list_applications returning KeyError about okta-sdk-python HOT 27 CLOSED

@ryanbackman A couple things here. With the Client initialization, as long as you have environment variables OKTA_CLIENT_ORGURL and OKTA_CLIENT_TOKEN you do not need to pass anything into the instantiation. Our client will pull environment variables for you directly. This is defined in more details in the readme

As for the issues with your coroutine. We have updated our samples in our readme that may be helpful for you. Take a look at these samples since they are a little different then the code you have.

Let us know if this help. If not, please come back here and if you can give us more information about your specific error.

from okta-sdk-python.

Thanks for the suggestions about the environment variables, that does simplify things a bit... but I'm still unable to get list_applications to work. I've matched the readme and have a requests snippet that does the same thing successfully with the direct api. Note that if I change list_applications to list_users I get a full list of users.

import asyncio
from okta.client import Client

async def main():
    client = Client()
    x = await client.list_applications()
    print(x)

loop = asyncio.get_event_loop()
loop.run_until_complete(main())

Result: (None, <okta.api_response.OktaAPIResponse object at 0x7fc956a98b10>, KeyError('office365'))

import requests
import os

OKTA_CLIENT_TOKEN = os.getenv("OKTA_CLIENT_TOKEN")
OKTA_CLIENT_ORG_URL = os.getenv("OKTA_CLIENT_ORG_URL")

headers = {
    "Authorization": f"SSWS {OKTA_CLIENT_TOKEN}",
    "Content-Type": "application/json",
    "Accept": "application/json"
}
response = requests.request("GET", f"{OKTA_CLIENT_ORG_URL}/api/v1/apps", data="", headers=headers)
print(response.text)

Result: JSON containing all applications

from okta-sdk-python.

@ryanbackman Can you provide more details on the issue? Maybe, some sort of reproduce steps? I've investigated a bit and there are two places at least, which can provide response with that structure - (None, response, error). And, as usual, it works perfectly on my env.

from okta-sdk-python.

I can't say I have any more reproduction steps other than running the code. I've simplified it down to nuts and bolts. I had some filters set which were returning no results, so I simplified it down to just "give me everything." We have 41 active apps and 7 inactive. office365 is one of the active apps. I'll set some debug statement and try to figure out which of those two places it is throwing the exception.

from okta-sdk-python.

The error is being thrown on line 101 in okta/resource_clients/application_client.py.

This is the traceback I get.

  File "/usr/local/lib/python3.7/site-packages/okta/resource_clients/application_client.py", line 96, in list_applications
    find_app_model(item["signOnMode"], item["name"])(
  File "/usr/local/lib/python3.7/site-packages/okta/constants.py", line 51, in find_app_model
    return OKTA_APP_NAME_TO_MODEL[template_name]

from okta-sdk-python.

It goes to part where it thinks it should be browser app plugin, L50-51. So, the question is what is the value of "signOnMode" for app Office365?
Hint: okta/resource_clients/application_client.py, L94-99

from okta-sdk-python.

SAML_1_1

from okta-sdk-python.

find_app_model is being called with 'SAML_1_1' and 'office365'. OKTA_APP_NAME_TO_MODEL is then being referenced with 'office365' as the key. According to OKTA_APP_NAME_TO_MODEL, 'template_swa', and 'template_swa3field' are the only keys...

from okta-sdk-python.

Yes. The thing is, currently we have SAML_2_0 supported only. Although, I don't see any reason why we can't have SAML_1_1 among them (L22 - ASM.SAML_2_0: models.SamlApplication). Let me investigate why it is so. Meanwhile, you can add there ASM.SAML_1_1: models.SamlApplication just for experiment

from okta-sdk-python.

That worked!

I'm seeing SAML 1.1 in the user interface, should this be SAML 2.0?

from okta-sdk-python.

I suggest switch to SAML 2.0 if it is possible. Meanwhile, I'm investigating if SAML 1.1 can be supported

from okta-sdk-python.

We are working on an update to the openapi sdk that builds our Python SDK to support SAML 1.1 as well as SAML 2.0. I will update you when this release is done in the next few days

from okta-sdk-python.

I'm running into another issue with list_applications... One of my applications has a signOnMode of None, which has no corresponding entry in OKTA_APP_SIGN_ON_TO_MODE in constants.py.

from okta-sdk-python.

@ryanbackman What's the application? In this case it should be considered as browser plugin app or there is something wrong with signOnMode. Looks like it's possible to have different unexpected cases and need to think how to cover all of them.

from okta-sdk-python.

@ryanbackman We have released an update to the SDK that includes support for SAML1.1

I believe this update will resolve your concerns without having to update your application in Okta.

Please let us know if this is still an issue.

from okta-sdk-python.

Awesome!

That fixed the issue with the SAML 1.1 application. I'm still running into problems with an app that has no SignOnMode. I've included None: models.SamlApplication in my version of OKTA_SIGN_ON_TO_MODEL and that solves the issue. Certainly and ugly hack, but all I'm trying to do is the list the applications a user has.

I get the following error with this particular application (I'm raising the Exception on line 101 of resource_clients/application_client.py instead of returning it).

  File "/usr/local/lib/python3.7/site-packages/gfu_okta/gfu_okta.py", line 96, in apps
    temp_apps, resp, err = self.loop.run_until_complete(self.client.list_applications(query_params_list))
  File "/usr/local/lib/python3.7/asyncio/base_events.py", line 579, in run_until_complete
    return future.result()
  File "/usr/local/lib/python3.7/site-packages/okta/resource_clients/application_client.py", line 96, in list_applications
    find_app_model(item["signOnMode"], item["name"])(
  File "/usr/local/lib/python3.7/site-packages/okta/constants.py", line 52, in find_app_model
    return OKTA_APP_NAME_TO_MODEL[template_name]
KeyError: 'active_directory'

Let me know if you want any more information!

from okta-sdk-python.

@ryanbackman Thank you for the new information. And is there any new KeyError after your small hack?

from okta-sdk-python.

from okta-sdk-python.

@ryanbackman I see, looks like we need to have some default model for such cases. Let me investigate it.

from okta-sdk-python.

@ryanbackman Could you please, share more details on this application which is failing? It would be good to see similar screenshot as for office 365 above.

from okta-sdk-python.

I'm not able to find any information about the "active_directory" application in the GUI. I am able to find references to it if I run the Current Assignments Report, but that just lets me see the Application Name of "Active Directory." Is this some sort of core "Application" since it is where we pull all our user information from?

from okta-sdk-python.

Very interesting case. Could you please, get list of all applications via python requests or curl and show it? I'd like to see app names at least. It would be good to see additional data as well (but need to remove all sensitive data). Example of curl command to get list of apps:
curl -X GET https://{yourOktaDomain}/api/v1/apps -H "Authorization: SSWS {yourToken}"

from okta-sdk-python.

I'm having similar issues with list_applications and I also use the "special" active_directory app. Below is the json output for active_directory from /api/v1/apps from our tenant:

    {
        "id": "XXXXXXX",
        "name": "active_directory",
        "label": "*ACTIVE-DIRECTORY-DOMAIN-NAME*",
        "status": "ACTIVE",
        "lastUpdated": "2020-12-09T01:59:25.000Z",
        "created": "2020-10-27T20:27:07.000Z",
        "accessibility": {
            "selfService": false,
            "errorRedirectUrl": null,
            "loginRedirectUrl": null
        },
        "visibility": {
            "autoSubmitToolbar": false,
            "hide": {
                "iOS": false,
                "web": false
            },
            "appLinks": {}
        },
        "features": [
            "IMPORT_PROFILE_UPDATES",
            "PROFILE_MASTERING",
            "OUTBOUND_DEL_AUTH",
            "IMPORT_USER_SCHEMA",
            "IMPORT_NEW_USERS"
        ],
        "signOnMode": null,
        "credentials": {
            "userNameTemplate": {
                "template": "substringBefore(user.login, \"@\") + \"@\" + target_app.namingContext",
                "type": "CUSTOM"
            },
            "signing": {}
        },
        "settings": {
            "app": {
                "jitGroupsAcrossDomains": false,
                "password": null,
                "scanRate": null,
                "searchOrgUnit": null,
                "filterGroupsByOU": false,
                "namingContext": "*ACTIVE-DIRECTORY-DOMAIN-NAME*",
                "login": null,
                "activationEmail": null
            },
            "notifications": {
                "vpn": {
                    "network": {
                        "connection": "DISABLED"
                    },
                    "message": null,
                    "helpUrl": null
                }
            }
        },
        "_links": {
            "appLinks": [],
            "groups": {
                "href": "https://*DOMAIN-URL*/api/v1/apps/0oa19ssqzoQL8wiuD4x7/groups"
            },
            "logo": [
                {
                    "name": "medium",
                    "href": "https://ok11static.oktacdn.com/assets/img/logos/active-directory.9d71e6886192896cd905f4987688d95f.png",
                    "type": "image/png"
                }
            ],
            "users": {
                "href": "https://*DOMAIN-URL*/api/v1/apps/0oa19ssqzoQL8wiuD4x7/users"
            },
            "deactivate": {
                "href": "https://*DOMAIN-URL*/api/v1/apps/0oa19ssqzoQL8wiuD4x7/lifecycle/deactivate"
            }
        }
    }

from okta-sdk-python.

@briandean Thank you for this detailed output. Working on the solution.

from okta-sdk-python.

@ryanbackman @briandean okta-sdk-python v1.3.1 released. This should fix given errors. I'd love to hear a feedback if everything is fine.

from okta-sdk-python.

from okta-sdk-python.

Happy to hear that @ryanbackman Please let us know if there is anything else you come across.

from okta-sdk-python.