Okta Python SDK

3.4.0 · active · verified Sun Apr 12

The `okta` Python SDK provides a client for interacting with the Okta Management API, enabling developers to manage users, applications, groups, and other Okta resources. It's currently on version 3.4.0 and receives frequent updates, with minor versions released often and major versions (e.g., v3.0.0) introducing significant API changes every few months.

Warnings

breaking Version 3.0.0 introduced significant breaking changes by upgrading the SDK to OpenAPI Specification (OAS3.0). This may affect method signatures, request/response object structures, and API endpoint availability compared to 2.x.x versions.
Fix: Review the official Okta Python SDK migration guide and updated documentation for 3.x.x to adapt your code to the new API structures and endpoints.
breaking Versions 3.0.0 and 3.1.0 contain a critical bug that causes malformed requests for OAuth access tokens, preventing successful authentication via OAuth 2.0 client credentials or other OAuth flows.
Fix: Upgrade to version 3.2.0 or later to resolve the OAuth access token request issue and ensure proper authentication via OAuth 2.0.
gotcha Prior to version 2.9.9, the `client_assertion` JWT for client credentials flow was incorrectly placed in the URL query parameters instead of the request body, potentially causing authentication failures or security concerns.
Fix: Upgrade to version 2.9.9 or later to ensure correct placement of `client_assertion` in the request body for client credentials authentication.
gotcha In versions prior to 2.9.13, the SDK might not properly handle the expiration and renewal of OAuth 2.0 access tokens, potentially leading to errors when tokens expire during long-running operations.
Fix: Upgrade to version 2.9.13 or later to benefit from improved OAuth 2.0 token management, including automatic expiration and renewal.
gotcha Prior to version 3.3.0, the SDK might fail to deserialize or gracefully handle Application objects with unknown `signOnMode` values, leading to errors when retrieving application data if new modes are introduced by Okta.
Fix: Upgrade to version 3.3.0 or later to ensure robust handling of unknown `signOnMode` values in Application objects, preventing deserialization errors.

Install

pip install okta Install latest version

Imports

Client
```
from okta.client import Client
```
The main client class is `Client` and is imported from `okta.client`.

Quickstart

Initialize the Okta client using environment variables for sensitive configuration and perform a basic API call to list users. This example demonstrates configuring the client with an API token for basic authentication. For OAuth 2.0 or private key authentication, the configuration dictionary would differ.

import os
from okta.client import Client as OktaClient

# Configure the Okta client using environment variables
# OKTA_ORG_URL should be your Okta tenant URL, e.g., https://your-org.okta.com
# OKTA_TOKEN should be an API Token with sufficient permissions (e.g., Read only administrator)
config = {
    'orgUrl': os.environ.get('OKTA_ORG_URL', ''),
    'token': os.environ.get('OKTA_TOKEN', ''),
    'rateLimit': {
        'maxRetries': 5
    }
}

# Initialize the Okta client
okta_client = OktaClient(config)

# Example: List users
try:
    # list_users() returns (users_list, response_object, error)
    users, response, err = okta_client.list_users()
    if err:
        print(f"Error listing users: {err}")
    elif users:
        print(f"Successfully retrieved {len(users)} users. Showing first 3:")
        for i, user in enumerate(users[:3]):
            print(f"- User ID: {user.id}, Login: {user.profile.login}")
    else:
        print("No users found or empty response.")
except Exception as e:
    print(f"An unexpected error occurred: {e}")

# To run this example, set the following environment variables:
# export OKTA_ORG_URL="https://your-okta-domain.okta.com"
# export OKTA_TOKEN="your_okta_api_token"

view raw JSON →