Unable to use JWT based authorization #537
Description
Describe the bug?
We're trying to use this SDK to call OKTA API with the JWT signed credentials.
When we've configured it using JWT signing, it fails with the panic.
Code to reproduce
configSetters := []okta.ConfigSetter{
okta.WithOrgUrl(oktaConfig.OrgUrl),
okta.WithAuthorizationMode("JWT"),
okta.WithClientId(oktaConfig.ClientID)
}
if oktaConfig.ScopesList != "" {
configSetters = append(configSetters, okta.WithScopes(strings.Split(oktaConfig.ScopesList, ",")))
}
clientConfig, err := okta.NewConfiguration(configSetters...)
if err != nil {
return nil, fmt.Errorf("error loading Okta config: %w", err)
}
// Documentation states that WithClientAssertion exists but it does not in the latest version
clientConfig.Okta.Client.ClientAssertion = oktaConfig.PrivateKey
client := okta.NewAPIClient(clientConfig)
// And now make any call
ctx := context.Background()
req := c.Conn.GroupAPI.ListGroups(ctx)
req = req.Limit(limit)
groups, resp, err := req.Execute() // <--- will fail with panicWhat is expected to happen?
Should work with the code abode
What is the actual behavior?
If you run this it will fail with this stacktrace
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x0 pc=0x1026c4f08]
goroutine 1 [running]:
github.com/go-jose/go-jose/v3/jwt.(*signedBuilder).sign(0x140002662a0)
/Users/kirill.makhonin/go/pkg/mod/github.com/go-jose/go-jose/[email protected]/jwt/builder.go:225 +0x138
github.com/go-jose/go-jose/v3/jwt.(*signedBuilder).CompactSerialize(0x140002662a0)
/Users/kirill.makhonin/go/pkg/mod/github.com/go-jose/go-jose/[email protected]/jwt/builder.go:198 +0x3c
github.com/okta/okta-sdk-golang/v5/okta.createClientAssertion({0x140004e61a0, 0x1d}, {0x0, 0x0}, {0x0, 0x0})
/Users/kirill.makhonin/go/pkg/mod/github.com/okta/okta-sdk-golang/[email protected]/okta/client.go:691 +0x1a8
github.com/okta/okta-sdk-golang/v5/okta.getAccessTokenForPrivateKey(0x140002b0cc0, {0x140004e61a0, 0x1d}, {0x14000380e00, 0x6cb}, {0x140002d4300, 0x32}, {0x0, 0x0, 0x0}, ...)
/Users/kirill.makhonin/go/pkg/mod/github.com/okta/okta-sdk-golang/[email protected]/okta/client.go:731 +0x758
github.com/okta/okta-sdk-golang/v5/okta.(*JWTAuth).Authorize(0x140001d6770, {0x102a06629, 0x3}, {0x140002d4340, 0x2b})
/Users/kirill.makhonin/go/pkg/mod/github.com/okta/okta-sdk-golang/[email protected]/okta/client.go:461 +0x5e4
github.com/okta/okta-sdk-golang/v5/okta.(*APIClient).prepareRequest(0x140003ca008, {0x102d98468, 0x140001d6690}, {0x140002aa5a0, 0x28}, {0x102a06629, 0x3}, {0x0, 0x0}, 0x1400041da20, ...)
/Users/kirill.makhonin/go/pkg/mod/github.com/okta/okta-sdk-golang/[email protected]/okta/client.go:1256 +0x1934
github.com/okta/okta-sdk-golang/v5/okta.(*GroupAPIService).ListGroupsExecute(0x140003ca010, {{0x102d98468, 0x140001d6690}, {0x102d9e5b0, 0x140003ca010}, 0x140002cca30, 0x0, 0x0, 0x140001e66a0, 0x0, ...})
/Users/kirill.makhonin/go/pkg/mod/github.com/okta/okta-sdk-golang/[email protected]/okta/api_group.go:2499 +0xca8
github.com/okta/okta-sdk-golang/v5/okta.ApiListGroupsRequest.Execute({{0x102d984a0, 0x1032195c0}, {0x102d9e5b0, 0x140003ca010}, 0x140002cca30, 0x0, 0x0, 0x140001e66a0, 0x0, 0x0, ...})
When we've tried to dig in details ti looks issue is that getAccessTokenForPrivateKey does not send client_id and fails with
{
"errorCode" : "invalid_client",
"errorSummary" : "A client_id must be provided in the request.",
"errorLink" : "invalid_client",
"errorId" : "....",
"errorCauses" : [ ]
}Reproduction Steps?
Run code above
Additional Information?
No response
Golang Version
go version go1.24.5 darwin/arm64
SDK Version
5.0.6
OS version
No response