Hi, I am getting error ‘User is not assigned to the client application’ which is valid as the Okta user is not assigned that particular application. Can we also add the okta userId/userName in the error message for which we are getting this error as it will simplify the investigation process when checking the logs?
Since the user is first authenticated in okta before getting rejected from application level authentication, it would really help to include this detail. Alternatively, please advise how can I fetch the user okta Id when receiving this error
You could attempt to make a CORS request to the /api/v1/users/me endpoint. As long as their cookies are included in the request, this endpoint will return information about the user who has an active Okta session within that browser.
Note that because this is a CORS request to Okta, your application can encounter issues with browsers set to block third party cookies unless your application is hosted on the same domain as your Okta org (e.g. having a custom domain for your org at okta.example.com, with your application hosted at example.com/app, as explained here)
Is there a way to fetch the current user details from backend(.net core)? I have gone through the provided document but did not find any suitable endpoint for the same. The idea is to write the user-id in the logs when the user tries to log into the application which is not assigned to them. Ideally, I would expect the okta .net package to return this information as part of the error message.
No, there is not a way to do so. The only way to see information about a currently logged in user is via CORS requests. If the user is not assigned to your application, a token will not be issued for them and your application will not receive any information about them otherwise.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.