ApiKey parameter does not work for Authentication of API Calls #52
Description
The OktaConfiguration object has two APIKey properties
- ApiKey
- ApiKeyPrefix
These values are used in the APIs to set a Header parameter of apiToken to be the value inside ApiKey.apiToken and ApiKeyPrefix is ignored. The documentation about APIKey authorization says the header shoudl be Authorization and it should be a prefix of SSWS followed by the auth token per https://github.com/okta/okta-powershell-cli/blob/main/openapi3/management.yaml#L16409
Pass the API token as the Authorization header value prefixed with SSWS: `Authorization: SSWS {API Token}`
The test case I am using is attempting is this after digging into the code to find the structure of the ApiKey is this:
$Configuration = Get-OktaConfiguration
$Configuration.BaseUrl = 'https://myorg.okta.com'
$Configuration.ApiKey = @{apitoken='myApiToken`}'
$Configuration.ApiKeyPrefix = "SSWS"
Invoke-OktaListUsersWhich returns this
Invoke-WebRequest: E:\OktaWork\okta-powershell-cli\src\Okta.PowerShell\Private\OktaApiClient.ps1:171
Line |
171 | … $RawResponse = Invoke-WebRequest -Uri $UriBuilder.Uri `
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| { "errorCode": "E0000005", "errorSummary": "Invalid session", "errorLink": "E0000005", "errorId":
| "oaeuQp-VKZ-SUyDE5-SJIiYUA", "errorCauses": [] }
The source of this is that setting the ApiKey is not being passed in to the Authorization header
I did find the swapping in terminology between ApiToken and ApiKey to be a bit challenging so it could be that Im misreading what ApiKey and Prefix is, but the yaml appeasr to indicate the terms being used interchangably