Authority server string confusion

Questions OAuth/OIDC
1

Hi Oktanoids,
I am a complete newbie to OIDC, please go easy on me :). I’ve followed the example for an MVC Core test at https://developer.okta.com/blog/2017/06/29/oidc-user-auth-aspnet-core for net7.0.
Firstly this 2017 example seems rather dated (screens are somewhat different and the packages deprecated) but I’ve cobbled together something that builds, after I changed the authentication part to

	. . .
	. . .
        builder.Services.AddAuthentication(options =>
        {
            options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
            options.DefaultAuthenticateScheme = "oidc";
            options.DefaultSignInScheme = "Cookies";
        })
            .AddCookie()
            .AddOpenIdConnect(options =>
            {
                options.Authority = "the variants below";
                options.RequireHttpsMetadata = false;
                options.ClientId = "<my Client Id>";
                options.ClientSecret = "<my Client Secret key thingy>";
                options.ResponseType = "id_token token";
                options.Scope.Add("openid");
                options.Scope.Add("profile");
                options.Scope.Add("email");
            });
	. . .
	. . .

The bit that I’m baffled by is what Authority I need to use. I’ve tried the following variants from the Application Dashboard, and a few more, and none of them seems to give me any sort of login

                options.Authority = "https://dev-12345678.okta.com/oauth2/default";
                options.Authority = "https://dev-12345678.okta.com/.well-known/openid-configuration";
                options.Authority = "https://dev-12345678.okta.com/oauth2/default/.well-known/oauth-authorization-server";
                options.Authority = "https://dev-12345678.okta.com/api/v1/authorizationServers/default";
                options.Authority = "https://dev-12345678.okta.com/oauth2/default/v1/authorize";

ie. when I try accessing https://localhost:5000/Home/Secure I get various responses ranging from a 404, ‘Unable to obtain configuration from: …’, ‘PII of type ‘System.String’ is hidden’, JSON with ‘E0000022 The endpoint does not support the provided HTTP method’, a large JSON payload with issuer/authorization endpoint/token endpoint etc. but those haven’t worked for me either.
I’m a bit lost on this sorry, any ideas for me to try?
Thanks

Steve

1 Like
2

Hey there @Steve2024,

Welcome to the community! I love the name Oktanoids. :joy:

Did you set up a new Okta Developer Edition org for your project, or do you have an existing Okta organization you are trying this project with? Double-checking since this is an old post and it didn’t walk you through the steps of setting up an Okta Developer Edition org.

If you navigate to the Admin Console in your Okta org, then navigate to Security > Security in the navbar, you should see the Issuer URI there (this URI is what you should use for the authority).

We do have some more updated samples to look at. It’s not .NET 7 though, but I’ll link them here just in case you find them useful.

Let us know how it goes!

3

I just ran in to the same problem.
See point #2 here:

When you first login to the okta developer account, its initialized to use the default authorization server.

So you can use:
options.Authority = "https://${yourOktaDomain}/oauth2/default

If someone changes the authorization server to something other than “default” you need to use the format:

https://${yourOktaDomain}/oauth2/${authorizationServerId}

It would look like this:

options.Authority = "https://dev-12345678.okta.com/oauth2/axscxcdv6xDxeksogwd7

4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.