Omit jwks for Okta OAuth Apps

[stephanabel]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

---

Description

Currently for oauth apps with type="service", grant_types=["client_credentials"] and token_endpoint_auth_method="private_key_jwt" configured, it is not possible to manage the jwk sets via the UI.
Instead the jwks block has to be provided via terraform and can only be managed via terraform.

For token_endpoint_auth_method="client_secret_basic" there seems to be a option via omit_secret to not manage the client secret via terraform and instead manage them via the UI.

It would be nice to have this functionality also for the private_key_jwt authentication method.

New or Affected Resource(s)

• okta_app_oauth

Potential Terraform Configuration

resource "okta_app_oauth" "app_service_oauth_app" {
  label          = "app-service-tf"
  type           = "service"
  grant_types    = ["client_credentials"]
  token_endpoint_auth_method = "private_key_jwt"
  omit_jwks  = true
}

References

[stephanabel]

I just realized this can be achieved with plain terraform:

resource "okta_app_oauth" "app_service_oauth_app" {
  label          = "app-service-tf"
  type           = "service"
  grant_types    = ["client_credentials"]
  token_endpoint_auth_method = "private_key_jwt"
  jwks {
    kty   = <some_kty>
    e     = <some_e>
    kid   = <some_kid>
    n     = <some_n>
  }
  lifecycle {
      ignore_changes = [
        jwks,
      ]
  }
}

this allows to create an app with a default/dummy jwks and allows modification of the jwks later.
Closing this.