Okta Keys
Description
General
- Documentation: https://developer.okta.com/docs/guides/find-your-app-credentials/-/main/
- Summary: Okta is an identity and access management company, it provides cloud solutions that help companies manage and secure user authentication. Applications that use Okta for authentication can be set and associated to a user account, they are attributed a
client_idand aclient_secretto authenticate communications between the applications and Okta. This detector focuses on catching those keys. - IPs allowlist: Sign on rules can be set for each application to restrict the zone from which user can connect and thus interact with Okta.
- Scopes: A variety of scopes can be associated to the application that is integrating with Okta, from the
Application/Okta API Scopestab.
Revoke the secret
A new client secret can be generated from the Application/General tab of the dashboard. This automatically revokes the previous client secret.
Check for suspicious activity
Okta keeps logs of any actions or calls made with an application registered on the platform.
Details for Okta keys
Family: Api
Category: Identity provider
Company: Okta
High recall: True
Validity check available: False
Minimum number of matches: 2
Occurrences found for one million commits: 1.61
Prefixed: True
PreValidators:
- type: ContentWhitelistPreValidator
patterns:
- 0oa[a-z0-9_-]{10,20}
Examples
- text: |
// Add Okta_Keys to your environment variables
user.oauth.clientId=0oaq5duedN0lmmT143i4
user.oauth.clientSecret=3Be9-tDiFMDp6kYdmQDsbUFEVy7K2_wb0lsje2vw
client_id: '0oaq5duedN0lmmT143i4'
client_secret: '3Be9-tDiFMDp6kYdmQDsbUFEVy7K2_wb0lsje2vw'
- text: |
$(app) -i https://dev-123456.oktapreview.com -c 0oaq5duedN0lmmT143i4 -c secret-client=3Be9-tDiFMDp6kYdmQDsbUFEVy7K2_wb0lsje2vw
client_id: '0oaq5duedN0lmmT143i4'
client_secret: '3Be9-tDiFMDp6kYdmQDsbUFEVy7K2_wb0lsje2vw'
