terraform-provider-okta: app_user_schema_property: cannot use country code & language code data types

I don’t have any new status on this issue.

I’ll have to add this in to okta_app_user_schema_property now, re-opening

I have created an internal ticket to address this issue (OKTA-486203)

A quick update from Okta:

Hi Erel, I’m Dawoud, with the Developer Support team at Okta, and I’ll be assisting you with this. Thank you for passing this information across, I will try to have the docs updated to elaborate on how ‘format’ would be utilized. Thank You, Dawoud Tabboush Senior Developer Support Engineer (APAC) Okta Global Customer Care

Thank you, @monde, I appreciate the detailed answer. It is unfortunate that this is the case since it is possible to select a field of this type through the UI itself. I would love to hear as long as there are updates to adding an official API, and in the meantime - I would definitely consider adding a cURL provider.

@E-RELevant I have some better information from my colleague @noinarisak. Thanks for being patient with me while trying to run this down. What you are trying to do is create a custom property of type string, with format country-code or language-code (per your examples). Side note: all of the Okta formats are uri, date-time, email, ref-id, encrypted, hashed, country-code, language-code, locale, timezone.

Here is a curl example:

curl --location --request POST 'https://xxx.okta.com/api/v1/meta/schemas/apps/0oa4cthzyqgFj8ISJ5d7/default' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'Authorization: SSWS _SCRUBED_' \
--header 'Cookie: JSESSIONID=xxx' \
--data-raw '{
    "definitions": {
        "custom": {
            "id": "#custom",
            "type": "object",
            "properties": {
                "xCustomCountryCode": {
                    "title": "xCustom Country Code",
                    "description": "XCustom Country Code Dude",
                    "type": "string",
                    "required": false,
                    "format": "country-code"
                }
            },
            "required": []
        }
    }
}'

If the Terraform provider supported this, a config might look like:

resource "okta_app_oauth" "example" {
  label                      = "example"
  type                       = "web"
  grant_types                = ["authorization_code"]
  redirect_uris              = ["https://example.com/"]
  response_types             = ["code"]
}

resource "okta_app_user_schema_property" "example" {
  app_id      = okta_app_oauth.example.id
  index       = "xcustomCountryCode"
  title       = "X Custom Country Code"
  type        = "string"
  master      = "PROFILE_MASTER"

  # this is an example, okta_app_user_schema_property does not support format
  format = "country-code"
}

However, if you look at the public API documentation for POST /api/v1/meta/schemas/apps/${appId}/default https://developer.okta.com/docs/reference/api/schemas/#app-user-profile-schema-property-object you’ll notice format is not documented in the schemas, but there are some examples where format is set to email.

Unfortunately, as a rule, we don’t call internal API endpoints from the terraform provider, and we don’t call public API endpoints with undocumented attributes. That said, this seems like it is in the gray zone for not supporting undocumented attributes when the examples do reference a format. Also, this code path goes through okta-sdk-golang so we’d need to get that updated first.

I don’t have a timeline on when we might fix this. But as @noinarisak pointed out to me, we can at least show you how to call the public API with an undocumented parameter. Perhaps you could add a curl provider to perform this action in your tf config.

@E-RELevant I will ask around internally and see if I can get an exact answer for you.