This module uses the following libraries and Silverstripe vendor modules to provide sign-in via a configured Okta OAuth2 service application.
- bigfork/silverstripe-oauth-login + dependencies
- foxworth42/oauth2-okta, a league/oauth2-client client
- silverstripe/framework
Configuring your Okta OAuth service application is outside the scope of this document. Okta provides good documentation.
Your service application should provide or be configured with the following:
- A
Client ID - A
Client secret - An Okta domain (eg.
some-app.oktapreview.com) - Application type:
Web - Grant type:
Client acting on behalf of a user-Authorization Code - User consent + URI - your decision
- Sign-in/Sign-out redirect URIs - add URIs that match the sites you are issuing authentication requests from
- Login initiated by: choose a selection
- Initiate login URI. This is a URI a user can visit to initiate an Okta login automatically. Example below
Example: https://mysite.example/oauth/callback
Example: https://mysite.example/Security/logout
An Initiate login URI with openid, profile and email scopes should be provided. The Provider value must match the provider name: 'Okta' value from configuration. For this module it is Okta. If your project modifies this, it needs to be modified in the URI as well:
Copy the client ID, client secret, Okta domain and Sign-in redirect URI values into the configuration for your project
- Client ID -> clientId
- Client Secret -> clientSecret
- Okta domain -> issuer
- Sign-in redirect URI -> redirectUri