Sasaki Okta API methods
An abstraction layer for commonly used Okta API methods at Sasaki.
Please use the issue tracker to report any bugs.
Features:
- implements a subset of Okta's Users and Groups API
- provides a middleware to protect routes with [Okta's SAML authentication][8]; see Express.js example below
- follows loosely the JSON API specification for response objects
- methods return Promises
Installation
npm install sasaki-okta
Documentation
The module expects following environment variables:
OKTA_APIKEY ... [required] Okta API key
OKTA_DOMAIN ... [required] <DOMAIN>.okta.com
Okta API methods
getUser(<id>) ... Get single user for given Okta ID
getCurrentUser() ... Get current user linked to API token or session cookie
getUsers() ... Get user list
getUsersByGroup(<id>) ... Get user list for given Okta Group ID
isUserInGroup(<userId, groupId>) ... Check if single user is in the group
for given Okta User ID and Okta
Group ID
JSON API specs.
Response objects loosely follow the{ user: {...} } ... for single user requests
{ users: [{...}, {...}] } ... for a user list request
Okta (SAML) Authentication
auth(<config>[, <passport>]) ... Instantiate passport authentication
with SAML strategy. Accepts an
optional `passport` instance to
workaround the (default) passport
singleton, e.g. in case of multiple
apps with different authentication
requirements such as vhosts.
Returns a `passport` instance.
auth.protected ... Middleware to validate authentication
and redirect to `/login` route in case
of non-authenticated session.
Examples
Basic example:
var okta = require('sasaki-okta');
okta.getUsers().then(function(data) {
// do something with data
}, function(error) {
// error handling
});
Basic authentication integration with Express:
// Authentication setup
var okta = require('sasaki-okta');
var oktaConfig = {
issuer: '<ISSUER>',
entryPoint: '<ENTRY_POINT>',
cert: '<CERT>'
}
var auth = okta.auth(oktaConfig);
// Pass passport-instance as argument to avoid passport singleton in multiple apps (e.g. vhost scenario)
// var Passport = require('passport').Passport;
// var passport = new Passport();
// var auth = okta.auth(oktaConfig, passport);
// Express app
var express = require('express');
var session = require('express-session');
var app = express();
app.use(session({
secret: '<SECRET>',
resave: false,
saveUninitialized: true,
cookie: {}
}))
app.use(auth.initialize());
app.use(auth.session());
// Receives Okta SAML assertion
app.post('/login/callback', auth.authenticate('saml', { failureRedirect: '/', failureFlash: true }), function (req, res) {
res.redirect(302, '<REDIRECT_URL>');
});
// Login URL
app.get('/login', auth.authenticate('saml', { failureRedirect: '/', failureFlash: true }), function (req, res) {
res.redirect(302, '<REDIRECT_URL>');
});
// Protected route
app.get('/privatedata', auth.protected, function(req, res) {
res.send({message: 'This is private.'});
});