Create Okta OAuth Adapter

app/config/providers.php

@@ -141,6 +141,16 @@ return [ // Ordered by ABC.
         'beta' => false,
         'mock' => false,
     ],
+    'okta' => [
+        'name' => 'Okta',
+        'developers' => 'https://developer.okta.com/',
+        'icon' => 'icon-okta',
+        'enabled' => true,
+        'sandbox' => false,
+        'form' => 'okta.phtml',
+        'beta' => false,
+        'mock' => false,
+    ],
     'paypal' => [
         'name' => 'PayPal',
         'developers' => 'https://developer.paypal.com/docs/api/overview/',

app/views/console/users/oauth/okta.phtml

@@ -0,0 +1,12 @@
+<?php
+$provider = $this->getParam('provider', '');
+?>
+
+<label for="oauth2<?php echo $this->escape(ucfirst($provider)); ?>Appid">Client ID<span class="tooltip" data-tooltip="Provided by Okta"><i class="icon-info-circled"></i></span></label>
+<input name="appId" id="oauth2<?php echo $this->escape(ucfirst($provider)); ?>Appid" type="text" autocomplete="off" data-ls-bind="{{console-project.provider<?php echo $this->escape(ucfirst($provider)); ?>Appid}}" placeholder="Client ID" />
+<label for="oauth2<?php echo $this->escape(ucfirst($provider)); ?>ClientSecret">Client Secret <span class="tooltip" data-tooltip="Provided in the Application you created in Okta"><i class="icon-info-circled"></i></span></label>
+<input name="clientSecret" id="oauth2<?php echo $this->escape(ucfirst($provider)); ?>ClientSecret" type="password" autocomplete="off" placeholder="Client Secret" />
+<label for="oauth2<?php echo $this->escape(ucfirst($provider)); ?>Domain">Okta Domain<span class="tooltip" data-tooltip="Your Okta Domain (without 'https://')"><i class="icon-info-circled"></i></span></label>
+<input name="oktaDomain" id="oauth2<?php echo $this->escape(ucfirst($provider)); ?>Domain" type="text" autocomplete="off" placeholder="dev-1337.okta.com" />
+<?php /*Hidden input for the final secret. Gets filled with a JSON via JS. */ ?>
+<input name="secret" data-forms-oauth-custom="<?php echo $this->escape(ucfirst($provider)); ?>" id="oauth2<?php echo $this->escape(ucfirst($provider)); ?>Secret" type="hidden" autocomplete="off" data-ls-bind="{{console-project.provider<?php echo $this->escape(ucfirst($provider)); ?>Secret}}" />

public/scripts/views/forms/oauth-custom.js

@@ -16,6 +16,10 @@
           "keyID": "oauth2AppleKeyId",
           "teamID": "oauth2AppleTeamId",
           "p8": "oauth2AppleP8"
+        },
+        "Okta": {
+          "clientSecret": "oauth2OktaClientSecret",
+          "oktaDomain": "oauth2OktaDomain"
         }
       }
       let provider = element.getAttribute("data-forms-oauth-custom");

src/Appwrite/Auth/OAuth2/Okta.php

@@ -0,0 +1,210 @@
+<?php
+
+namespace Appwrite\Auth\OAuth2;
+
+use Appwrite\Auth\OAuth2;
+
+// Reference Material
+// https://developer.okta.com/docs/guides/sign-into-web-app-redirect/php/main/
+
+class Okta extends OAuth2
+{  
+     /**
+     * @var array
+     */
+    protected $scopes = [
+        'openid',
+        'profile',
+        'email',
+        'offline_access'
+    ];
+    
+    /**
+     * @var array
+     */
+    protected $user = [];
+    
+    /**
+     * @var array
+     */
+    protected $tokens = [];
+    
+    /**
+     * @return string
+     */
+    public function getName(): string
+    {
+        return 'okta';
+    }
+
+    /**
+     * @return string
+     */
+    public function getLoginURL(): string
+    {
+        return 'https://'.$this->getOktaDomain().'/oauth2/default/v1/authorize?'.\http_build_query([
+            'client_id' => $this->appID,
+            'redirect_uri' => $this->callback,
+            'state'=> \json_encode($this->state),
+            'scope'=> \implode(' ', $this->getScopes()),
+            'response_type' => 'code'
+        ]);
+    }
+
+    /**
+     * @param string $code
+     *
+     * @return array
+     */
+    protected function getTokens(string $code): array
+    {
+        if(empty($this->tokens)) {
+            $headers = ['Content-Type: application/x-www-form-urlencoded'];
+            $this->tokens = \json_decode($this->request(
+                'POST',
+                'https://'.$this->getOktaDomain().'/oauth2/default/v1/token',
+                $headers,
+                \http_build_query([
+                    'code' => $code,
+                    'client_id' => $this->appID,
+                    'client_secret' => $this->getClientSecret(),
+                    'redirect_uri' => $this->callback,
+                    'scope' => \implode(' ', $this->getScopes()),
+                    'grant_type' => 'authorization_code'
+                ])
+            ), true);
+        }
+
+        return $this->tokens;
+    }
+    
+    
+    /**
+     * @param string $refreshToken
+     *
+     * @return array
+     */
+    public function refreshTokens(string $refreshToken): array
+    {
+        $headers = ['Content-Type: application/x-www-form-urlencoded'];
+        $this->tokens = \json_decode($this->request(
+            'POST',
+            'https://'.$this->getOktaDomain().'/oauth2/default/v1/token',
+            $headers,
+            \http_build_query([
+                'refresh_token' => $refreshToken,
+                'client_id' => $this->appID,
+                'client_secret' => $this->getClientSecret(),
+                'grant_type' => 'refresh_token'
+            ])
+        ), true);
+
+        if(empty($this->tokens['refresh_token'])) {
+            $this->tokens['refresh_token'] = $refreshToken;
+        }
+
+        return $this->tokens;
+    }
+
+    /**
+     * @param string $accessToken
+     *
+     * @return string
+     */
+    public function getUserID(string $accessToken): string
+    {
+        $user = $this->getUser($accessToken);
+        
+        if (isset($user['sub'])) {
+            return $user['sub'];
+        }
+        
+        return '';
+    }
+
+    /**
+     * @param string $accessToken
+     *
+     * @return string
+     */
+    public function getUserEmail(string $accessToken): string
+    {
+        $user = $this->getUser($accessToken);
+        
+        if (isset($user['email'])) {
+            return $user['email'];
+        }
+        
+        return '';
+    }
+
+    /**
+     * @param string $accessToken
+     *
+     * @return string
+     */
+    public function getUserName(string $accessToken): string
+    {
+        $user = $this->getUser($accessToken);
+        
+        if (isset($user['name'])) {
+            return $user['name'];
+        }
+        
+        return '';
+    }
+    
+     /**
+     * @param string $accessToken
+     *
+     * @return array
+     */
+    protected function getUser(string $accessToken): array
+    {
+        if (empty($this->user)) {
+            $headers = ['Authorization: Bearer '. \urlencode($accessToken)];
+            $user = $this->request('GET', 'https://'.$this->getOktaDomain().'/v1/userinfo', $headers);
+            $this->user = \json_decode($user, true);
+        }
+
+        return $this->user;
+    }
+
+    /**
+     * Extracts the Client Secret from the JSON stored in appSecret
+     * 
+     * @return string
+     */
+    protected function getClientSecret(): string
+    {
+        $secret = $this->getAppSecret();
+
+        return (isset($secret['clientSecret'])) ? $secret['clientSecret'] : ''; 
+    }
+
+     /**
+     * Extracts the Okta Domain from the JSON stored in appSecret
+     * 
+     * @return string
+     */
+    protected function getOktaDomain(): string
+    {
+        $secret = $this->getAppSecret();
+        return (isset($secret['oktaDomain'])) ? $secret['oktaDomain'] : ''; 
+    }
+
+    /**
+     * Decode the JSON stored in appSecret
+     * 
+     * @return array
+     */
+    protected function getAppSecret(): array
+    {    
+        try {
+            $secret = \json_decode($this->appSecret, true, 512, JSON_THROW_ON_ERROR);
+        } catch (\Throwable $th) {
+            throw new \Exception('Invalid secret');
+        }
+        return $secret;
+    }
+}