[InvalidOperationException: IDX20803: Unable to obtain configuration from: ‘https://{OKTADomain}/oauth2/default/.well-known/openid-configuration’.]
I’m facing this above error. I have downloaded the sample application, which is working well and good for the same configuration. More over, I can get JSON result when I hit through browser with the URL.
Please guide me to integrate the OKTA with our .NET MVC Application.
Is the Okta org you are using licensed for API Access Management (if you’re an admin of your org, can you navigate to Security → API → Authorization Servers)? If not, you will not be able to use the “Default” authorization server, which is a custom authorization server only available for orgs with the appropriate license. More details about the available authorization server types here: Authorization Servers | Okta Developer
Instead, you can use the built-in Org Authorization Server for most use cases. When using .NET MVC, you just need to set AuthorizationServerId to string.Empty to do so, as noted in the documentation for the library.
I’m having developer account and using “UseOpenIdConnectAuthentication”.This authentication does not have “AurthorizationServerId” it seems. And API having “default Issuer URI” too.
I’m running in local only. Also I have downloaded the sample solution which is working great with the same credentials. Is there any thing I need configure in my local? One more point is, I’m upgrading the form authentication to the OKTA authentication. Thanks for your timely reply.
We are using a ASP.NET Web form Application but having issues to use the AUTH URL without default. With default it works fine but since its licensed we want to change it.
We are referring to the below code:
where there is no mention of setting AuthorizationServerId to String to Empty
That sample isn’t using our .NET middleware and is using OWIN directly, so there is no AuthorizationServerId property you can set.
Instead, you can try setting the okta:OrgUri to just your Okta domain (remove “/oauth2/default”, but I can’t guarantee this guide will work without a custom authorisation server. Let me know if you test it out and see any issues after switching the issuer
Correct. Just the Okta domain is a valid issuer. You can see this for yourself at its well-known endpoints: https://${yourOktaOrg}/.well-known/openid-configuration