I have successfully setup a .NET core web application (using razor pages) with Okta as its identity provider. Users can self register, login, etc. I get all the claims info I need within the web app, including any custom claims I’ve created.
I then implemented authorization over in my web api project. The web app passes along the id_token to the api, and the api is able to validate it. I’m using the Okta.Aspnetcore middleware in both applications.
Here is my problem. Within the web app, I can see all of the claims. However, on the web api side, some of the claims simply aren’t there. Unlike in the web app, there is no where to specify the scopes in the OktaWebApiOptions() class - so I have no idea what to do. Any thoughts?