post merge cleanup

Author: stephenkiers

clients/admin-ui/src/features/config-wizard/AuthenticateOktaForm.tsx

@@ -165,17 +165,6 @@ const AuthenticateOktaForm = () => {
                     need to create an API Services application in Okta and
                     generate an RSA key pair.
                   </Text>
-                  <Text fontSize="sm" color="gray.600">
-                    Need help setting up?{" "}
-                    <a
-                      href="https://ethyca.com/docs/guides/okta_privatekey_setup"
-                      target="_blank"
-                      rel="noopener noreferrer"
-                      style={{ textDecoration: "underline" }}
-                    >
-                      View setup guide
-                    </a>
-                  </Text>
                 </Box>
                 <Stack>
                   <CustomTextInput

src/fides/api/service/connectors/okta_http_client.py

@@ -112,7 +112,10 @@ def __init__(
 
     @staticmethod
     def _parse_jwk(private_key: Union[str, PrivateJwk]) -> PrivateJwk:
-        """Parse and validate a private key in JWK format.
+        """Parse private key from string or dict.
+
+        Note: Full validation (kty, 'd' param) is done by OktaSchema.
+        This method handles string→dict conversion for already-validated secrets.
 
         Args:
             private_key: JWK as either a JSON string or dict
@@ -121,23 +124,15 @@ def _parse_jwk(private_key: Union[str, PrivateJwk]) -> PrivateJwk:
             Parsed JWK dictionary
 
         Raises:
-            ValueError: If key is not valid JSON or missing 'd' parameter
+            ValueError: If key is not valid JSON
         """
-        jwk_dict: PrivateJwk
         if isinstance(private_key, dict):
-            jwk_dict = private_key
-        else:
-            try:
-                jwk_dict = json.loads(private_key.strip())
-            except json.JSONDecodeError as exc:
-                raise ValueError(
-                    "Private key must be valid JSON or a dictionary."
-                ) from exc
+            return private_key
 
-        if "d" not in jwk_dict:
-            raise ValueError("JWK is not a private key (missing 'd' parameter).")
-
-        return jwk_dict
+        try:
+            return json.loads(private_key.strip())
+        except json.JSONDecodeError as exc:
+            raise ValueError("Private key must be valid JSON.") from exc
 
     @staticmethod
     def _determine_alg_from_jwk(jwk: PrivateJwk) -> str:

tests/ops/service/connectors/test_okta_http_client.py

@@ -337,17 +337,13 @@ def test_parse_jwk_accepts_dict(self):
         parsed = OktaHttpClient._parse_jwk(RSA_JWK)
         assert parsed["kid"] == RSA_JWK["kid"]
 
-    def test_parse_jwk_validates_dict_missing_d(self):
+    def test_parse_jwk_accepts_dict_without_d(self):
+        # _parse_jwk no longer validates 'd' - that's done by OktaSchema
+        # This tests that dict passthrough works regardless of content
         public_jwk = RSA_JWK.copy()
         del public_jwk["d"]
-        with pytest.raises(ValueError, match="not a private key"):
-            OktaHttpClient._parse_jwk(public_jwk)
-
-    def test_parse_jwk_validates_private_key(self):
-        public_jwk = RSA_JWK.copy()
-        del public_jwk["d"]
-        with pytest.raises(ValueError):
-            OktaHttpClient._parse_jwk(json.dumps(public_jwk))
+        parsed = OktaHttpClient._parse_jwk(public_jwk)
+        assert parsed["kid"] == RSA_JWK["kid"]
 
     def test_parse_jwk_round_trip(self):
         parsed = OktaHttpClient._parse_jwk(json.dumps(RSA_JWK))