Skip to content
This repository was archived by the owner on Apr 28, 2026. It is now read-only.

reflex-dev/reflex-okta-auth

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
.github
.github
 
 
demos
demos
 
 
reflex_okta_auth
reflex_okta_auth
 
 
.gitignore
.gitignore
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
README.md
README.md
 
 
pyproject.toml
pyproject.toml
 
 
uv.lock
uv.lock
 
 

Repository files navigation

reflex-okta-auth

This repository is archived. Use the OIDC support built into the reflex-enterprise package instead.

Notably, this package stores tokens in LocalStorage, which is readable by any script running on the page (e.g. via XSS). The reflex-enterprise OIDC state stores tokens in HttpOnly, Secure, SameSite=Strict cookies, and additionally provides refresh tokens with cross-tab sync, nonce / at_hash validation, and granted-scope tracking. Functionally, anything this package does is also covered there.

Migrating

Subclass OIDCAuthState with __provider__ = "okta" — the same OKTA_CLIENT_ID, OKTA_CLIENT_SECRET, and OKTA_ISSUER_URI env vars are picked up automatically (config lookup is {PROVIDER}_*):

import reflex as rx
from reflex_enterprise.auth.oidc.state import OIDCAuthState

class OktaAuthState(OIDCAuthState, rx.State):
    __provider__ = "okta"

Render the login button — endpoints are registered automatically on first use, so no explicit register_auth_endpoints(app) call is needed:

OktaAuthState.get_login_button("Log In with Okta")

Logout (redirect_to_logout) and userinfo keep the same names and shape.

Legacy usage (deprecated)

This package requires the reflex_enterprise package to be installed.

Installation

pip install reflex-okta-auth

Usage

Set Up Okta Application

Create a new Application and set up a .env file with the following variables:

OKTA_CLIENT_ID=your_client_id
OKTA_CLIENT_SECRET=your_client_secret
OKTA_ISSUER_URI=your oauth issuer uri

Reflex will need to access these variables to authenticate users.

Register Auth Callback

from reflex_enterprise import App
from reflex_okta_auth import register_auth_endpoints

...

app = App()
register_auth_endpoints(app)

Check OktaAuthState.userinfo for user identity/validity

import reflex as rx
from reflex_okta_auth import OktaAuthState

@rx.page()
def index():
    return rx.container(
        rx.vstack(
            rx.heading("Okta Auth Demo"),
            rx.cond(
                rx.State.is_hydrated,
                rx.cond(
                    OktaAuthState.userinfo,
                    rx.vstack(
                        rx.text(f"Welcome, {OktaAuthState.userinfo["name"]}!"),
                        rx.text(OktaAuthState.userinfo.to_string()),
                        rx.button("Logout", on_click=OktaAuthState.redirect_to_logout),
                    ),
                    rx.button("Log In with Okta", on_click=OktaAuthState.redirect_to_login),
                ),
                rx.spinner(),
            ),
        ),
    )

Validate the Tokens

Before performing privileged backend operations, it is important to validate the tokens to ensure they have not been tampered with. Use OktaAuthState._validate_tokens() helper method to validate the tokens.

About

Integration with Okta SSO (enterprise)

Resources

Readme
Activity
Custom properties

Stars

2 stars

Watchers

0 watching

Forks

2 forks
Report repository

Releases 6

v0.2.1 Latest
Nov 20, 2025
+ 5 releases

Packages

 
 
 

Contributors

Languages