you mean this (your links return 404) : https://developer.okta.com/quickstart/#/widget/dotnet/aspnet4 (there is a sample with OpenID for WebAPI which I don’t see how to utilize)
The app in question uses OAuth 2.0
What I need to achieve is that user can be authorized either way - user/pwd html page with OAuth and with Okta/SAML with minimum code change.
I am not clear where to insert Okta in the OAuth flow.
Currently I have a token based flow - html client sends login/password, gets token from OAuthAuthorizationServerProvider implementation, then all calls to the resource (rest service with methods marked [Authorize]) OAuth does the job and test the token etc.
Now I need to make Okta login available instead of our html login page for certain users. but still keep the old functionality for other.
My current question - I need to receive “SAML Assertion” in my OAuth service to use it as a bearer token