From 6edbb836ca17c461752280d6987e559549add506 Mon Sep 17 00:00:00 2001
From: Maxim Dietz <maxim.dietz@goteleport.com>
Date: Fri, 20 Dec 2024 15:20:21 -0500
Subject: [PATCH] feat: Backend/type changes for Okta Integration enrolment
 improvements

---
 lib/web/apiserver.go                              |  2 +-
 lib/web/oidcidp.go                                |  6 ++++++
 .../teleport/src/Notifications/Notification.tsx   |  2 +-
 web/packages/teleport/src/config.ts               | 10 +++++++---
 .../teleport/src/services/integrations/types.ts   | 15 +++++++++++++++
 5 files changed, 30 insertions(+), 5 deletions(-)

diff --git a/lib/web/apiserver.go b/lib/web/apiserver.go
index 0ba583adc52a4..fe0ac8a6c2ef5 100644
--- a/lib/web/apiserver.go
+++ b/lib/web/apiserver.go
@@ -1053,7 +1053,7 @@ func (h *Handler) bindDefaultEndpoints() {
 	h.GET("/webapi/scripts/integrations/configure/gcp-workforce-saml.sh", h.WithLimiter(h.gcpWorkforceConfigScript))
 
 	// Okta integration endpoints.
-	h.GET("/.well-known/jwks-okta", h.WithLimiter(h.jwksOkta))
+	h.GET(OktaJWKSURI, h.WithLimiter(h.jwksOkta))
 
 	// Azure OIDC integration endpoints
 	h.GET("/webapi/scripts/integrations/configure/azureoidc.sh", h.WithLimiter(h.azureOIDCConfigure))
diff --git a/lib/web/oidcidp.go b/lib/web/oidcidp.go
index 7b9c433f378f7..e5185bc100feb 100644
--- a/lib/web/oidcidp.go
+++ b/lib/web/oidcidp.go
@@ -32,6 +32,8 @@ import (
 const (
 	// OIDCJWKWURI is the relative path where the OIDC IdP JWKS is located
 	OIDCJWKWURI = "/.well-known/jwks-oidc"
+	// OktaJWKSURI is the relative path where the Okta JWKS is located
+	OktaJWKSURI = "/.well-known/jwks-okta"
 )
 
 // openidConfiguration returns the openid-configuration for setting up the AWS OIDC Integration
@@ -49,6 +51,10 @@ func (h *Handler) jwksOIDC(_ http.ResponseWriter, r *http.Request, _ httprouter.
 	return h.jwks(r.Context(), types.OIDCIdPCA, true)
 }
 
+func (h *Handler) jwksOKTA(_ http.ResponseWriter, r *http.Request, _ httprouter.Params) (interface{}, error) {
+	return h.jwks(r.Context(), types.OktaCA, false)
+}
+
 // thumbprint returns the thumbprint as required by AWS when adding an OIDC Identity Provider.
 // This is documented here:
 // https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html
diff --git a/web/packages/teleport/src/Notifications/Notification.tsx b/web/packages/teleport/src/Notifications/Notification.tsx
index 5278bfcf22c84..550dc2c88bc99 100644
--- a/web/packages/teleport/src/Notifications/Notification.tsx
+++ b/web/packages/teleport/src/Notifications/Notification.tsx
@@ -98,7 +98,7 @@ export function Notification({
   if (view === 'Unread' && notification.clicked) {
     // If this is a text content notification, the dialog should still be renderable. This is to prevent the text content dialog immediately disappearing
     // when trying to open an unread text notification, since clicking on the notification instantly marks it as read.
-    if (content.kind == 'text') {
+    if (content.kind === 'text') {
       return (
         <Dialog open={showTextContentDialog} className={IGNORE_CLICK_CLASSNAME}>
           <DialogHeader>
diff --git a/web/packages/teleport/src/config.ts b/web/packages/teleport/src/config.ts
index a5d3661efee56..b6bdc408c199b 100644
--- a/web/packages/teleport/src/config.ts
+++ b/web/packages/teleport/src/config.ts
@@ -199,7 +199,7 @@ const cfg = {
     kubernetes: '/web/cluster/:clusterId/kubernetes',
     headlessSso: `/web/headless/:requestId`,
     integrations: '/web/integrations',
-    integrationStatus: '/web/integrations/status/:type/:name',
+    integrationStatus: '/web/integrations/status/:type/:name/:page?',
     integrationEnroll: '/web/integrations/new/:type?',
     locks: '/web/locks',
     newLock: '/web/locks/new',
@@ -562,8 +562,12 @@ const cfg = {
     return generatePath(cfg.routes.integrationEnroll, { type });
   },
 
-  getIntegrationStatusRoute(type: PluginKind | IntegrationKind, name: string) {
-    return generatePath(cfg.routes.integrationStatus, { type, name });
+  getIntegrationStatusRoute(
+    type: PluginKind | IntegrationKind,
+    name: string,
+    page?: string
+  ) {
+    return generatePath(cfg.routes.integrationStatus, { type, name, page });
   },
 
   getMsTeamsAppZipRoute(clusterId: string, plugin: string) {
diff --git a/web/packages/teleport/src/services/integrations/types.ts b/web/packages/teleport/src/services/integrations/types.ts
index 9e631c7caf506..dc6fcc51bbd6d 100644
--- a/web/packages/teleport/src/services/integrations/types.ts
+++ b/web/packages/teleport/src/services/integrations/types.ts
@@ -240,6 +240,21 @@ export type PluginOktaSpec = {
    * the Okta org's base URL
    */
   orgUrl: string;
+
+  enableUserSync?: boolean;
+  enableAccessListSync?: boolean;
+  enableAppGroupSync?: boolean;
+
+  /**
+   * contains currently configured credentials for the plugin
+   */
+  credentialsInfo?: CredentialsInfo;
+};
+
+export type CredentialsInfo = {
+  hasSSMSToken?: boolean;
+  hasConfiguredOauthCredentials?: boolean;
+  hasSCIMToken?: boolean;
 };
 
 export type PluginSlackSpec = {