oktadev-blog
antony
Shouldn’t the grant type be Authorization Code instead of Implicit? The sample code appears to exchange the auth code for a token.
antony
Shouldn’t the grant type be Authorization Code instead of Implicit? The sample code appears to exchange the auth code for a token.
Seth
What configuration setting has to be set to allow CodeIdToken? I get the following error: ‘unsupported_response_type’. Error_Description (may be empty): ‘The response type is not supported by the authorization server. Configured response types: [token, code].’
Seth
The answer was this in case anyone else runs into this problem: check that you have Implicit flow with ID token enabled in Okta under Admin >> Application >> OIDC application >> General >> Allowed grant types >> Implicit >> Allow ID Token with implicit grant type
Sadjad Bahmanpour
Is there a such notion as common end point in okta? I need to setup asp.net core auth stack to be used by a multi-tenant application, so we don’t know the organization url at startup time, we know when they login.
Bin Sun
I followed this tutorial. It seems to have one issue - The logout is not working properly. Although the about page shows the user is not authenticated after logout, click login does not prompt user for user name and password. There are some hints suggested to add OpenIdConnectAuthenticationDefaults.AuthenticationType as a parameter to Signout method. Then I get 400 bad request error complaining invalid id token (actually the id_token_hint cannot be found in the signout request to Okta server).
Johan Johansson
I followed this and get this message on login. “Unable to retrieve document from: 'https://xxxx.okta.com/oauth…”. Opening this url gives me {“errorCode”:“E0000015”,“errorSummary”:“You do not have permission to access the feature you are requesting”,“errorLink”:“E0000015”,“errorId”:
But as far as I can see I have assigned the the applcaition to the user I am authenticated as… any ideas please?
Bin Sun
I am also using Okta for a multi-tenant application. I set AuthenticationType to unique string value for each tenant, and it seems to be working. Tenants can be recognized by url, and based on url, the authority url (or uri) can be retrieved from database.
Maicon Martins Felicio
Hi Folks, i’m a begginer in Vuejs and I can’t install npm okata value by command “npm install --save @okta/okta-vue”, i get error message, could anybody help me?
npm WARN rollback Rolling back node-pre-gyp@0.12.0 failed (this is probably harmless): EPERM: operation not permitted, rmdir 'C:\Users\maico\Downloads\vue-material-dashboard-pro-v1.3.1\vue-material-dashboard-pro-v1.3.1\node_modules\fsevents\node_modules’
npm WARN @fullcalendar/timegrid@4.3.0 requires a peer of @fullcalendar/core@~4.3.0 but none is installed. You must install peer dependencies yourself.
npm WARN @fullcalendar/daygrid@4.3.0 requires a peer of @fullcalendar/core@~4.3.0 but none is installed. You must install peer dependencies yourself.
npm WARN eslint-plugin-prettier@3.1.0 requires a peer of eslint@>= 5.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN eslint-plugin-vue@5.2.2 requires a peer of eslint@^5.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN vue-eslint-parser@5.0.0 requires a peer of eslint@^5.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.9 (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.9: wanted {“os”:“darwin”,“arch”:“any”} (current: {“os”:“win32”,“arch”:“x64”})
Matt Raible
This looks like a permissions issue on your hard drive, but I’m not sure. Can you please enter this as an issue for the Vue SDK on GitHub?
Andrew
getting this:
Server Error in ‘/’ Application.
A task was canceled.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Threading.Tasks.TaskCanceledException: A task was canceled.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[TaskCanceledException: A task was canceled.]
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +167
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
Microsoft.IdentityModel.Protocols.<getdocumentasync>d__8.MoveNext() +360
[IOException: IDX20804: Unable to retrieve document from: ‘[PII is hidden by default. Set the ‘ShowPII’ flag in IdentityModelEventSource.cs to true to reveal it.]’.]
Nathaniel
Followed the tutorial to a T but am running into this error when clicking the Login button
Invalid postback or callback argument. Event validation is enabled using <pages enableeventvalidation=“true”/> in configuration or <%@ Page EnableEventValidation=“true” %> in a page. For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them. If the data is valid and expected, use the ClientScriptManager.RegisterForEventValidation method in order to register the postback or callback data for validation.
Alain Osorio Rodriguez
Hi @disqus_Z2M5ijnkWw , i’m facing exactly your same issue. Did you find out how to fix it?
Tarlok Thakur
Hi,
Above code is working fine on localhost but when I am deploying same code on server getting below error:
Invalid_grant
Description: An unhandled exception occurred during
the execution of the current web request. Please review the stack trace
for more information about the error and where it originated in the
code.
Exception Details: System.Exception: invalid_grant
Please help me.
Thanks
Tarlok Singh
Jake Durell
I am getting this error among others: TokenClient does not contain a constructor that takes 3 arguments
Stuart Smith
Anybody with issues with logout use this in the following: protected void Unnamed_LoggingOut(object sender, LoginCancelEventArgs e)
{
HttpContext context = HttpContext.Current;
if (context.User.Identity.IsAuthenticated)
{
context.GetOwinContext().Authentication.SignOut(CookieAuthenticationDefaults.AuthenticationType, OpenIdConnectAuthenticationDefaults.AuthenticationType);
Response.Redirect(“Default.aspx”);
}
}
Abdul Khan
Is there a way to implement it using visual studio 2008 and .net framework 3.5? How open id along with okta is supported for legacy application ?
leebrandt
Generally, you just need to add the startup.cs file. That’s where OIDC does it’s magic. But I believe it SHOULD work with .NET Fx 3.5. I don’t have access to a machine to test it for sure, but it should work.
Brett Huffman
Jake - did you ever find a solution to this? I’m having the same problem. I can’t imagine how they got this to work.
Paul Snyder
I am getting the error “ClientId is not declared. It may be inaccessible due to its protection level” from the line “ClientId = _clientId,”.
My web.config file has the <appsettings> section before the <system.web> inside <configuration>. thoughts?
Andy
Replace the following part
var tokenClient = new TokenClient($"{_authority}/v1/token", _clientId, _clientSecret);
var tokenResponse = await tokenClient.RequestAuthorizationCodeAsync(n.Code, _redirectUri);
with this:
var client = new HttpClient();
var tokenResponse = await client.RequestAuthorizationCodeTokenAsync(new AuthorizationCodeTokenRequest
{
Address = $"{_authority}/v1/token",
ClientId = _clientId,
ClientSecret = _clientSecret,
Code = n.Code,
RedirectUri = _redirectUri,
});
Eric Kreger
I have run into an issue where i have a valid user but their permissions have been removed from the application in Okta. After the user logs in they receive the following error:
“OpenIdConnectMessage.Error was not null, indicating an error. Error: ‘access_denied’. Error_Description (may be empty): ‘User is not assigned to the client application.’. Error_Uri (may be empty): ‘’.”
Researching that issued i found that i need to implement the OpenIdConnectAuthenticationNotifications AuthenticationFailed method in the startup. When i do that and try to redirect the user to a Access Denied page, I am receiving a 400 Bad Request on the page. Can anyone shed light on how to address this scenario?
Shawn Xie
Hello, how can I pass uilocales that contains language information to authentication service?
Dave Ayiku
I followed the example above and I am receiving an error in the Startup.cs class file. The error is on the UserInfoClient
the type or namespace ‘UserInfoClient’ could not be found
Is there any information on how to fix this issue?
Dave Ayiku
For anybody tracking this item, I was able to resolve the issue reported by using the earlier release (version 3.8.0) for the IdentityModel.
Satish Neelakantam
I am integrating OKTA in the existing .NET Framework Web Application. I have followed all the steps as mentioned in this Article. Currently the application is using AD Authentication. All the authentication functionality was written in Session_Start of Global.asax.cs page. So, I have added the below lines of code in the same event to have OKTA authentication.
if (!Request.IsAuthenticated)
{
HttpContext.Current.GetOwinContext().Authentication.Challenge(
new AuthenticationProperties { RedirectUri = “/” },
OpenIdConnectAuthenticationDefaults.AuthenticationType);
}
I am getting the following error:
IDX20803: Unable to obtain configuration from: ‘[PII is hidden]’.
Help required please.
Sudheendra Rao
UserInfoClient is not getting resolved for me. it Say Type or namespace could not be found
Sudheendra Rao
I am still not able to logout with this code. I have a login button on Navigation Bar and when i click on page load i call your code and instead of going to default from Logout page it goes to page not found
satish p
I am getting error like TokenClient doesnot contain constructor that takes 3 arguments.
var tokenClient = new TokenClient($"{_authority}/v1/token", _clientId, _clientSecret);
Sarjen Test
Is there a way to implement it using visual studio 20012 and .net framework 2.0 or 3.5?
Sarjen Test
Is there a way to implement it using visual studio 20012 and .net framework 2.0 or 3.5?
Niraj Khose
I have same issue with just instead on access_denied I am getting invalid_grant. I am using .NET 4.5.2. Has this been resolved?
David Laskey
Frustrating. Still left with one error. In the startup.cd file
The line : var userInfoResponse = await userInfoClient.GetAsync(tokenResponse.AccessToken);
is throwing : Cannot assign void to an implicitly-typed variable
Richard Corkery
I, and a few others, had an issue with the logout process. I was able to get this resolved by adding the code shown below in Startup.cs. The new code is placed under the n.AuthenticationTicket.Identity.AddClaims(claims); line shown above in the original post. I include that line to identify where the new code should be placed. The new code starts with: RedirectToIdentityProvider.
I hope this helps someone else since I spent hours trying to figure it out.
n.AuthenticationTicket.Identity.AddClaims(claims);
},
RedirectToIdentityProvider = n =>
{
// If signing out, add the id_token_hint
if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.Logout)
{
var idTokenClaim = n.OwinContext.Authentication.User.FindFirst(“id_token”);
if (idTokenClaim != null)
{
n.ProtocolMessage.IdTokenHint = idTokenClaim.Value;
}
}
return Task.CompletedTask;
}
Stan
I was getting this same error, however Dave Ayiku’s suggestion helped solve the problem for me. Try uninstalling the NuGet package for the IdentityModel package and then re-installing it as version 3.8.0. That seemed to resolve the error
Mark Hatoum
Is there some documentation on Web Forms using OWIN with ResponseType = OpenIdConnectResponseType.Code?
We are restricted from using the Implicit (Hybrid) / ID Token option on our instance of OKTA.
1 reply
Joseph Jones
Hi
I have converted the above c# code to VB and I get the following error:
UserInfoClient’ is not defined.
Overload resolution failed because no accessible ‘New’ accepts this number of arguments
RequestAuthorizationCodeAsync’ is not a member of 'TokenClient’
Can anyone, please help me on this, thanks
Joseph Jones
Hi,
I am trying OKTA OpenID Connect in ASP.NET in Visual basic. I got the following error message:
IDX20108: The address specified ‘[PII is hidden]’ is not valid as per HTTPS scheme. Please specify an https address for security reasons. If you want to test with http address, set the RequireHttps property on IDocumentRetriever to false.
Parameter name: address
Can anyone please help me to resolve this error?
Thanks
Joseph
Richard Corkery
I could be wrong. But did you assign the user (yourself) to the okta application?
I am having trouble incorporating this into an existing asp.net application when I update to NewtonSoft.json version 13.03 the Okta Login code fails.
I am doing testing with this example, but get this error when I attempt to login:
Any thoughts?
@ Satish Neelakantam I have similar application which uses the AD authentication and I have the same issue you had… Did your issue got resolved?