Hi @nate.callaghan, @nate.barbettini,
I am new to OKTA, using .Net 4.8 to implement oidc okta. problem is that in startup.cs AuthorizationCodeReceived is not getting hit and hence unable to get the claims/userInfo to my application. RedirectURL is https://localhost:44396/Default.aspx. Quick help on this is appreciated.
below is the code from startup.cs,
public void Configuration(IAppBuilder app)
{
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
CookieSecure = CookieSecureOption.Always,
});
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
var clientId = ConfigurationManager.AppSettings["okta:ClientId"].ToString();
var clientSecret = ConfigurationManager.AppSettings["okta:ClientSecret"].ToString();
var issuer = ConfigurationManager.AppSettings["okta:Issuer"].ToString();
var redirectUri = ConfigurationManager.AppSettings["okta:RedirectUri"].ToString();
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
ClientSecret = clientSecret,
Authority = issuer,
RedirectUri = redirectUri,
ResponseType = "code",
UseTokenLifetime = false,
Scope = "openid profile",
PostLogoutRedirectUri = ConfigurationManager.AppSettings["okta:PostLogoutRedirectUri"].ToString(),
TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name",
ValidateIssuer = true
},
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthorizationCodeReceived = async context =>
{
// Exchange code for access and ID tokens
var tokenClient = new System.Net.Http.HttpClient();
var tokenResponse = await tokenClient.RequestAuthorizationCodeTokenAsync(
new IdentityModel.Client.AuthorizationCodeTokenRequest());
if (tokenResponse.IsError)
{
throw new Exception(tokenResponse.Error);
}
// use auth server URL and access token to request id token
var userInfoResponse = await tokenClient.GetUserInfoAsync(new UserInfoRequest
{
Address = ConfigurationManager.AppSettings["Okta:UserInfo"],
Token = tokenResponse.AccessToken
});
if (userInfoResponse.IsError)
throw new Exception(userInfoResponse.Error);
var identity = new ClaimsIdentity();
identity.AddClaims(userInfoResponse.Claims);
//var claims = new List<Claim>(userInfoResponse.Claims)
//{
// new Claim("id_token", tokenResponse.IdentityToken),
// new Claim("access_token", tokenResponse.AccessToken)
//};
identity.AddClaim(new Claim("id_token", tokenResponse.IdentityToken));
identity.AddClaim(new Claim("access_token", tokenResponse.AccessToken));
var nameClaim = new Claim(
ClaimTypes.Name,
userInfoResponse.Claims.FirstOrDefault(c => c.Type == "name")?.Value);
identity.AddClaim(nameClaim);
System.Threading.Thread.CurrentPrincipal = new ClaimsPrincipal(identity);
context.AuthenticationTicket = new AuthenticationTicket(
new ClaimsIdentity(identity.Claims, context.AuthenticationTicket.Identity.AuthenticationType),
context.AuthenticationTicket.Properties);
},
RedirectToIdentityProvider = context =>
{
if (context.ProtocolMessage.RequestType == OpenIdConnectRequestType.Logout)
{
var idToken = context.OwinContext.Authentication.User.Claims
.FirstOrDefault(c => c.Type == "id_token")?.Value;
context.ProtocolMessage.IdTokenHint = idToken;
}
return Task.FromResult(true);
},
}
});
}