{"id":16199715,"url":"https://github.com/or13/okta-platform-starter","last_synced_at":"2025-04-07T17:45:37.040Z","repository":{"id":95127984,"uuid":"132636448","full_name":"OR13/okta-platform-starter","owner":"OR13","description":null,"archived":false,"fork":false,"pushed_at":"2018-05-10T17:59:22.000Z","size":208,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-02-13T19:49:13.590Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/OR13.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-05-08T16:31:08.000Z","updated_at":"2018-05-10T17:59:23.000Z","dependencies_parsed_at":"2023-05-26T21:00:30.368Z","dependency_job_id":null,"html_url":"https://github.com/OR13/okta-platform-starter","commit_stats":{"total_commits":1,"total_committers":1,"mean_commits":1.0,"dds":0.0,"last_synced_commit":"d8f55275eab2ef2175ee26a28281d4fc914b09f7"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OR13%2Fokta-platform-starter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OR13%2Fokta-platform-starter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OR13%2Fokta-platform-starter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OR13%2Fokta-platform-starter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/OR13","download_url":"https://codeload.github.com/OR13/okta-platform-starter/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247703385,"owners_count":20982282,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-10T09:27:26.742Z","updated_at":"2025-04-07T17:45:37.017Z","avatar_url":"https://github.com/OR13.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Okta Platform Starter\n\nYou want to use Okta for single source of truth directory with web and cli client accessing a rest api?\n\n## Okta Setup\n\nMake sure to register for developer preview the non production / test / demo environment.\n\nhttps://developer.okta.com/\n\nrename `example.env` to `.env`, and update its values as you complete the okta setup process.\n\n\n### Create a Single Page Application\n\nCreate a new Single Page Application `Test Dashboard` in Okta, and update the client_id and issuer in `./web/src/App.js`.\n\nAdd `http://localhost:3000` to Trusted Origins under API.\n\nAssign your okta user to `Test Dashboard`.\n\n\n### Create an Admin Group\n\nUse the okta admin ui to create some users and groups.\n\nYou should create an admin group, for your admin users, like `Acme-Admin`\n\nAPI \u003e Authorization Servers\n\nClick scopes \u003e add scope. Enter \"groups\".\n\nClick claims \u003e add claim. Enter \"groups\".\n\nTo start, use Groups instead of expression, and avoid the regex.\n\nThanks to picking smart group names, we can see if this user is a member of the admin group by selecting \"Starts with\" and \"Acme\".\n\nMake sure to update your `.env` with this value so the API knows what the admin group should be.\n\nCreate a new Native Application `Test CLI` in Okta, and update the client_id and issuer in `.env`.\n\nMake sure the Authorization server is configured to support your applications.\n\n### Testing\n\nIf all setup is correct, you should be able to login with the dashboard web app:\n\n```\ncd web;\nnpm i\nnpm run start\n```\n\nOnce you have logged in to the web app, you should see some loading messages and errors in the console, because you have not started the api server.\n\n```\ncd api\nnpm i\nnpm run start\n```\n\nOnce the server is running you should see some messages for authenticated users or admins.\n\nFinally, we want to ensure we can do the same from a CLI.\n\n```\ncd cli\nnpm i\nnpm run start login\nnpm run start get-requires-authentication\nnpm run start get-requires-admin\n```\n\nThese commands simulate the same kind of network requests made by the web application.\n\nThe network requests use Bearer authentication, which passes the okta access_token as an authorization header to the api server.\n\nThe api server verifies the okta jwt from the authorization header, and attaches the decoded jwt to `req`.\n\nThis lets the express route handlers inspect the group claims, which allows for fine grained authorization based on groups in your rest api.\n\n### Security Reminders\n\nThe `.env` file does not contain any secrets... both the web app and cli are public clients, which means that their code can safely be inspected by users, and no secrets are stored in their source. client_id is public information.\n\nThe access_token is written to a `.secrets` folder by the cli.\n\nThe access_token represents the user who authenticated with okta. This information should be protected, as anyone with access to a user jwt can impersonate that user to okta or your api.\n\nThe okta-react library stores your session in localstorage under the key `okta-token-storage`.\n\nThis means you should be careful to protect your application from XSS (you should always do this).\n\nBecause an XSS would allow an attacker to steal your users session from localstorage.\n\nhttps://www.owasp.org/index.php/Test_Local_Storage_(OTG-CLIENT-012)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2For13%2Fokta-platform-starter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2For13%2Fokta-platform-starter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2For13%2Fokta-platform-starter/lists"}