updated docs

README.md

@@ -13,7 +13,7 @@ The `@stackql/provider-utils` package offers several utilities that this provide
 To use the Okta provider with StackQL, you'll need:
 
 1. An Okta account with appropriate API credentials
-2. An Okta API token with sufficient permissions for the resources you want to access
+2. An Okta API token with sufficient permissions for the resources you want to access, export this as `OKTA_API_TOKEN`
 3. StackQL CLI installed on your system (see [StackQL](https://github.com/stackql/stackql))
 
 ### 1. Download the Open API Specification
@@ -76,7 +76,7 @@ npm run generate-provider -- \
   --output-dir provider-dev/openapi/src/okta \
   --config-path provider-dev/config/all_services.csv \
   --servers '[{"url": "https://{subdomain}.okta.com/", "variables": {"subdomain": {"default": "my-org","description": "The domain of your organization. This can be a provided subdomain of an official okta domain (okta.com, oktapreview.com, etc) or one of your configured custom domains."}}}]' \
-  --provider-config '{"config": {"auth": {"credentialsenvvar": "OKTA_API_TOKEN","type": "api_key","valuePrefix": "SSWS "}}}' \
+  --provider-config '{"auth": {"credentialsenvvar": "OKTA_API_TOKEN","type": "api_key","valuePrefix": "SSWS "}}' \
   --skip-files _well_known.yaml \
   --overwrite
 ```
@@ -144,7 +144,7 @@ To publish the provider push the `okta` dir to `providers/src` in a feature bran
 Launch the StackQL shell:
 
 ```bash
-export DEV_REG="{ \"url\": \"https://registry-dev.stackql.app/providers\" }"
+export DEV_REG="{ \"url\": \"https://registry-dev.stackql.app/providers\", \"verifyConfig\": { \"nopVerify\": true }}"
 ./stackql --registry="${DEV_REG}" shell
 ```
 
@@ -154,7 +154,24 @@ pull the latest dev `okta` provider:
 registry pull okta;
 ```
 
-Run some test queries
+Run some test queries, for example...
+
+```sql
+SELECT
+id,
+activated,
+created,
+lastLogin,
+lastUpdated,
+passwordChanged,
+JSON_EXTRACT(profile, '$.email') as email,
+JSON_EXTRACT(profile, '$.firstName') as first_name,
+JSON_EXTRACT(profile, '$.lastName') as last_name,
+status,
+statusChanged
+FROM okta.users.users
+WHERE subdomain = 'your-subdomain';
+```
 
 ### 7. Generate web docs
 

package.json

@@ -15,7 +15,7 @@
   },
   "dependencies": {
     "@stackql/pgwire-lite": "^1.0.1",
-    "@stackql/provider-utils": "^0.4.1"
+    "@stackql/provider-utils": "^0.4.2"
   },
   "keywords": [
     "stackql",

provider-dev/openapi/src/okta/v00.00.00000/provider.yaml

@@ -498,8 +498,7 @@ providerServices:
     version: v00.00.00000
     description: okta zones API
 config:
-  config:
-    auth:
-      credentialsenvvar: OKTA_API_TOKEN
-      type: api_key
-      valuePrefix: 'SSWS '
+  auth:
+    credentialsenvvar: OKTA_API_TOKEN
+    type: api_key
+    valuePrefix: 'SSWS '

provider-dev/openapi/src/okta/v00.00.00000/services/authorizationservers.yaml

@@ -556,7 +556,7 @@ paths:
         > **Note:** To list a specific user's client resources for which they
         have tokens or grants, use the [List all clients endpoint in the User
         Resources
-        API](https://developer.okta.com/docs/apihttps://developer.okta.com/docs/apihttps://developer.okta.com/docs/apihttps://developer.okta.com/docs/api/openapi/okta-management/management/tag/UserResources/#tag/UserResources/operation/listUserClients).
+        API](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/UserResources/#tag/UserResources/operation/listUserClients).
       operationId: listOAuth2ClientsForAuthorizationServer
       responses:
         '200':
@@ -1482,10 +1482,10 @@ paths:
 
         > **Note:** This API doesn't allow you to add a key if the existing key
         doesn't have a `kid`. Use the [Replace an Authorization
-        Server](https://developer.okta.com/docs/apihttps://developer.okta.com/docs/apihttps://developer.okta.com/docs/apihttps://developer.okta.com/docs/api/openapi/okta-management/management/tag/AuthorizationServer/#tag/AuthorizationServer/operation/replaceAuthorizationServer)
+        Server](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/AuthorizationServer/#tag/AuthorizationServer/operation/replaceAuthorizationServer)
         operation to update the JWKS or [Delete a Custom Authorization Server
         Public JSON Web
-        Key](https://developer.okta.com/docs/apihttps://developer.okta.com/docs/apihttps://developer.okta.com/docs/apihttps://developer.okta.com/docs/api/openapi/okta-management/management/tag/OAuth2ResourceServerCredentialsKeys/#tag/OAuth2ResourceServerCredentialsKeys/operation/deleteOAuth2ResourceServerJsonWebKey)
+        Key](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/OAuth2ResourceServerCredentialsKeys/#tag/OAuth2ResourceServerCredentialsKeys/operation/deleteOAuth2ResourceServerJsonWebKey)
         and re-add the key with a `kid`.
 
         > **Note:** This API doesn't allow you to add a key with an ACTIVE

provider-dev/openapi/src/okta/v00.00.00000/services/devices.yaml

@@ -13,7 +13,7 @@ paths:
 
         >**Note:** To list all devices enrolled by a user, use the [List all
         devices endpoint in the User Resources
-        API](https://developer.okta.com/docs/apihttps://developer.okta.com/docs/apihttps://developer.okta.com/docs/apihttps://developer.okta.com/docs/api/openapi/okta-management/management/tag/UserResources/#tag/UserResources/operation/listUserDevices).
+        API](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/UserResources/#tag/UserResources/operation/listUserDevices).
 
 
         You can return a subset of devices that match a supported search
@@ -190,7 +190,7 @@ paths:
         Deletes (permanently) a device by `deviceId` if it has a status of
         `DEACTIVATED`. You can transition the device to `DEACTIVATED` status
         using the [Deactivate a
-        Device](https://developer.okta.com/docs/apihttps://developer.okta.com/docs/apihttps://developer.okta.com/docs/apihttps://developer.okta.com/docs/api/openapi/okta-management/management/tag/Device/#tag/Device/operation/deactivateDevice)
+        Device](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Device/#tag/Device/operation/deactivateDevice)
         endpoint.
 
         This request is destructive and deletes all of the profile data related
@@ -663,7 +663,7 @@ components:
           type: string
           description: >-
             The ID of the realm in which the user is residing. See
-            [Realms](https://developer.okta.com/docs/apihttps://developer.okta.com/docs/apihttps://developer.okta.com/docs/apihttps://developer.okta.com/docs/api/openapi/okta-management/management/tag/Realm/).
+            [Realms](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Realm/).
           example: guo1bfiNtSnZYILxO0g4
           readOnly: true
         status:
@@ -690,7 +690,7 @@ components:
           description: >-
             The user type that determines the schema for the user's profile. The
             `type` property is a map that identifies the [User
-            Types](https://developer.okta.com/docs/apihttps://developer.okta.com/docs/apihttps://developer.okta.com/docs/apihttps://developer.okta.com/docs/apihttps://developer.okta.com/docs/api/openapi/okta-management/management/tag/UserType/#tag/UserType).
+            Types](https://developer.okta.com/docs/apihttps://developer.okta.com/docs/api/openapi/okta-management/management/tag/UserType/#tag/UserType).
 
 
             Currently it contains a single element, `id`. It can be specified
@@ -728,9 +728,9 @@ components:
 
             For a collection of users, the links object contains only the `self`
             link. Operations that return a collection of users include [List all
-            users](https://developer.okta.com/docs/apihttps://developer.okta.com/docs/apihttps://developer.okta.com/docs/apihttps://developer.okta.com/docs/apihttps://developer.okta.com/docs/api/openapi/okta-management/management/tag/User/#tag/User/operation/listUsers)
+            users](https://developer.okta.com/docs/apihttps://developer.okta.com/docs/api/openapi/okta-management/management/tag/User/#tag/User/operation/listUsers)
             and [List all group member
-            users](https://developer.okta.com/docs/apihttps://developer.okta.com/docs/apihttps://developer.okta.com/docs/apihttps://developer.okta.com/docs/apihttps://developer.okta.com/docs/api/openapi/okta-management/management/tag/Group/#tag/Group/operation/listGroupUsers).
+            users](https://developer.okta.com/docs/apihttps://developer.okta.com/docs/api/openapi/okta-management/management/tag/Group/#tag/Group/operation/listGroupUsers).
           allOf:
             - $ref: '#/components/schemas/LinksSelf'
             - type: object
@@ -908,15 +908,15 @@ components:
         [pattern](https://developer.okta.com/docs/reference/api/schemas/#login-pattern-validation)
         for `login`. You can use the Profile Editor in the Admin Console or the
         [Schemas
-        API](https://developer.okta.com/docs/apihttps://developer.okta.com/docs/apihttps://developer.okta.com/docs/apihttps://developer.okta.com/docs/apihttps://developer.okta.com/docs/api/openapi/okta-management/management/tag/UISchema/#tag/UISchema)
+        API](https://developer.okta.com/docs/apihttps://developer.okta.com/docs/api/openapi/okta-management/management/tag/UISchema/#tag/UISchema)
         to make schema modifications.
 
 
         You can extend user profiles with custom properties. You must first add
         the custom property to the user profile schema before you reference it.
 
         You can use the Profile Editor in the Admin Console or the [Schemas
-        API](https://developer.okta.com/docs/apihttps://developer.okta.com/docs/apihttps://developer.okta.com/docs/apihttps://developer.okta.com/docs/apihttps://developer.okta.com/docs/api/openapi/okta-management/management/tag/UISchema/#tag/UISchema)
+        API](https://developer.okta.com/docs/apihttps://developer.okta.com/docs/api/openapi/okta-management/management/tag/UISchema/#tag/UISchema)
         to manage schema extensions.
 
 
@@ -1023,7 +1023,7 @@ components:
             that include @-signs. (By default, usernames must be formatted as
             email addresses and thus always include @-signs. You can remove that
             restriction using either the Admin Console or the [Schemas
-            API](https://developer.okta.com/docs/apihttps://developer.okta.com/docs/apihttps://developer.okta.com/docs/apihttps://developer.okta.com/docs/apihttps://developer.okta.com/docs/api/openapi/okta-management/management/tag/Schema/).
+            API](https://developer.okta.com/docs/apihttps://developer.okta.com/docs/api/openapi/okta-management/management/tag/Schema/).
             Users can sign in with their non-qualified short name (for example:
             isaac.brock with username isaac.brock@example.com) as long as the
             short name is still unique within the organization.
@@ -1264,7 +1264,7 @@ components:
         from some other store. Okta supports the BCRYPT, SHA-512, SHA-256,
         SHA-1, MD5, and PBKDF2 hash functions for password import.
          A hashed password may be specified in a password object when creating or updating a user, but not for other operations.
-         See the [Create user with imported hashed password](https://developer.okta.com/docs/apihttps://developer.okta.com/docs/apihttps://developer.okta.com/docs/apihttps://developer.okta.com/docs/apihttps://developer.okta.com/docs/api/openapi/okta-management/management/tag/User/#create-user-with-imported-hashed-password) description. When you update a user with a hashed password, the user must be in the `STAGED` status.
+         See the [Create user with imported hashed password](https://developer.okta.com/docs/apihttps://developer.okta.com/docs/api/openapi/okta-management/management/tag/User/#create-user-with-imported-hashed-password) description. When you update a user with a hashed password, the user must be in the `STAGED` status.
       type: object
       properties:
         algorithm:
@@ -1322,7 +1322,7 @@ components:
     PasswordCredentialHook:
       description: >-
         Specify a [password import inline
-        hook](https://developer.okta.com/docs/apihttps://developer.okta.com/docs/apihttps://developer.okta.com/docs/apihttps://developer.okta.com/docs/api/openapi/okta-management/management/tag/InlineHook/#tag/InlineHook/operation/createPasswordImportInlineHook)
+        hook](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/InlineHook/#tag/InlineHook/operation/createPasswordImportInlineHook)
         to trigger verification of the user's password the first time the user
         signs in. This allows an existing password to be imported into Okta
         directly from some other store.

provider-dev/openapi/src/okta/v00.00.00000/services/eventhooks.yaml

@@ -516,7 +516,7 @@ components:
 
 
         > **Note:** Event hook filters is a [self-service Early Access
-        (EA)](https://developer.okta.com/docs/apihttps://developer.okta.com/docs/apihttps://developer.okta.com/docs/api/openapi/okta-management/guides/release-lifecycle/#early-access-ea)
+        (EA)](https://developer.okta.com/docs/api/openapi/okta-management/guides/release-lifecycle/#early-access-ea)
         to enable.
 
         If you want to disable this feature, it's recommended to first remove