I’ve contacted developer support and I was advised “not to validate the token” from our .net code.
And need to call the /v1/userinfo end point to get user info.
I did below steps and got it working in .net core 2.0. Unfortunately our existing application is using core 1.0 and no SET method for SecurityTokenValidator.
New Validator Class
- public class CustomSecurityValidator : ISecurityTokenValidator
- override the ValidateToken method to not validate the token
Startup.cs
2. options.SecurityTokenValidator = new CustomSecurityValidator();
3. OnTokenValidated event, call /v1/userinfo end point manually and add the user info to ctx.Principal
Hope the above useful to someone.
It will be good if OKTA .net core middleware can handle this scenario.