Asp .net core, Swagger and OAuth2

Hi

I have defined an application in okta, which its “Client authentication” is “Use PKCE”.

I have defined this “SecurityDefinition” in swagger of my asp.net core app :

 options.AddSecurityDefinition("OAuth2", new OpenApiSecurityScheme
        {
            Type = SecuritySchemeType.OAuth2,

            Flows = new OpenApiOAuthFlows
            {
                AuthorizationCode = new OpenApiOAuthFlow
                {
                    AuthorizationUrl = new Uri("https://my.okta.com/oauth2/v1/authorize"),
                    TokenUrl = new Uri("https://my.okta.com/oauth2/v1/token"),
                    Scopes = new Dictionary<string, string>
                        {
                        { "openid", "desc" }, { "profile", "desc" }, { "email", "desc" }
                        },
                }
            },
            Description = "Balea Server OpenId Security Scheme"
        });

  app.UseSwaggerUI(options =>
            {
            options.RoutePrefix = "docs";
          
            options.OAuthScopeSeparator(",");
            options.OAuthUsePkce();
            });

When I open swagger and enter clientid in (I clear client secret), and click “Authorize” I get this error :

PKCE+code+challenge+is+required+when+the+token+endpoint+authentication+method+is+‘NONE’

is the code challenge correctly included in the request?
the code_challenge and code_challenge_method parameters need to be passed if the PKCE extension is used and the browser developer tools will show if these are indeed included and correctly set

No code_challenge nor code_challenge_method is passed to request.

okta1557×855 74.5 KB

Please see this Okta for .net and configure swagger to use Implicit returns different issuer

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.