.Net Core auto verification of access token

Hi, I recently started a new position and have previous OAuth experience at another company. I am working on a Core web API, and I noticed that there was not any access token verification within the API. One of my new colleagues told me that the verification wasn’t necessary because the SDK did this automatically. This is the code.

services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = OktaDefaults.ApiAuthenticationScheme;
options.DefaultChallengeScheme = OktaDefaults.ApiAuthenticationScheme;
options.DefaultSignInScheme = OktaDefaults.ApiAuthenticationScheme;
})
.AddOktaWebApi(authOpt.Okta);

The options include a domain, server id, and audience.

I searched through the documentation and could not find anywhere explicitly referencing automatic verification.

Could somebody please point me to the documentation that explicitly identifies how to incorporate auto-verification of the access token?

Thanks,
Tom

Hello,

Okta.AspNetCore will validate the access token and populate Http.Context with set of user information when the [Authorize] attribute is added to your controller or actions.

Refer to this doc here.

Thanks !

2 Likes

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.