As part of the documentation for enabling OAuth 2.0 for provisioning between source/target (hub/spoke) orgs, Okta instructs users to make a POST /api/v1/apps request to the spoke org to gather key credentials for the Org2Org application.
I would like to automate this process using terraform, but I am not able to identify a terraform resource or data source that would provide me with the key credentials. Example output below:
[
{
"kty": "RSA",
"created": "2022-01-20T19:50:14.000Z",
"lastUpdated": "2022-01-20T19:50:14.000Z",
"expiresAt": "2024-01-20T19:50:13.000Z",
"kid": "sf-jWwRKMUU55 ... GucHLxIh_-fYLAofB8",
"use": "sig",
"x5c": [
"MIIDqDCCApCgAwIBAgIGAX55CiDiMA0GCSqG ... c5Iuo9j3wpemDSgGapXQ=="
],
"x5t#S256": "v-v2V8soFmXuhC ... nrJ4ho-N3P8aASFc",
"e": "AQAB",
"n": "gIxwqCNkdAb1ioyNBY2boqUCrMj_NSFJAl ... 7dZFiAYF7p_k3XMXOh-hsL_D8FDQ"
}
]
Ideally, I would like to use a terraform data source to gather the credential keys and use them to create an OAuth 2.0 service app, as the Okta documentation instructs.
data "okta_app_saml" "okta_customer_poc" {
provider = okta.internal_us
label = "Okta Customer PoC"
}
resource "okta_app_oauth" "example" {
label = "example"
type = "service"
response_types = ["token"]
grant_types = ["client_credentials"]
token_endpoint_auth_method = "private_key_jwt"
jwks {
kty = data.okta_app_saml.okta_customer_poc.credentials.jwks[0].kty
kid = data.okta_app_saml.okta_customer_poc.credentials.jwks[0].kid
x = data.okta_app_saml.okta_customer_poc.credentials.jwks[0].x
y = data.okta_app_saml.okta_customer_poc.credentials.jwks[0].y
}
jwks {
kty = data.okta_app_saml.okta_customer_poc.credentials.jwks[1].kty
kid = data.okta_app_saml.okta_customer_poc.credentials.jwks[1].kid
e = data.okta_app_saml.okta_customer_poc.credentials.jwks[1].e
n = data.okta_app_saml.okta_customer_poc.credentials.jwks[1].n
}
}
I'm gathering that the above solution isn't currently supported, but I'm wondering if I'm missing some other obvious solution.