I’m working in a .Net Core 6.0 web app secured with Azure AD.
I am exposing an API that will be accessed by a completely different APP (Angular/Nestjs) that is secured with OKTA.
I’m using minimal API’s which mean the API itself is not automatically secured with Azure AD unless you make it so.
app.MapGet("/getsomestuff", (HttpContext ctx) => {
// Hopefully grab ctx.Request.Headers.Authorization
// and VALIDATE that the Okta token is valid and it belongs to my Okta app
// I don't care any more than that.
});
I’ve added Okta.AspNetCore nuget package and I can see a class called StrictSecurityTokenValidator which I think is the right direction, but am looking for some documentation on how to use it.