{"id":4662,"library":"okta","title":"Okta Python SDK","description":"The `okta` Python SDK provides a client for interacting with the Okta Management API, enabling developers to manage users, applications, groups, and other Okta resources. It's currently on version 3.4.0 and receives frequent updates, with minor versions released often and major versions (e.g., v3.0.0) introducing significant API changes every few months.","status":"active","version":"3.4.0","language":"en","source_language":"en","source_url":"https://github.com/okta/okta-sdk-python","tags":["authentication","identity","sso","iam","okta","sdk","security"],"install":[{"cmd":"pip install okta","lang":"bash","label":"Install latest version"}],"dependencies":[{"reason":"Used internally by the SDK for JWT-related operations and token validation.","package":"okta-jwt-verifier","optional":false},{"reason":"Used for making HTTP requests to the Okta API.","package":"requests","optional":false},{"reason":"Used for JSON Web Token (JWT) handling.","package":"pyjwt","optional":false},{"reason":"Provides JOSE (JSON Object Signing and Encryption) capabilities, particularly for cryptographic operations with JWTs.","package":"python-jose","optional":false}],"imports":[{"note":"The main client class is `Client` and is imported from `okta.client`.","wrong":"from okta.OktaClient import OktaClient","symbol":"Client","correct":"from okta.client import Client"}],"quickstart":{"code":"import os\nfrom okta.client import Client as OktaClient\n\n# Configure the Okta client using environment variables\n# OKTA_ORG_URL should be your Okta tenant URL, e.g., https://your-org.okta.com\n# OKTA_TOKEN should be an API Token with sufficient permissions (e.g., Read only administrator)\nconfig = {\n    'orgUrl': os.environ.get('OKTA_ORG_URL', ''),\n    'token': os.environ.get('OKTA_TOKEN', ''),\n    'rateLimit': {\n        'maxRetries': 5\n    }\n}\n\n# Initialize the Okta client\nokta_client = OktaClient(config)\n\n# Example: List users\ntry:\n    # list_users() returns (users_list, response_object, error)\n    users, response, err = okta_client.list_users()\n    if err:\n        print(f\"Error listing users: {err}\")\n    elif users:\n        print(f\"Successfully retrieved {len(users)} users. Showing first 3:\")\n        for i, user in enumerate(users[:3]):\n            print(f\"- User ID: {user.id}, Login: {user.profile.login}\")\n    else:\n        print(\"No users found or empty response.\")\nexcept Exception as e:\n    print(f\"An unexpected error occurred: {e}\")\n\n# To run this example, set the following environment variables:\n# export OKTA_ORG_URL=\"https://your-okta-domain.okta.com\"\n# export OKTA_TOKEN=\"your_okta_api_token\"","lang":"python","description":"Initialize the Okta client using environment variables for sensitive configuration and perform a basic API call to list users. This example demonstrates configuring the client with an API token for basic authentication. For OAuth 2.0 or private key authentication, the configuration dictionary would differ."},"warnings":[{"fix":"Review the official Okta Python SDK migration guide and updated documentation for 3.x.x to adapt your code to the new API structures and endpoints.","message":"Version 3.0.0 introduced significant breaking changes by upgrading the SDK to OpenAPI Specification (OAS3.0). This may affect method signatures, request/response object structures, and API endpoint availability compared to 2.x.x versions.","severity":"breaking","affected_versions":">=3.0.0 (when migrating from <3.0.0)"},{"fix":"Upgrade to version 3.2.0 or later to resolve the OAuth access token request issue and ensure proper authentication via OAuth 2.0.","message":"Versions 3.0.0 and 3.1.0 contain a critical bug that causes malformed requests for OAuth access tokens, preventing successful authentication via OAuth 2.0 client credentials or other OAuth flows.","severity":"breaking","affected_versions":"3.0.0, 3.1.0"},{"fix":"Upgrade to version 2.9.9 or later to ensure correct placement of `client_assertion` in the request body for client credentials authentication.","message":"Prior to version 2.9.9, the `client_assertion` JWT for client credentials flow was incorrectly placed in the URL query parameters instead of the request body, potentially causing authentication failures or security concerns.","severity":"gotcha","affected_versions":"<2.9.9"},{"fix":"Upgrade to version 2.9.13 or later to benefit from improved OAuth 2.0 token management, including automatic expiration and renewal.","message":"In versions prior to 2.9.13, the SDK might not properly handle the expiration and renewal of OAuth 2.0 access tokens, potentially leading to errors when tokens expire during long-running operations.","severity":"gotcha","affected_versions":"<2.9.13"},{"fix":"Upgrade to version 3.3.0 or later to ensure robust handling of unknown `signOnMode` values in Application objects, preventing deserialization errors.","message":"Prior to version 3.3.0, the SDK might fail to deserialize or gracefully handle Application objects with unknown `signOnMode` values, leading to errors when retrieving application data if new modes are introduced by Okta.","severity":"gotcha","affected_versions":"<3.3.0"}],"env_vars":null,"last_verified":"2026-04-12T00:00:00.000Z","next_check":"2026-07-11T00:00:00.000Z"}