MVC & Okta Integration - Setting Client Id and Secret

somi · May 21, 2021, 2:25am

Hi Team,

We have an existing MVC application which provides features to users from different companies.
Some of our customers (different companies which have their own domain on Okta) have requested us to integrate our MVC app with Okta so their users can browse our app from Okta.

I have followed the steps in Build a CRUD App with ASP.NET MVC and Entity Framework | Okta Developer for the integration which works ok in dev environment.

I’m just a bit confused about the use of “ClientId”, “ClientSecret” , “OktaDomain”. Will we get assigned a “ClientId”, “ClientSecret” after registering / publishing our app to okta and then will use that for each and every request coming from different organizations? or do we need to process requests separately based on their domain and client id/secret.

the above link says all we need is adding these values in the web.config and then use them in project start up which I’m not sure if it can handle our scenario for serving different companies

<add key="okta:ClientId" value="{clientId}" />
<add key="okta:ClientSecret" value="{clientSecret}" />
<add key="okta:OktaDomain" value="https://{yourOktaDomain}" />
<add key="okta:RedirectUri" value="http://localhost:8080/authorization-code/callback" />
<add key="okta:PostLogoutRedirectUri" value="http://localhost:8080/Account/PostLogout" />

Could you please help me to proceed with this.
Thanks

andrea · May 27, 2021, 6:51pm

Each application instance in Okta will have a unique ClientId and ClientSecret, and the config for your application will need to ensure that tokens are requested to their Okta tenant (OktaDomain) as well as the specific OIDC client that was created in their org (ClientID and ClientSecret).

Our own .NET SDK does not support multi-tenancy, where all users from different Okta tenants can use the same application instance.

somi · May 28, 2021, 1:20am

Thanks Andrea for your response.

I’ve found a solution to support Okta multi tenancy in my MVC application, but not sure if it’s the proper way of handling this.
I’m going to use Owin.MapWhen method in startup.cs class to branch the request pipeline based on the host name (which is different for each of our customers)

 foreach (Company company in companies)
 {
    app.MapWhen(r => r.Request.Host.Value.StartsWith(company.Name + ".com"), app1 => app1.UseOktaMvc(new OktaMvcOptions()
    {
        OktaDomain = company.OktaDomain,
        ClientId = company.OktaCientId,
        ClientSecret =company.OktaCientSecret,
        RedirectUri = "https://" + company.Name + ".com/authorization-code/callback",
        PostLogoutRedirectUri = "https://" + company.Name + ".com/account/postlogout",
        GetClaimsFromUserInfoEndpoint = true,
        Scope = new List<string> { "openid", "profile", "email", "address" },
    }));
 }

The only issue with the above solution is that we have to re-start our application (IIS) everytime we add a new Okta customer / modify their Okta Configuration.

system · February 12, 2024, 9:00pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.