Use Okta SDK In Java Web

应用场景

该库: okta-sdk-java用于构建okta的管理API。
身份验证使用：https://spring.io/projects/spring-security-oauth或https://github.com/okta/okta-spring-boot。
如果是Okta Authentication API，使用：https://github.com/okta/okta-auth-java。

安装与配置

安装SDK

compile "com.okta.sdk:okta-sdk-api:${okta.version}"
runtime "com.okta.sdk:okta-sdk-impl:${okta.version}"
runtime "com.okta.sdk:okta-sdk-httpclient:${okta.version}"

配置oktaClient

@Configuration
public class OktaClientHolder {

    // 需要okta的两个secret信息：OrgUrl & ApiToken
    @Resource
    private OktaSecret oktaSecret;

    @Bean
    public Client oktaClient() throws IOException {
        return Clients.builder()
                .setOrgUrl(oktaSecret.getOktaDomain())
                .setClientCredentials(new TokenClientCredentials(oktaSecret.getApiToken()))
                .build();
    }
}

功能案例

创建Application

void createApplicationTest() {
    Client client = getClient()
    Application app1 = client.instantiate(AutoLoginApplication)
        .setLabel("app-${uniqueTestName}")
        .setVisibility(client.instantiate(ApplicationVisibility)
        .setAutoSubmitToolbar(false)
        .setHide(client.instantiate(ApplicationVisibilityHide)
        .setIOS(false).setWeb(false)))
        .setSettings(client.instantiate(AutoLoginApplicationSettings)
        .setSignOn(client.instantiate(AutoLoginApplicationSettingsSignOn)
        .setRedirectUrl("http://swasecondaryredirecturl.okta.com")
        .setLoginUrl("http://swaprimaryloginurl.okta.com")));

    client.createApplication(app1)
}

将用户Assign给user

void createApplicationTest() {
    Client client = getClient()
    Application app = client.createApplication(application);
    AppUser appUser = client.instantiate(AppUser)
            .setScope("USER")
            .setId(user1.getId())
            .setCredentials(client.instantiate(AppUserCredentials)
                .setUserName(user1.getProfile().getEmail())
                .setPassword(client.instantiate(AppUserPasswordCredential)
                    .setValue("super-secret1".toCharArray())));
    app.assignUserToApplication(appUser);
}

Get a User

User user = client.getUser("a-user-id");

List all Users

UserList users = client.listUsers();

client.listUsers().stream()
    .forEach(user -> {
      // do something
    });

Filter or search for Users

// search by email
UserList users = client.listUsers("jcoder@example.com", null, null, null, null);

// filter parameter
users = client.listUsers(null, "status eq \"ACTIVE\"", null, null, null);

Create a User

User user = UserBuilder.instance()
    .setEmail("joe.coder@example.com")
    .setFirstName("Joe")
    .setLastName("Code")
    .buildAndCreate(client);

Update a User

user.getProfile().setFirstName("new-first-name");
user.update();

Get and set custom attributes

user.getProfile().put("customPropertyKey", "a value");
user.getProfile().get("customPropertyKey");

Remove a User

user.deactivate();
user.delete();

List a User's Groups

GroupList groups = user.listGroups();

Create a Group

Group group = GroupBuilder.instance()
    .setName("a-group-name")
    .setDescription("Example Group")
    .buildAndCreate(client);

Add a User to a Group

user.addToGroup("groupId");

List a User's enrolled Factors

FactorList factors = user.listFactors();

Enroll a User in a new Factor

SmsFactor smsFactor = client.instantiate(SmsFactor.class);
smsFactor.getProfile().setPhoneNumber("555 867 5309");
user.addFactor(smsFactor);

Activate a Factor

Factor factor = user.getFactor("factorId");
VerifyFactorRequest verifyFactorRequest = client.instantiate(VerifyFactorRequest.class);
verifyFactorRequest.setPassCode("123456");
factor.activate(verifyFactorRequest);

Verify a Factor

Factor factor = user.getFactor("factorId");
VerifyFactorRequest verifyFactorRequest = client.instantiate(VerifyFactorRequest.class);
verifyFactorRequest.setPassCode("123456");
VerifyFactorResponse response = factor.verify(verifyFactorRequest);

List all Applications

ApplicationList applications = client.listApplications();

Get an Application

Application app = client.getApplication("appId");

Create a SWA Application

SwaApplication swaApp = client.instantiate(SwaApplication.class)
    .setSettings(client.instantiate(SwaApplicationSettings.class)
    .setApp(client.instantiate(SwaApplicationSettingsApplication.class)
      .setButtonField("btn-login")
      .setPasswordField("txtbox-password")
      .setUsernameField("txtbox-username")
      .setUrl("https://example.com/login.html")));

List System Logs

// page through all log events
LogEventList logEvents = client.getLogs();

// or use a filter (start date, end date, filter, or query, sort order) all options are nullable
logEvents = client.getLogs(null, null, null, "interestingURI.com", "ASCENDING");

Call other API endpoints

// Create an IdP, see: https://developer.okta.com/docs/api/resources/idps#add-identity-provider
ExtensibleResource resource = client.instantiate(ExtensibleResource.class);
ExtensibleResource protocolNode = client.instantiate(ExtensibleResource.class);
protocolNode.put("type", "OAUTH");
resource.put("protocol", protocolNode);
ExtensibleResource result = client.http()
    .setBody(resource)
    .post("/api/v1/idps", ExtensibleResource.class);

Paging

// get the list of users
UserList users = client.listUsers();

// get the first user in the collection
log.info("First user in collection: {}", users.iterator().next().getProfile().getEmail());

// or loop through all of them (paging is automatic)
for (User tmpUser : users) {
    log.info("User: {}", tmpUser.getProfile().getEmail());
}

// or via a stream
users.stream().forEach(tmpUser -> log.info("User: {}", tmpUser.getProfile().getEmail()));