middle half of a tf for oidc workshop article #1415
Conversation
✅ Deploy Preview for okta-blog ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
| [docs](https://registry.terraform.io/providers/okta/okta/latest/docs/data-sources/idp_oidc) | ||
| ```tf | ||
| data "okta_idp_oidc" "default" { | ||
| name = "" |
There was a problem hiding this comment.
this does not work with 'default', and gives the okta-devok12 values when filled out to "Developer Registration SSO", which is the only IdP in the IdP list in my console
There was a problem hiding this comment.
Are you using a Developer account?
There was a problem hiding this comment.
yeah, dev account in the OK12 cell, which is where I think it's getting the ok12 string in the "wrong" URLs from :)
| #### Metadata URI | ||
| [docs](https://registry.terraform.io/providers/okta/okta/latest/docs/data-sources/idp_oidc) | ||
| ```tf | ||
| data "okta_idp_oidc" "default" { |
There was a problem hiding this comment.
this may not be the correct TF data source to use. I feel like it should be https://registry.terraform.io/providers/okta/okta/latest/docs/data-sources/idp_oidc because there doesn't seem to be anything more appropriate in the data sources list, and it offers all the outputs I want from it, but I've never actually seen something like this succeed so my guess about its applicability could be the problem.
|
devok12 thing is because that's the tenant my dev account lives in, as shown at the bottom of the page |
todo:
figure out what's up with the one "identity provider" listed at
https://ACCOUNTID-admin.okta.com/admin/access/identity-providers#calls itselfokta-devok12is there a name for the IdP with the URL of our dev org? how would we have found it? (if there is, we can skip looking up the
okta_auth_serverentirely and just get the issuer from the actual idp)after establishing how we're getting the IdP metadata, retcon the scopes situation (auth server needs one read scope, idp needs different read scope, whatever ends up getting used needs instructions to grant the scope in both terraform and the console
should this whole thing happen after the "yo dawg i heard you like terraform" (managing tf's app from tf) post? that would skip some of the clicking to grant more scopes
fix intro (not worth the hassle till I figure out what parts of the attempted code are possible, IMO)
fix conclusion/CTA
someday in the distant future, copyediting and SEO tweaks, but that's after it's actually written