I am using Okta for SSO and I want to receive an event webhook for when a user is assigned, deleted, removed from an application.
The Okta documentation says there's 2 types of hooks (asynchronous and synchronous).
I think synchronous, inline hooks are better because if my backend app doesn't process the event correctly, then I do not want the user to be removed on the Okta side.
Which inline event hook type should I use to know when a user is removed/unassigned from an application?
Documentation I have looked at so far:
https://developer.okta.com/blog/2020/07/20/easy-user-sync-hooks
https://developer.okta.com/docs/reference/api/event-types/#catalog
https://developer.okta.com/docs/concepts/event-hooks/#sample-event-delivery-payload
https://developer.okta.com/docs/concepts/inline-hooks/
https://developer.okta.com/docs/reference/hooks/#get-started
Sync hooks exist only for certain events, so you can't just choose for any given event which hook you want to use. If I'm correct application unassignment is not the one covered by inline hooks, so you are left only with async one.
You can read more about inline ones in Okta documentation
Related
In Okta, I can unassign a user from an application but then the application will not know that the user has been unassigned and will still show the user in the application.
What is the best way to "alert" the application that the user has been unassigned so that the application can remove the user appropriately?
I looked at event hooks but event hooks send out a user unassigned event hook when the user is unassigned from any apps. I want to send a specific event hook out to the external application specifically for that application so that application can remove the user accordingly from their side.
https://help.okta.com/en-us/Content/Topics/automation-hooks/event-hooks-main.htm?cshid=ext-event-hooks
I see I can also download reports (recent unassignments) but that is a very manual process.
Is there an api endpoint I can hit from the external app to compare the users?
What do you suggest?
The best option is to use SCIM provisioning mechanism, where only events related to a particular application will be sent out to your configured endpoint on the application side.
Please check out Okta SCIM documentation
Can I assign specific event hooks to specific Okta applications?
I created a user is unassigned event hook but I'm receiving the event hook request when the user is unassigned from all Okta applications.
I would like to send out specific unassignment event hooks to different URLs depending on which application the user was unassigned from. So I would like to attach specific event hooks to specific applications so that the external applications can handle deprovisioning on their side.
Is this possible?
Looking through the documentation, it does not appear that is possible
https://developer.okta.com/docs/concepts/event-hooks/
Okta has open beta in progress for "conditional hooks" where you can filter events to be delivered to the hook endpoint. It might be something you can use to configure multiple hooks of the same type but different URLs for different applications based on the filter expression.
Check you Settings -> Features -> Open Betas if you have it
I'm integrating ACS video call into my service (NodeJs backend, React front).
I want to allow ACS video call session only for a scheduled time period, then force to end it if it is over.
However I cannot find the way of implement followings (or REST API)
list current call sessions
list participants of each sessions.
force to stop/end a session by group id or any call ID
webhooks/callback being called when the session closes and when the participant leaves session.
Could you please give me some hint or advice?
Much appreciated.
Jin
You can use the Call Automation to join or create a new call. Your app can join either as a participant of the call or act out of the call. Each option offers different capabilities described here.
The good news is that both options offer the capability to add and remove participants to/from the call:
Call Connections - Remove Participant
Server Calls - Remove Participant
If you decide to use the In-Call (App-Participant) APIs, can you specify the callbackUri in the CreateCallOptions or JoinCallOptions. On this URI, you can listen to events (webhooks) such as Participants updated and deserialize the information about them. There is a comprehensive quickstart app available on GitHub showcasing the concept of callback URIs on the call recording capabilities (see the CallRecordingController.cs and Utils.ts in the public-preview branch).
If you decide to use the Out-of-Call APIs, then you need to keep track of the participant IDs yourself.
Currently, the CallingServer SDKs are currently available only for .NET and Java so you'll have to use the REST API.
What I have come up with till now is to manually override methods like window.open, window.postMessage and window.onmessage to internally create a bridge within Dart.
Is there a standard approach to solve this?
I found the answer on a medium post under the heading: How to manage popup windows opened with target=”_blank” or “window.open”.
The key is to implement the onCreateWindow method and create another InAppWebView instance with the windowId received from CreateWindowAction.
Most API providers prohibit the use of webviews for Oauth because of security concerns. Providers require the use of an external browser to execute authorization of username and password. With Android, you must register a Callback activity in your manifest for the provider to direct the user to after authorization is complete and the browser closes.
You can look at oauth2_flutter to see how the author of that library handled the callback and how to configure it.
I want to use Dialogflow fulfillment to connect to an external webservice / API. One way of doing that is to use the custom webhook feature (not the inline web hook). However, when using the custom web hook it seems that you are limited to creating just one even though you may have many intents and you may want to call many endpoints. Is there a way to link to more custom webhooks (API endpoints)?
If you can only set up one web hook then your webserivce will always receive a Post request from Dialogflow and will then need to interpret the body of the request i.e. based on the intent parameter. Just wondering is there a better way to work with REST webservices with Dialogflow.
The other potential option is to use the inline web hook and then put logic in there to call specific endpoints, however, that might get a bit messy.
You can only setup one fulfillment that will handle the processing for all the Intents you've enabled. This can be either the built-in one through the fulfillment editor or at a webhook URL you specify.
That webhook is expected to delegate the actual processing to an Intent Handler of some sort. The Dialogflow node.js fulfillment library has a way to register what handler you want for each Intent name, or you can switch on the Intent name, the Action name, or any other field provided to you in your code.
In the library, you'll typically make the REST calls from an appropriate Intent handler which will take the parameters provided and craft the call. If you are using Javascript, make sure you are handling the call asynchronously and return a Promise.
I recommend a webhook because it gives you more control than the inline editor does. The inline editor is really just a webhook under the covers using Firebase Cloud Functions. Even putting it yourself in a Cloud Function gives you better control over it.
There may be costs depending where you host it, however Firebase has a free tier that is sufficient for testing and light operation. Once your Action is published, you are also eligible for a monthly cloud credit from Google.