ASP.NET Core Web API returns 401 Unauthorized

I have a back-end ASP.NET core 2 web api services to which I want to restrict access. I tried to follow the example scenario described here https://developer.okta.com/quickstart/#/angular/dotnet/aspnetcore , when I have implicit flow and my Angular SPA application receives id token and access token. I have my Authentication configured exactly as described in the example in the tutorial

// Add Okta Authentication
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = OktaDefaults.ApiAuthenticationScheme;
options.DefaultChallengeScheme = OktaDefaults.ApiAuthenticationScheme;
options.DefaultSignInScheme = OktaDefaults.ApiAuthenticationScheme;
})
.AddOktaWebApi(new OktaWebApiOptions()
{
OktaDomain = Configuration[“Okta:OktaDomain”],
});

However, if I try to call the endpoint with an access_token I get a 401 Unauthorized. I’ve tried calling the endpoint both from my Angular SPA and directly Postman but it is always the same. I can, of course, call all other endpoints withut authorization with no problems.

Hey @Peter1 I have the same problem, were you able to solve it?

No I never solved it but moved to Auth0 (https://auth0.com/) instead as their system is easier to set up and they have very good tutorials. Their community and supportes where also quicker at ansvering/helping whenever I had a problem, which is importatent as you don’t want to wait six month for an answer on a forum when you are working on your next super project :smile:

1 Like