Hi Simon, I'm not sure if this helps, but if you think of the client_id as the user, the client_secret as the password, and the authorization server (Okta) as the URL, then I think the secure storage vault should do what you need. Let's say your Okta server is surroundau.okta.com, and your client_id is simon. You would request the password (client_secret) for [email protected] from EDG, and then you could send the client_id and client_secret in a token request to surroundau.okta.com (the authorization server). The authorization server responds with your token, and you use the token to access whatever service you need that requires it. All of this must be done over https, of course. Will something like this work?
-Ken On Mon, Jun 20, 2022 at 12:17 AM Simon Thompson < [email protected]> wrote: > Hi Holger, > > Yes this makes sense, just doesn't give us much room for supporting tokens > over username/password pairs. > > We will need to setup another separate secure mechanism to support this. > > Simon. > > On Monday, 20 June 2022 at 14:06:11 UTC+10 Holger Knublauch wrote: > >> The API does not offer a function to retrieve securely stored passwords >> as a string. This would IMHO violate the whole point of having secure >> storage, which is to encapsulate the password logic within Java code. >> >> Holger >> >> >> On 2022-06-20 2:00 pm, Simon Thompson wrote: >> >> Hi Holger, >> >> I have tested this, and am not sure this will work, when working with >> OKTA tokens, you need to pass the client_id and client_secret in the body >> (data) of the request, so while I am using the IO.http() function in this >> case I don't actually need a username and password for the URL per se. >> >> I would like to be able to retrieve the password (secret) and then pass >> it as data to the auth server to get a token. >> >> Simon. >> >> >> On Monday, 20 June 2022 at 12:02:13 UTC+10 Holger Knublauch wrote: >> >>> Hi Simon, >>> >>> if you use IO.http() to connect to a remote service, you should be able >>> to use the argument securePasswordURL, which needs to start with one of the >>> known URLs in secure storage. See the Script API panel's documentation or >>> mouse-over IO.http() in the editor. Would this work for you or how else >>> would you want to access the passwords? >>> >>> Holger >>> >>> >>> On 2022-06-20 11:44 am, Simon Thompson wrote: >>> >>> Hi All, >>> >>> Has anyone used the the internal EDG password manager to manage secrets >>> within ADS scripts? I am trying to manage OKTA client secrets so that can >>> query/etc other servers within the environment, without having to hardcode >>> them into functions. >>> >>> Simon. >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "TopBraid Suite Users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/topbraid-users/ae585c92-5a4c-4cb3-93d6-814a6d2190f2n%40googlegroups.com >>> <https://groups.google.com/d/msgid/topbraid-users/ae585c92-5a4c-4cb3-93d6-814a6d2190f2n%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "TopBraid Suite Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/topbraid-users/b10d3b66-07db-4596-8aa9-5d89fe792480n%40googlegroups.com >> <https://groups.google.com/d/msgid/topbraid-users/b10d3b66-07db-4596-8aa9-5d89fe792480n%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> -- > You received this message because you are subscribed to the Google Groups > "TopBraid Suite Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/topbraid-users/cc8c5f22-1c81-4f90-9549-d8f410c588c8n%40googlegroups.com > <https://groups.google.com/d/msgid/topbraid-users/cc8c5f22-1c81-4f90-9549-d8f410c588c8n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "TopBraid Suite Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/topbraid-users/CACA_qpAaAfH1RpCrEsWG6gHxGvGpx6pVhRJVCH665u-c7HOPqg%40mail.gmail.com.
