diff --git a/builtin/credential/okta/backend.go b/builtin/credential/okta/backend.go index 6d75a61883abe..441443cf3a31c 100644 --- a/builtin/credential/okta/backend.go +++ b/builtin/credential/okta/backend.go @@ -100,7 +100,7 @@ func (b *backend) Login(ctx context.Context, req *logical.Request, username stri StateToken string `json:"stateToken"` } - authReq, err := shim.NewRequest("POST", "/api/v1/authn", map[string]interface{}{ + authReq, err := shim.NewRequest("POST", "authn", map[string]interface{}{ "username": username, "password": password, }) diff --git a/builtin/credential/okta/backend_test.go b/builtin/credential/okta/backend_test.go index 9a6b20d9e130f..0794ea9081fc5 100644 --- a/builtin/credential/okta/backend_test.go +++ b/builtin/credential/okta/backend_test.go @@ -15,6 +15,15 @@ import ( "github.com/hashicorp/vault/sdk/logical" ) +// To run this test, set the following env variables: +// VAULT_ACC=1 +// OKTA_ORG=dev-219337 +// OKTA_API_TOKEN= +// OKTA_USERNAME=test2@example.com +// OKTA_PASSWORD= +// +// You will need to install the Okta client app on your mobile device and +// setup MFA. func TestBackend_Config(t *testing.T) { defaultLeaseTTLVal := time.Hour * 12 maxLeaseTTLVal := time.Hour * 24 diff --git a/builtin/credential/okta/path_config.go b/builtin/credential/okta/path_config.go index 32d8b3d959f65..7faede370a897 100644 --- a/builtin/credential/okta/path_config.go +++ b/builtin/credential/okta/path_config.go @@ -6,6 +6,7 @@ import ( "github.com/hashicorp/go-cleanhttp" "net/http" "net/url" + "strings" "time" oktaold "github.com/chrismalek/oktasdk-go/okta" @@ -282,6 +283,9 @@ func (new *oktaShimNew) Client() *oktanew.Client { } func (new *oktaShimNew) NewRequest(method string, url string, body interface{}) (*http.Request, error) { + if !strings.HasPrefix(url, "/") { + url = "/api/v1/" + url + } return new.client.GetRequestExecutor().NewRequest(method, url, body) }