentifierFIDOWebAuthn    = "FIDO WEBAUTHN"
	IdentifierYubiMfa         = "YUBICO TOKEN:HARDWARE"
View Source
const (
	MaxOpenRetries = 10
	RetryDelayMS   = 200 * time.Millisecond


This section is empty.


This section is empty.


type AuthRequest

type AuthRequest struct {
	Username   string `json:"username"`
	Password   string `json:"password"`
	StateToken string `json:"stateToken,omitempty"`

AuthRequest represents an mfa okta request

type Client

type Client struct {
	// contains filtered or unexported fields

Client is a wrapper representing a Okta SAML client

func New

func New(idpAccount *cfg.IDPAccount) (*Client, error)

New creates a new Okta client

func (*Client) Authenticate

func (oc *Client) Authenticate(loginDetails *creds.LoginDetails) (string, error)

Authenticate logs into Okta and returns a SAML response

type DeviceFinder

type DeviceFinder interface {
	// contains filtered or unexported methods

DeviceFinder is used to mock out finding devices

type FidoClient

type FidoClient struct {
	ChallengeNonce string
	AppID          string
	Version        string
	Device         u2fhost.Device
	KeyHandle      string
	StateToken     string

FidoClient represents a challenge and the device used to respond

func NewFidoClient

func NewFidoClient(challengeNonce, appID, version, keyHandle, stateToken string, deviceFinder DeviceFinder) (FidoClient, error)

NewFidoClient returns a new initialized FIDO1-based WebAuthnClient, representing a single device

func (*FidoClient) ChallengeU2F

func (d *FidoClient) ChallengeU2F() (*SignedAssertion, error)

ChallengeU2F takes a FidoClient and returns a signed assertion to send to Okta

type SessionRequst

type SessionRequst struct {
	SessionToken string `json:"sessionToken"`

SessionRequst holds the SessionToken used to create an Okta Session

type SignedAssertion

type SignedAssertion struct {
	StateToken        string `json:"stateToken"`
	ClientData        string `json:"clientData"`
	SignatureData     string `json:"signatureData"`
	AuthenticatorData string `json:"authenticatorData"`

SignedAssertion is passed back to Okta as response

type U2FDevice

type U2FDevice interface {

U2FDevice is used to support mocking this device with mockery https://github.com/vektra/mockery/issues/210#issuecomment-485026348

type U2FDeviceFinder

type U2FDeviceFinder struct{}

U2FDeviceFinder returns a U2F device

type VerifyRequest

type VerifyRequest struct {
	StateToken     string `json:"stateToken"`
	PassCode       string `json:"passCode,omitempty"`
	RememberDevice string `json:"rememberDevice,omitempty"` // This is needed to remember Okta MFA device

VerifyRequest represents an mfa verify request

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL