I’m attempting to use the Okta .NET SDK (.NET Core 3.1 WebApi) within AWS Lambda, fronted by an API Gateway entry point. However I can’t seem to get this to work correctly.
Does anyone know of any known issues with using the Okta .NET SDK within AWS, specially Lambda? I should add that the exact same code works outside of the AWS Lambda environment (of course 
)
{
"message": "Endpoint request timed out"
}
Hello,
I don’t know how closely this mimics what you are trying but this blog post may help.
Thanks very much for touching base and for your consideration. I’ve been able to leverage Okta as it relates to auth within the WebApi without issue (securing my endpoints, etc.).
Where I’m running into an issue is within a single controller function that’s responsible for creating a new Okta user by way of the Okta Users API and the OktaClient object. The ‘registration’ object is getting posted from a React client. Below is a portion of the web api code.
In general, every function that I call on the OktaClient object within the controller method within Lambda times out. I have many additional endpoints within the API Gateway which all work as expected with the exception of the one using the OktaClient object.
var user = await _oktaClient.Users.CreateUserAsync(
new CreateUserWithoutCredentialsOptions
{
Profile = new UserProfile
{
FirstName = registration.FirstName,
LastName = registration.LastName,
Email = registration.Email,
Login = registration.Name
},
Activate = false
}
);
If the only message you see in the logs is a timeout it might be beneficial for us to look on our end and see if the call makes it to our system.
How do you connect with the management SDK, API token, or with a Private key to exchange for an access token?
I suggest creating a support ticket with us so we can collect your Okta Orgs information. We can then check the logs to verify if we see the create user call.
That sounds good. As of now, I’ve been connecting with the SDK via API token.
Also, this may or may not be related, but wanted to mention it in the event it may help. There was a reported and confirmed bug not long ago surrounding the SDK, the HOME env variable, and handling it if it wasn’t present when executed within the Lambda environment. This was addressed and corrected by PR #425.
I mention this because prior to that fix, which I “believe” was in 3.2, I received that same error as well. The 3.2 update corrected that issue, but has resulted in a perpetual timeout for me.
I wanted to circle back on this. I found this issue was NOT Okta related at all, but I wanted to post the solution in the event it could assist anyone else.
Within AWS, once a Lambda is configured within a VPC (which my Lambda is), it is NO LONGER PUBLIC, and thus loses internet access. In order to make HTTP calls to Okta, a NAT Gateway needed to be created and associated with the Public subnet of my VPC, and with a route to the Private subnet (where the Lambda is configured). An Internet gateway also needed to be created and configured with a route to to the Public subnet.
Once the above was completed, all worked as expected.
Thank you and I hope this information is useful to others experiencing the same issue.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.