使用 Okta 的 Okta 登录小工具 API
Okta Sign-in Widget using Okta API
我正在尝试使用 Okta's Sign-In Widget 和 Okta API 找出用户关联的组。
Okta API returns 用户与哪些组相关联,但我只能在从管理控制台转到它时使用它,所以这必须基于Okta 管理员会话,因为如果我不这样做,我会收到此错误:
{"errorCode":"E0000005","errorSummary":"Invalid session","errorLink":"E0000005","errorId":"oaeLznzzAC0QaaLJmjDEls5rA","errorCauses":[]}
如何使用 Okta 登录小部件和“Get Member Groups”API 资源根据用户关联的组重定向用户?
与其使用 "Get Member Groups" API 资源获取 Okta 用户关联的组,我建议配置 Okta 登录小部件以将组声明返回到您的代码直接地。下面的代码显示了如何执行此操作并检查用户是否在名为 "Example".
的组中
<!DOCTYPE html>
<html>
<head>
<title>Get Groups for Okta User using the Okta Sign-In Widget</title>
<script src="https://ok1static.oktacdn.com/assets/js/sdk/okta-signin-widget/1.7.0/js/okta-sign-in.min.js" type="text/javascript"></script>
<link href="https://ok1static.oktacdn.com/assets/js/sdk/okta-signin-widget/1.7.0/css/okta-sign-in.min.css" type="text/css" rel="stylesheet">
<link href="https://ok1static.oktacdn.com/assets/js/sdk/okta-signin-widget/1.7.0/css/okta-theme.css" type="text/css" rel="stylesheet">
</head>
<body>
<div id="okta-login-container"></div>
<script type="text/javascript">
var OKTA_ORG_URL = 'https://example.okta.com';
var OKTA_CLIENT_ID = '0abcdefgHIjkL12mn3oP';
var oktaSignIn = new OktaSignIn({
authParams: {
responseType: 'id_token',
responseMode: 'okta_post_message',
scopes: ['openid', 'groups']
},
clientId: OKTA_CLIENT_ID,
baseUrl: OKTA_ORG_URL
});
oktaSignIn.renderEl(
{ el: '#okta-login-container' },
function (res) {
if (res.status === 'SUCCESS') {
console.log('User successfully authenticated');
console.log(res);
if (res.claims.groups.includes('Example')) {
console.log("User in 'Example' group");
// Uncomment the line below to redirect to example.com
// window.location = "http://www.example.com";
}
}
}
);
</script>
</body>
</html>
注意:您必须在 "Sign On" 部分将 "Groups claim" 配置为您的 Okta 应用程序传递你想要的组。组声明的配置屏幕如下。我已将声明设置为传递用户分配到的 all 组。您可能希望将其配置为仅通过您关心的组。
我正在尝试使用 Okta's Sign-In Widget 和 Okta API 找出用户关联的组。
Okta API returns 用户与哪些组相关联,但我只能在从管理控制台转到它时使用它,所以这必须基于Okta 管理员会话,因为如果我不这样做,我会收到此错误:
{"errorCode":"E0000005","errorSummary":"Invalid session","errorLink":"E0000005","errorId":"oaeLznzzAC0QaaLJmjDEls5rA","errorCauses":[]}
如何使用 Okta 登录小部件和“Get Member Groups”API 资源根据用户关联的组重定向用户?
与其使用 "Get Member Groups" API 资源获取 Okta 用户关联的组,我建议配置 Okta 登录小部件以将组声明返回到您的代码直接地。下面的代码显示了如何执行此操作并检查用户是否在名为 "Example".
的组中<!DOCTYPE html>
<html>
<head>
<title>Get Groups for Okta User using the Okta Sign-In Widget</title>
<script src="https://ok1static.oktacdn.com/assets/js/sdk/okta-signin-widget/1.7.0/js/okta-sign-in.min.js" type="text/javascript"></script>
<link href="https://ok1static.oktacdn.com/assets/js/sdk/okta-signin-widget/1.7.0/css/okta-sign-in.min.css" type="text/css" rel="stylesheet">
<link href="https://ok1static.oktacdn.com/assets/js/sdk/okta-signin-widget/1.7.0/css/okta-theme.css" type="text/css" rel="stylesheet">
</head>
<body>
<div id="okta-login-container"></div>
<script type="text/javascript">
var OKTA_ORG_URL = 'https://example.okta.com';
var OKTA_CLIENT_ID = '0abcdefgHIjkL12mn3oP';
var oktaSignIn = new OktaSignIn({
authParams: {
responseType: 'id_token',
responseMode: 'okta_post_message',
scopes: ['openid', 'groups']
},
clientId: OKTA_CLIENT_ID,
baseUrl: OKTA_ORG_URL
});
oktaSignIn.renderEl(
{ el: '#okta-login-container' },
function (res) {
if (res.status === 'SUCCESS') {
console.log('User successfully authenticated');
console.log(res);
if (res.claims.groups.includes('Example')) {
console.log("User in 'Example' group");
// Uncomment the line below to redirect to example.com
// window.location = "http://www.example.com";
}
}
}
);
</script>
</body>
</html>
注意:您必须在 "Sign On" 部分将 "Groups claim" 配置为您的 Okta 应用程序传递你想要的组。组声明的配置屏幕如下。我已将声明设置为传递用户分配到的 all 组。您可能希望将其配置为仅通过您关心的组。