{"id":19793745,"url":"https://github.com/jmussman/pyrates","last_synced_at":"2026-01-28T07:37:16.570Z","repository":{"id":185687355,"uuid":"673895911","full_name":"jmussman/pyrates","owner":"jmussman","description":"The Pyrates (as in \"arrgh matey\") Project","archived":false,"fork":false,"pushed_at":"2023-08-02T19:37:58.000Z","size":52,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-06-08T08:06:06.693Z","etag":null,"topics":["oauth","oidc","okta"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jmussman.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2023-08-02T17:06:53.000Z","updated_at":"2023-08-02T19:42:52.000Z","dependencies_parsed_at":null,"dependency_job_id":"cf2ffbde-85f1-4a8d-a08c-82670787b279","html_url":"https://github.com/jmussman/pyrates","commit_stats":null,"previous_names":["jmussman/pyrates"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/jmussman/pyrates","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jmussman%2Fpyrates","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jmussman%2Fpyrates/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jmussman%2Fpyrates/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jmussman%2Fpyrates/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jmussman","download_url":"https://codeload.github.com/jmussman/pyrates/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jmussman%2Fpyrates/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28842239,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-28T05:50:12.573Z","status":"ssl_error","status_checked_at":"2026-01-28T05:49:54.528Z","response_time":57,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["oauth","oidc","okta"],"created_at":"2024-11-12T07:11:02.406Z","updated_at":"2026-01-28T07:37:16.553Z","avatar_url":"https://github.com/jmussman.png","language":null,"funding_links":["https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick\u0026hosted_button_id=XPUGVGZZ8RUAA"],"categories":[],"sub_categories":[],"readme":"![Pyrates](.common/joels-private-stock-pyrates.png?raw=true)\n\n# Pyrates\n\n## Introduction\n\nThis is a project in identity management and application development\nwith Okta that demonstrates both configuring the Okta organization and\nthe development side of integrating and OpenID Connect application.\nThe linked sections follow the introduction:\n\n### Administration\n\n* [Multiple site branding with custom domains in a single Okta organization](#multiple-site-branding-with-custom-domains-in-a-single-Okt-organization)\n* [Salesforce integration and provisioning](#salesforce-integration-and-provisioning)\n* [Manual SAML configuration between two Okta organizations](#manual-saml-configuration-between-two-okta-organizations)\n\n### Development\n\n* [OIDC application integrations for three live applications](#oidc-application-integrations-for-three-live-applications)\n* [OAuth API security](#oauth-api-security)\n\nEven if you are not that familiar with Okta, SSO, application integrations, or provisioning\nI will take you through the basics here!\nIf you are experienced you can dig into these organizations as a template.\nIf you are interested in the development side, you can set up your own copies of the\napplications locally from the repo here and drive the identity off of the two\nexisting Okta organizations.\nOr make your own for the experience!\n\n\n### Project Overview\n\nThe Pyrates project consists of two Okta organizations and three applications:\n\n* Pyrates - the pirate portal and Okta org\n* Port Royal - the portal for the city of Port Royal and Okta org, linked to Pyrates\n* The Black Dogg - a tavern that uses Port Royal for identities\n\nThe cool thing is anybody can enter the organizations and review the entire configuration:\n\n| custom domain | okta domain | username | password |\n| ------------- | ----------- | -------- | -------- |\n| https://pid.pyrates.live | https://dev-86618250.okta.com | jackrackham@pyrates.live | P!rates17 |\n| https://pid.portroyal.live | https://dev-43633848.okta.com | henrymorgan@portroyal.live | PortR0yal17 |\n| https://pid.theblackdogg.live | https://dev-43633848.okta.com | \"\" | \"\" |\n\nThe applications are all live and running, click the link and then the login button to sign on!\n\n| application domain | username | password |\n| ------------- | -------- | -------- |\n| https://pyrates.live | annebonny@pyrates.live | P!rates17 (all pirates password)|\n| https://portroyal.live | thomasbarret@portroyal.live | PortR0yal17 (all citizens password) |\n| https://theblackdogg.live | janecostley@theblackdogg.live | PortR0yal17 |\n\nYou can sign on at Port Royal or The Black Dogg with any pirate login!\n\n## Multiple site branding with custom domains in a single Okta Organization\n\nOnce in a while I run into an organization that has multiple applications facing different groups\nof users, but all of the identity is in a single organization.\nOkta has always supported multiple-branding, it just had to be turned on by support.\nSince it is really the same thing for each brand, I tackled two here to show it in action!\n\nClick here to [learn more about branding](./Branding.md)\n\n## Salesforce integration and provisioning\n\nSalesforce Dot Com (SFDC) integration is addressed in some of the Okta classes, and it\nis just as easy to do with your own developer tenant to play around with SSO and provisioning.\nIf you took a class, the only differences are none of the pre-provisioned users are there,\nyou have to remember is the free tenant is a \"production\" tenant, and SFDC user names have\nto be unique across ALL Salesforce tenants (even other companies) so make up something that\nwill not conflict!\n\nClick here to [learn more about SFDC integrations](./SFDCIntegrations.md)\n\n## Manual SAML Configuration between to Okta Organizations\n\nThere are two ways to set up a SAML integration between two Okta organizations: the pre-defined\nintegration in the Okta Integration Network and doing it manually.\nThe OIN integration does the heavy lifting for you.\nThis project goes through a manual integration, which requires more configuration and\nexposes a few things the the pre-defined integration does not offer.\n\nClick here to [learn more about SAML configurations](./SAMLConfigurations.md)\n\n## OIDC application integrations for three live applications\n\nThis is the development side of the three custom domains configured up above.\nThey are all straightforward OpenID Connect (OIDC) integrations and they are all almost identical.\nWe will focus on the Pyrates application to start and then look at the other two for some of\nthe additions to the security configurations.\n\nClick here to [learn more about OIDC integrations](./OIDCIntegrations.md)\n\n## OAuth API security\n\nIn a layered architecture separating the user interface from the business rules (logic) has\na number of advantages: multiple interfaces can share the same rules without repeating them\n(the don't repeat yourself or DRY principle), and the separation of concerns supports SOLID\nsoftware design principles.\n\nTo share the business rules they need to be put somewhere the UIs can reach them, which\ngoes by the names \"web service\", \"API\" (for application programming interface),\nand \"resource server\" in the Open Authentication documentation.\n\nWhile OIDE is focused on informing an application about a user identity,\nOpen Authentication (OAuth) is focused on assuring an API that the application is\nallowed to make a call, and what the application is allowed to do!\n\nClick here to [learn more about OAuth API security](./OAuthSecurity.md)\n\n# License\n\nThe code is licensed under the MIT license. You may use and modify all or part of it as you choose, as long as attribution to the source is provided per the license. See the details in the [license file](./LICENSE.md) or at the [Open Source Initiative](https://opensource.org/licenses/MIT)\n\n\u003chr\u003e\nCopyright © 2023 Joel Mussman. All rights reserved.\n\n## Support\n\nSince I give stuff away for free, and if you would like to keep seeing more stuff like this, then please consider\na contribution to *Joel's Coffee Fund* at **Smallrock** to help keep the good stuff coming :)\u003cbr /\u003e\n\n[![Donate](.common/Donate-Paypal.svg)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick\u0026hosted_button_id=XPUGVGZZ8RUAA)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjmussman%2Fpyrates","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjmussman%2Fpyrates","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjmussman%2Fpyrates/lists"}