Node.js API Client for the Okta Platform API.

Requires Node.js version 4.8.3 or higher.

This library is under development and is currently a 0.x version series. Breaking changes will be introduced as minor version bumps in the 0.x range. Some of the API is not yet expressed in this library, please use your IDE hints or view src/api-client.js to browse available methods. We will eventually publish the JsDoc documentation on https://developer.okta.com.

Need help? Contact [email protected] or use the Okta Developer Forum.

npm install @okta/okta-sdk-nodejs

All usage of this SDK begins with the creation of a client, the client handles the authentication and communication with the Okta API. To create a client, you need to provide it the URL of your Okta Org, and an API Token that you have provisioned for yourself (this can be done by visiting Admin -> Security -> API -> Tokens in your Okta Developer Dashboard):

const okta = require('@okta/okta-sdk-nodejs');

const client = new okta.Client({
  orgUrl: 'https://dev-1234.oktapreview.com/'
  token: 'xYzabc'    // Obtained from Developer Dashboard
});

It is also possible to provide configuration through environment variables or YAML files. Please see Configuration for examples.

This libray is a wrapper for the Okta Platform API, which should be referred to as the source-of-truth for what is and isn't possible with the API. In the following sections we show you how to use your client to perform some common operations with the Okta Platform API.

• Create a User
• Get a User
• Update a User
• Delete a User
• List All Org Users
• Search for Users
• Create a Group
• Assign a User to a Group
• Collections
  • each

The Users: Create User API can be used to create users. The most basic type of user is one that has an email address and a password to login with, and can be created with the client.createUser() method:

const newUser = {
  profile: {
    firstName: 'Foo',
    lastName: 'Bar',
    email: '[email protected]',
    login: '[email protected]',
  },
  credentials: {
    password : {
      value: 'PasswordAbc123'
    }
  }
};

client.createUser(newUser)
.then(user => {
  console.log('Created user', user);
});

The Users: Get User API can be used to fetch a user by id or login (as defined on their profile.login property), and is wrapped by client.getUser(:id|:login):

client.getUser('ausmvdt5xg8wRVI1d0g3').then(user => {
  console.log(user);
});

client.getUser('[email protected]').then(user => {
  console.log(user);
});

Once you have a user instance, you can modify it and then call the update() method to persist those changes to the API. This uses the Users: Update User API:

user.profile.nickName = 'rob';
user.update().then(() => console.log('User nickname change has been saved'));

Before deleting an Okta user, they must first be deactivated. Both operations are done with the Users: Lifecycle Operations API. We can chain the deactivate() and delete operations on the user instance to achieve both calls:

user.deactivate()
.then(() => console.log('User has been deactivated'))
.then(() => user.delete())
.then(() => console.log('User has been deleted'));

The client can be used to fetch collections of resources, in this example we'll use the Users: List Users API. When fetching collections, you can use the each() method to iterate through the collection. For more information see Collections.

const orgUsersCollection = client.listUsers();

orgUsersCollection.each(user => {
  console.log(user);
})
.then(() => console.log('All users have been listed'));

For more information about this API see Users: Get User.

The Users: List Users API provides three ways to search for users, "q", "filter", or "search", and all of these approaches can be achieved by passing them as query parameters to the client.listUser() method. The library will URL encode the values for you.

client.listUsers({
  q: 'Robert'
}).each(user => {
  console.log('User matches query: ', user);
});

client.listUsers({
  search: 'profile.nickName eq "abc 1234"'
}).each(user => {
  console.log('User matches search:', user);
});

client.listUsers({
  filter: 'lastUpdated gt "2017-06-05T23:00:00.000Z"'
}).each(user => {
  console.log('User matches filter:', user);
});

The Groups: Add Group API allows you to create Groups, and this is wrapped by client.createGroup(:newGroup):

const newGroup = {
  profile: {
    name: 'Admin Users Group'
  }
};

client.createGroup(newGroup)
.then(group => {
  console.log('Created group', group);
});

With a user and group instance, you can use the addToGroup(:groupId) method of the user to add the user to the known group:

user.addToGroup(group.id).then(() => console.log('User has been added to group'));

When the client is used to fetch collections of resources, a collection instance is returned. The collection encapsulates the work of paginating the API to fetch all resources in the collection (see Pagination). The collection provides the each() method for iterating over the collection, as described below.

Allows you to visit every item in the collection, while optionally doing work at each item. All calls to each() will return a promise that is resolved when all items have been visited or rejected if you return a rejected promise from your iterator. Iteration can be stopped by rejecting a returned promise, or by returning false (will not cause a promise rejection). The following examples show you the various use-cases.

If no value is returned, each() will continue to the next item:

client.listUsers().each(user => {
  console.log(user);
  logUserToRemoteSystem(user);
}).then(() => {
  console.log('All users have been vistied');
});

Returning a promise will pause the iterator until the promise is resolved:

client.listUsers().each(user => {
  return new Promise((resolve, reject) => {
    // do work, then resolve or reject the promise
  })
});

Returning false will end iteration:

client.listUsers().each(user => {
  console.log(user);
  return false;
}).then(() => {
  console.log('Only one user was visited');
});

Returning false in a promise will also end iteration:

client.listUsers().each((user) => {
  console.log(user);
  return Promise.resolve(false);
}).then(() => {
  console.log('Only one user was visited');
});

Rejecting a promise will end iteration with an error:

return client.listUsers().each((user) => {
  console.log(user);
  return Promise.reject('foo error');
}).catch((err)=>{
  console.log(err); // 'foo error'
});

There are several ways to provide configuration to the client constructor. When creating a new client, the following locations are searched in order, in a last-one-wins fashion:

1. An okta.yaml file in ~/.okta.
2. An okta.yaml file in the current working directory of the node process.
3. Environment variables
4. Properties passed to the client constructor

As such, you can create a client without passing a configuration option, e.g. new okta.Client(), so long as you have provided the configuration in one of the other locations.

If providing a yaml file, the structure should be the same as the properties that you pass to the client constructor:

okta:
  client:
    orgUrl: 'https://dev-1234.oktapreview.com/'
    token: 'xYzabc'

If providing environment variables, the configuration names are flattened and delimited with underscores:

OKTA_CLIENT_ORGURL=https://dev-1234.oktapreview.com/
OKTA_CLIENT_TOKEN=xYzabc

See CONTRIBUTING.md if you would like to propose changes to this library.