Access OKTA APIs from plsql code

geetha.sukumar · January 12, 2021, 4:45am

I am trying to get the OKTA logged in user details using the OKTA api v1/users/me in plsql code.

I have used the apex_web_service.make_rest_request to access the API.

I am getting an JSON error response when access the api from plsql code. But when I try to access the API directly from the browser I am able to get the user details as JSON.

is the APIs not accessible programmatically.

erik · January 12, 2021, 7:00am

Hello,
This endpoint relies on the session cookie to be set. Depending on the error you are receiving the apex_web_service.make_rest_request may not be sending the sid cookie. If this does not seem to be the issue please attach the error response being received.

geetha.sukumar · January 12, 2021, 10:43am

I have logged in to OKTA, but I wanted to use the same sign on from the Oracle Apex application.
I have tried to create an Open ID application in OKTA for the Apex application and use the same ID in the APex. but it doesn’t get connected.

Any help?

erik · January 12, 2021, 8:13pm

I have not worked with Oracle Apex. I assume you are logging into Okta in a browser session, then opening another tab and accessing the Apex application and attempting this call? Or are you using the Okta Access Gateway with Apex? Please detail the steps you are attempting and the exact setup you are using.

For this /me endpoint, either the browser or Apex in this case needs to send the Okta session cookie. Another option would be to send an API token of a user. The link I included documents this.

From looking at the Apex doc for this call, I assume that you would either need to set cookie with your Okta session id, or set the Authorization: SSWS header with an API token of an Okta administrator account.

geetha.sukumar · January 21, 2021, 6:25pm

Thanks so much.
I am trying to login to OKTA in a browser session and then in another tab accessing the apex application.

Can you elaborate how will I get the API token. Is the token associated to any application?

andrea · January 21, 2021, 7:49pm

The API token is associated with the admin who generated it, but it will not be tied to a specific application. Steps for how to create/use one can be found here.

geetha.sukumar · January 25, 2021, 8:33am

Thanks for the doc. I used the user “A” admin API token as authroization header. and user “B” is logged in OKTA in a browser.

Now the api returns user A details. but I need user who is logged in OKTA in the browser.

Any help?

andrea · January 25, 2021, 4:33pm

Ah, you are using /sessions/me.

If you include the SSWS in this request, you will always get information about the user who was issued the API key. If you instead rely on the user’s session token in browser and make a CORS request without the authorization header, you will instead get information back about the user logged in on the browser.

Here’s a sample fetch request you can test out:

fetch('https://org.okta.com/api/v1/sessions/me', {credentials: "include"})
  .then((response) => {
    return response.json();
  })
  .then((data) => {
    console.log(data);
  });

system · January 26, 2024, 6:12pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.