feat: Backend/type changes for Okta Integration enrolment improvements

lib/web/apiserver.go

@@ -1053,7 +1053,7 @@ func (h *Handler) bindDefaultEndpoints() {
 	h.GET("/webapi/scripts/integrations/configure/gcp-workforce-saml.sh", h.WithLimiter(h.gcpWorkforceConfigScript))
 
 	// Okta integration endpoints.
-	h.GET("/.well-known/jwks-okta", h.WithLimiter(h.jwksOkta))
+	h.GET(OktaJWKSURI, h.WithLimiter(h.jwksOkta))
 
 	// Azure OIDC integration endpoints
 	h.GET("/webapi/scripts/integrations/configure/azureoidc.sh", h.WithLimiter(h.azureOIDCConfigure))

lib/web/oidcidp.go

@@ -32,6 +32,8 @@ import (
 const (
 	// OIDCJWKWURI is the relative path where the OIDC IdP JWKS is located
 	OIDCJWKWURI = "/.well-known/jwks-oidc"
+	// OktaJWKSURI is the relative path where the Okta JWKS is located
+	OktaJWKSURI = "/.well-known/jwks-okta"
 )
 
 // openidConfiguration returns the openid-configuration for setting up the AWS OIDC Integration
@@ -49,6 +51,10 @@ func (h *Handler) jwksOIDC(_ http.ResponseWriter, r *http.Request, _ httprouter.
 	return h.jwks(r.Context(), types.OIDCIdPCA, true)
 }
 
+func (h *Handler) jwksOKTA(_ http.ResponseWriter, r *http.Request, _ httprouter.Params) (interface{}, error) {
+	return h.jwks(r.Context(), types.OktaCA, false)
+}
+
 // thumbprint returns the thumbprint as required by AWS when adding an OIDC Identity Provider.
 // This is documented here:
 // https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html

web/packages/teleport/src/Notifications/Notification.tsx

@@ -98,7 +98,7 @@ export function Notification({
   if (view === 'Unread' && notification.clicked) {
     // If this is a text content notification, the dialog should still be renderable. This is to prevent the text content dialog immediately disappearing
     // when trying to open an unread text notification, since clicking on the notification instantly marks it as read.
-    if (content.kind == 'text') {
+    if (content.kind === 'text') {
       return (
         <Dialog open={showTextContentDialog} className={IGNORE_CLICK_CLASSNAME}>
           <DialogHeader>

web/packages/teleport/src/config.ts

@@ -199,7 +199,7 @@ const cfg = {
     kubernetes: '/web/cluster/:clusterId/kubernetes',
     headlessSso: `/web/headless/:requestId`,
     integrations: '/web/integrations',
-    integrationStatus: '/web/integrations/status/:type/:name',
+    integrationStatus: '/web/integrations/status/:type/:name/:page?',
     integrationEnroll: '/web/integrations/new/:type?',
     locks: '/web/locks',
     newLock: '/web/locks/new',
@@ -562,8 +562,12 @@ const cfg = {
     return generatePath(cfg.routes.integrationEnroll, { type });
   },
 
-  getIntegrationStatusRoute(type: PluginKind | IntegrationKind, name: string) {
-    return generatePath(cfg.routes.integrationStatus, { type, name });
+  getIntegrationStatusRoute(
+    type: PluginKind | IntegrationKind,
+    name: string,
+    page?: string
+  ) {
+    return generatePath(cfg.routes.integrationStatus, { type, name, page });
   },
 
   getMsTeamsAppZipRoute(clusterId: string, plugin: string) {

web/packages/teleport/src/services/integrations/types.ts

@@ -240,6 +240,21 @@ export type PluginOktaSpec = {
    * the Okta org's base URL
    */
   orgUrl: string;
+
+  enableUserSync?: boolean;
+  enableAccessListSync?: boolean;
+  enableAppGroupSync?: boolean;
+
+  /**
+   * contains currently configured credentials for the plugin
+   */
+  credentialsInfo?: CredentialsInfo;
+};
+
+export type CredentialsInfo = {
+  hasSSMSToken?: boolean;
+  hasConfiguredOauthCredentials?: boolean;
+  hasSCIMToken?: boolean;
 };
 
 export type PluginSlackSpec = {