Okta user Authorization non API

apa · February 12, 2021, 1:26am

I am new to okta so I setup a developer account and wrote something quick with Python using the javascript sign in widget and everything seems to work fine. I then pointed this to my companies production okta instance and got the CORS error ‘has been blocked by CORS policy’, on my dev instance I went to API-> trusted origins and had fixed it. But when I spoke with my admin he mentioned we dont have API available. So then at this point I am lost on what I need to do code wise, any help would be appreciated

mraible · February 12, 2021, 2:19am

This causes a lot of confusion and we’re trying to get it fixed.

If you have an IT account (for workforce identity), you don’t have API access management (AM) as a feature. You have to pay for it.

If you create a developer account, you get get API AM for free.

apa · February 12, 2021, 3:59am

Ok, that definitely clears things up in terms of the different access options, now next question is how do I code for that in python? I am having a hard time finding anything online to do user authorization non API way.

mraible · February 12, 2021, 4:39am

I don’t think you can, but I could be wrong. You can use the sign-in widget, but that’s just HTML and JS, no Python required.

apa · February 12, 2021, 4:43am

So what change do I need to make to the sign in widget to use for non api, like I said earlier when currently using it I am getting the CORS error.

mraible · February 12, 2021, 5:13am

I’m not sure. The last Sign-In Widget example I wrote requires API Access Management as a feature flag. I’d suggest you send an email to developers@okta.com to create a support ticket. Make sure and reference this issue. They’re good people and should be able to help.

andrew.rands · February 12, 2021, 8:35am

I ran in to the same problem. The examples from Okta all rely on the API Access Management module (API Access Management Platform - Secure API Access | Okta) which we haven’t bought.

I found that I could get the code to work once I modified the security issuer URL. Where in the example it states

issuer: ‘https://{yourOktaDomain}/oauth2/default’,

I used

issuer: ‘https://{yourOktaDomain}’,

and it seemed to work.

See

apa · February 12, 2021, 3:07pm

Thanks for your help but unfortunately that did not seem to work for me, at least with the current JavaScript function I am using.