NancyFX and Okta Integration


I am creating a RESTful API using NancyFX with Okta as the Authentication layer in .NET Framework 4.7.1. For this I have setup a Startup.cs file as can be seen below:

using Microsoft.Owin;
using Owin;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.OpenIdConnect;
using System.Threading.Tasks;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
using System.Configuration;
using System.Security.Claims;
using IdentityModel.Client;
using System;
using System.Collections.Generic;
using Microsoft.IdentityModel.Tokens;
using Nancy.Owin;
using Nancy;

[assembly: OwinStartup(typeof(ServiceFrameworkBase.Startup))]

namespace ServiceFrameworkBase
    public class Startup

        private readonly string clientId = ConfigurationManager.AppSettings["okta:ClientId"];*/
        private readonly string redirectUri = ConfigurationManager.AppSettings["okta:RedirectUri"];
        private readonly string authority =ConfigurationManager.AppSettings["okta:OrgUri"];
        private readonly string clientSecret = ConfigurationManager.AppSettings["okta:ClientSecret"];

        public void Configuration(IAppBuilder app)

            app.UseCookieAuthentication(new CookieAuthenticationOptions());

            app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
                ClientId = clientId,
                ClientSecret = clientSecret,
                Authority = authority,
                RedirectUri = redirectUri,
                ResponseType = OpenIdConnectResponseType.CodeIdToken,
                Scope = OpenIdConnectScope.OpenIdProfile,
                TokenValidationParameters = new TokenValidationParameters
                    NameClaimType = "name"

                Notifications = new OpenIdConnectAuthenticationNotifications
                    AuthorizationCodeReceived = async n =>
                        // Exchange code for access and ID tokens
                        var tokenClient = new TokenClient(authority + "/v1/token", clientId, clientSecret);
                        var tokenResponse = await tokenClient.RequestAuthorizationCodeAsync(n.Code, redirectUri);

                        if (tokenResponse.IsError)
                            throw new Exception(tokenResponse.Error);

                        var userInfoClient = new UserInfoClient(authority + "/v1/userinfo");
                        var userInfoResponse = await userInfoClient.GetAsync(tokenResponse.AccessToken);
                        var claims = new List<Claim>();
                        claims.Add(new Claim("id_token", tokenResponse.IdentityToken));
                        claims.Add(new Claim("access_token", tokenResponse.AccessToken));

                        if (!string.IsNullOrEmpty(tokenResponse.RefreshToken))
                            claims.Add(new Claim("refresh_token", tokenResponse.RefreshToken));



                    RedirectToIdentityProvider = n =>
                        // If signing out, add the id_token_hint
                        if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.Logout)
                            var idTokenClaim = n.OwinContext.Authentication.User.FindFirst("id_token");

                            if (idTokenClaim != null)
                                n.ProtocolMessage.IdTokenHint = idTokenClaim.Value;


                        return Task.CompletedTask;

This does not get me the end-user’s identity. Are there any steps I am missing or additional function calls required? Any assistance is greatly appreciated!


Hi @OHAVM - can you clarify what “This does not get me the end-user’s identity.” means? Are you getting an error, or is there a missing claim from the ID token?