vere0 (vere0) asked a question.
Hello,
I'm trying to get user information using the /api/v1/users API but even removing all search criteria the returned list is empty despite the http 200 code return.
My authentication is using CLIENT_ID and PRIVATE_KEY to generate a Token.
My app has the okta.users.read scope.
Get access token code:
OKTA_DOMAIN = "https://<my-company>.okta.com"
OKTA_ISSUER = f"{OKTA_DOMAIN}/oauth2"
CLIENT_ID = "<my-client-id>"
KID = "my-kid"
SCOPE = "okta.users.read"
def load_private_key(pem_file="private_key.pem"):
"""Loads the RSA private key from a PEM file."""
with open(pem_file, "rb") as f:
return serialization.load_pem_private_key(f.read(), password=None)
* Generate JWT assertion
def generate_jwt_assertion(private_key):
jwt_headers = {"alg": "RS256", "kid": KID}
jwt_payload = {
"iss": CLIENT_ID,
"sub": CLIENT_ID,
"aud": f"{OKTA_ISSUER}/v1/token",
"iat": int(time.time()),
"exp": int(time.time()) + 60,
"jti": str(int(time.time() * 1000))
}
return jwt.encode(jwt_payload, private_key, algorithm="RS256", headers=jwt_headers)
* Get access token from Okta
def get_access_token():
"""Retrieves an OAuth access token from Okta."""
private_key = load_private_key()
assertion = generate_jwt_assertion(private_key)
token_url = f"{OKTA_ISSUER}/v1/token"
data = {
"grant_type": "client_credentials",
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"client_assertion": assertion,
"scope": SCOPE
}
response = requests.post(token_url, data=data)
if response.status_code == 200:
return response.json()["access_token"]
else:
raise Exception(f"Error getting token: {response.status_code}, {response.text}")
Get users code:
def get_user_by_github(github_username):
access_token = get_access_token()
headers = {
"Authorization": f"Bearer {access_token}",
"Accept": "application/json"
}
url = f"{OKTA_DOMAIN}/api/v1/users"
response = requests.get(url, headers=headers)
print(response)
print(response.text)
print(response.status_code)
print(response.json())
if response.status_code == 200:
users = response.json()
return users[0] if users else None
else:
raise Exception(f"Error fetching user: {response.status_code}, {response.text}")
Like I said the authentications and permissions seems to be correct since I'm receiving 200 as response code, but the list returned is empty even trying to get all users.
Thanks if someone already face the same problem and could help.
Hello @vere0 (vere0) , thank you for contacting Okta Community!
This issue seems too complex to be addressed here. I recommend that you open a Support ticket (Customer Support Account ID number required) so one of our engineers can analyze it and provide in-depth troubleshooting. You could also provide more details in a ticket that shouldn’t be given here, as this is a public space.
Please note that opening a support ticket is a feature available only to paid accounts. If you do not have a paid account, but are interested in upgrading, you can contact our Sales team.
Regards.
--
Help others in the community by liking or hitting Select as Best if this response helped you.