Call API from ASP.Net Core 2.0

dotnet

#1

Please forgive me for the novelty of this question or if it has been covered somewhere else; I’ve been looking all over for a working example but haven’t found anything. I’m a novice in both C#/ASP.NET Core 2.0 and the Okta platform.

I was able to set up a basic working solution where the user authenticates using the OpenID quickstart.

Now I’m trying to call the Okta API from the backend to get information about “me” as a logged in user. Eventually, I want to get groups and role information (i.e., is the visitor a super user or admin, etc.) but am trying to start simple.

Here is my controller

[Authorize]
public IActionResult ShowUser()
{
  using (HttpClient client = new HttpClient())
  {
    client.BaseAddress = new Uri("https://{{My Company}}.oktapreview.com");

    byte[] cred = UTF8Encoding.UTF8.GetBytes("{{My API Token}}");

    client.DefaultRequestHeaders.Accept.Add(
        new MediaTypeWithQualityHeaderValue("application/json"));
    client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(
        "Bearer", Convert.ToBase64String(cred));

    HttpResponseMessage response = client.GetAsync("/api/v1/users/me").Result;
    string stringData = response.Content.ReadAsStringAsync().Result;

    // Just for demo purposes
    ViewData["Results"] = stringData;

    return View();
  }
}

The error I’m receiving is:

{
"errorCode":"E0000005",
"errorSummary":"Invalid session",
"errorLink":"E0000005",
"errorId":"oaeOrQDpIWDTRyihIThHokg4g",
"errorCauses":[]
}

Can anyone point me in the direction of what I’m doing wrong here?


#2

If you look at the “get current session” API - https://developer.okta.com/docs/api/resources/sessions#get-current-session, you will notice the following -

This operation requires a session cookie for the user. API token is not allowed for this operation.

Make sure that your session cookie is set (user is logged in) and don’t pass the API Token in your code.

Here’s an older thread which might be helpful - https://stackoverflow.com/questions/38722455/okta-session-id-retrieval


#3

Hey @bleonard! It sounds like you’ve been able to log a user in via OpenID Connect, but you want to get more info about them. At a high level, you have two options:

  • Look at the claims in the ClaimsIdentity. The claims in theID token returned from Okta (which is consumed by the ASP.NET Core OpenID Connect middleware) are automatically put into the ClaimsIdentity that represents the user. For example, you can do
var name = HttpContext.User.Claims.FirstOrDefault(x => x.Type == "name")
  • If you want more than the few claims that come through the ID token, you can use the Okta .NET SDK to easily call the Okta Users API. The user’s Okta ID is available via the sub claim. For example:
var user = await client.User.GetUserAsync("<user id>");

We recently updated the Okta + ASP.NET Core 2.0 example to demonstrate this, in case you want another example. :slight_smile:

Let me know if this is what you’re looking for!


#4

@nate.barbettini This looks very promising, thanks for the update!

I do have one (probably dumb) question regarding the OrgUrl in appsettings.json. In the QuickStart the Org Url is said to be found “On the home screen of the developer dashboard, in the upper right.” I don’t see anything that looks like an Org Url when I look at https://{{MyCompany}}-admin.oktapreview.com/admin/dashboard. Am I looking in the wrong spot?


#5

You might be in the admin console, you can switch over to the developer console using the picker in the top left .

Your Org URL should be the admin link without the -admin

if you are looking at the admin dashboard and your url is:

my-company-admin.oktapreview.com

your org url should be:

my-company.oktapreview.com

hope this helps!