I need to create a .net core API that will validate requests authenticaded by Okta and then release so that the request can access other endpoints.
My project will be depeloped in version 6 or 7 of .net.
In some research I saw we can use these thw approaches
→ Protect your API endpoints:
→ Validate Access Tokens:
So, from what I understand, we can use the authorize itself on the endpoints with ‘Okta.AspNetCore’ lib, or manually validate the token in our api, is that correct?
If yes, what would be the best way for my project?
Typically you would have one application that a user logs into and acquires tokens (authorize/token calls).
This application would then take the access_token returned from above and send it to another application which is acting as a resource server. The resource server would grant/deny the request based off of the access_token provided.
In your scenario it sounds like your application maybe the resource server, or is front of multiple API endpoints (gateway type of behavior?). If so you can check the below sample.
If this is not correct and your application will log the user into Okta and receives the tokens from Okta (MVC), I suggest looking at the below sample,