feat(api): add okta provider support

[danibarranqueroo]

Context

This PR adds API support for the Okta provider on top of the existing SDK work. The goal is to let Prowler Cloud create, validate, store, and test Okta providers through the API with the same auth model exposed by the UI: Okta org domain as provider UID plus raw private key content in the provider secret.

Description

This PR wires Okta into the API provider flow end to end:

• adds okta to the API provider enum and migration
• validates Okta provider UIDs as Okta-managed org domains
• exposes Okta in the OpenAPI spec and provider secret schema
• adds Okta provider secret validation in the API serializers
• maps API provider data into the Okta SDK/provider initialization and connection test flow
• adds API and SDK tests covering Okta provider registration, secret validation, kwargs mapping, and connection testing
• restricts the API Okta secret contract to raw private key content only, which matches the Prowler Cloud UI flow

Steps to review

1. Check the new okta provider support in the API model and migration.
2. Confirm Okta UID validation only accepts valid Okta-managed org domains.
3. Verify the API secret contract for Okta only uses okta_client_id and raw okta_private_key.
4. Review the API-to-provider wiring in api/utils.py for provider init and connection tests.
5. Check the OpenAPI/schema changes match the serializer behavior.
6. Review the added API and SDK tests for Okta create, validation, kwargs mapping, and connection flow.
7. Before real testing, confirm the API dependency points to the SDK branch/commit with these Okta changes.

Checklist

Community Checklist

• This feature/issue is listed in here or roadmap.prowler.com
• Is it assigned to me, if not, request it via the issue/feature in here or Prowler Community Slack

• Review if the code is being covered by tests.
• Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
• Review if backport is needed.
• Review if is needed to change the Readme.md
• Ensure new entries are added to CHANGELOG.md, if applicable.

SDK/CLI

• Are there new checks included in this PR? Yes / No
  • If so, do we need to update permissions for the provider? Please review this carefully.

UI

• All issue/task requirements work as expected on the UI
• If this PR adds or updates npm dependencies, include package-health evidence (maintenance, popularity, known vulnerabilities, license, release age) and explain why existing/native alternatives are insufficient.
• Screenshots/Video of the functionality flow (if applicable) - Mobile (X < 640px)
• Screenshots/Video of the functionality flow (if applicable) - Table (640px > X < 1024px)
• Screenshots/Video of the functionality flow (if applicable) - Desktop (X > 1024px)
• Ensure new entries are added to CHANGELOG.md, if applicable.

API

• All issue/task requirements work as expected on the API
• Endpoint response output (if applicable)
• EXPLAIN ANALYZE output for new/modified queries or indexes (if applicable)
• Performance test results (if applicable)
• Any other relevant evidence of the implementation (if applicable)
• Verify if API specs need to be regenerated.
• Check if version updates are required (e.g., specs, uv, etc.).
• Ensure new entries are added to CHANGELOG.md, if applicable.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[github-actions]

✅ Conflict Markers Resolved

All conflict markers have been successfully resolved in this pull request.

[github-actions]

✅ All necessary CHANGELOG.md files have been updated.

[github-actions]

🔒 osv-scanner: 4 finding(s) in api/uv.lock

Severity gate: HIGH,CRITICAL,UNKNOWN

Severity	ID	Package	Version	Summary
🟠 HIGH (7.5)	GHSA-vfmq-68hx-4jfw	PyPI/lxml	5.3.2	lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files
🟠 HIGH (7)	GHSA-7j59-v9qr-6fq9	PyPI/microsoft-kiota-http	1.9.2	Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect
🟠 HIGH (8.9)	GHSA-mf9v-mfxr-j63j	PyPI/urllib3	2.6.3	urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API
🟠 HIGH (8.2)	GHSA-qccp-gfcp-xxvc	PyPI/urllib3	2.6.3	urllib3: Sensitive headers forwarded across origins in proxied low-level redirects

To accept a finding, add an [[IgnoredVulns]] entry to osv-scanner.toml at the repo root with a reason and ignoreUntil.

_{View run}

[codecov]

Codecov Report

❌ Patch coverage is 97.91667% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 93.66%. Comparing base (3410fc9) to head (4e7d1b0).
⚠️ Report is 5 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff            @@
##           master   #11184    +/-   ##
========================================
  Coverage   93.65%   93.66%            
========================================
  Files         232      242    +10     
  Lines       33968    34409   +441     
========================================
+ Hits        31813    32229   +416     
- Misses       2155     2180    +25     

Flag	Coverage Δ
api	93.66% <97.77%> (+<0.01%)	⬆️
prowler-py3.10-okta	93.93% <100.00%> (?)
prowler-py3.11-okta	93.93% <100.00%> (?)
prowler-py3.12-okta	93.93% <100.00%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
prowler	93.93% <100.00%> (∅)
api	93.66% <97.77%> (+<0.01%)	⬆️

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

🔒 Container Security Scan

Image: prowler-api:807fb6f
Last scan: 2026-05-15 11:10:12 UTC

📊 Vulnerability Summary

Severity	Count
🔴 Critical	15
Total	15

9 package(s) affected

⚠️ Action Required

Critical severity vulnerabilities detected. These should be addressed before merging:

• Review the detailed scan results
• Update affected packages to patched versions
• Consider using a different base image if updates are unavailable

---

📋 Resources:

• Download full report (see artifacts)
• View in Security tab
• Scanned with Trivy

[github-actions]

🔒 Container Security Scan

Image: prowler:807fb6f
Last scan: 2026-05-15 11:06:37 UTC

📊 Vulnerability Summary

Severity	Count
🔴 Critical	6
Total	6

5 package(s) affected

⚠️ Action Required

Critical severity vulnerabilities detected. These should be addressed before merging:

• Review the detailed scan results
• Update affected packages to patched versions
• Consider using a different base image if updates are unavailable

---

📋 Resources:

• Download full report (see artifacts)
• View in Security tab
• Scanned with Trivy