in pkg/provider/okta/okta.go [97:165]
func (oc *Client) Authenticate(loginDetails *creds.LoginDetails) (string, error) {
oktaURL, err := url.Parse(loginDetails.URL)
if err != nil {
return "", errors.Wrap(err, "error building oktaURL")
}
oktaOrgHost := oktaURL.Host
//authenticate via okta api
authReq := AuthRequest{Username: loginDetails.Username, Password: loginDetails.Password}
if loginDetails.StateToken != "" {
authReq = AuthRequest{StateToken: loginDetails.StateToken}
}
authBody := new(bytes.Buffer)
err = json.NewEncoder(authBody).Encode(authReq)
if err != nil {
return "", errors.Wrap(err, "error encoding authreq")
}
authSubmitURL := fmt.Sprintf("https://%s/api/v1/authn", oktaOrgHost)
req, err := http.NewRequest("POST", authSubmitURL, authBody)
if err != nil {
return "", errors.Wrap(err, "error building authentication request")
}
req.Header.Add("Content-Type", "application/json")
req.Header.Add("Accept", "application/json")
res, err := oc.client.Do(req)
if err != nil {
return "", errors.Wrap(err, "error retrieving auth response")
}
body, err := ioutil.ReadAll(res.Body)
if err != nil {
return "", errors.Wrap(err, "error retrieving body from response")
}
resp := string(body)
authStatus := gjson.Get(resp, "status").String()
oktaSessionToken := gjson.Get(resp, "sessionToken").String()
// mfa required
if authStatus == "MFA_REQUIRED" {
oktaSessionToken, err = verifyMfa(oc, oktaOrgHost, loginDetails, resp)
if err != nil {
return "", errors.Wrap(err, "error verifying MFA")
}
}
//now call saml endpoint
oktaSessionRedirectURL := fmt.Sprintf("https://%s/login/sessionCookieRedirect", oktaOrgHost)
req, err = http.NewRequest("GET", oktaSessionRedirectURL, nil)
if err != nil {
return "", errors.Wrap(err, "error building authentication request")
}
q := req.URL.Query()
q.Add("checkAccountSetupComplete", "true")
q.Add("token", oktaSessionToken)
q.Add("redirectUrl", loginDetails.URL)
req.URL.RawQuery = q.Encode()
ctx := context.WithValue(context.Background(), ctxKey("login"), loginDetails)
return oc.follow(ctx, req, loginDetails)
}