ASP.NET Core Web API returns 401 Unauthorized

I have a back-end ASP.NET core 2 web api services to which I want to restrict access. I tried to follow the example scenario described here , when I have implicit flow and my Angular SPA application receives id token and access token. I have my Authentication configured exactly as described in the example in the tutorial

// Add Okta Authentication
services.AddAuthentication(options =>
options.DefaultAuthenticateScheme = OktaDefaults.ApiAuthenticationScheme;
options.DefaultChallengeScheme = OktaDefaults.ApiAuthenticationScheme;
options.DefaultSignInScheme = OktaDefaults.ApiAuthenticationScheme;
.AddOktaWebApi(new OktaWebApiOptions()
OktaDomain = Configuration[“Okta:OktaDomain”],

However, if I try to call the endpoint with an access_token I get a 401 Unauthorized. I’ve tried calling the endpoint both from my Angular SPA and directly Postman but it is always the same. I can, of course, call all other endpoints withut authorization with no problems.

Hey @Peter1 I have the same problem, were you able to solve it?

No I never solved it but moved to Auth0 ( instead as their system is easier to set up and they have very good tutorials. Their community and supportes where also quicker at ansvering/helping whenever I had a problem, which is importatent as you don’t want to wait six month for an answer on a forum when you are working on your next super project :smile:

1 Like