Hi,
Im trying to access okta api (okta.groups.read
scope).
Unfortunately I’m getting this error:
The issuer and subject claim for client_assertion is invalid because the client does not have a client secret.
The thing is that okta api’s client application do not have ClientSecret
. Fail to understand what I’m doing wrong.
This is my code (using IdentityModel
)
var disco = await GetDiscoveryDocument();
var httpClient = new HttpClient
{
BaseAddress = new Uri(disco.TokenEndpoint)
};
var jwt = CreateJwt();
using var tokenRequest = new ClientCredentialsTokenRequest
{
Address = disco.TokenEndpoint,
GrantType = IdentityModel.OidcConstants.GrantTypes.ClientCredentials,
ClientId = ClientId,
Scope = "okta.groups.read",
};
tokenRequest.Parameters["client_assertion_type"] = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer";
tokenRequest.Parameters["client_assertion"] = jwt;
var tokenResponse = await httpClient.RequestClientCredentialsTokenAsync(tokenRequest);
if (tokenResponse.IsError)
throw new System.NotImplementedException(tokenResponse.ErrorDescription);
private string CreateJwt()
{
var subject = new ClaimsIdentity(new { new Claim(“sub”, ClientId) });
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(“Private-Key”));
var signingCredentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var expiration = DateTime.Now.AddSeconds(10 * 60);
var tokenHandler = new JwtSecurityTokenHandler();
var jwtSecurityToken = tokenHandler.CreateJwtSecurityToken(
audience: Authority,
expires: expiration,
issuer: ClientId,
subject: subject,
signingCredentials: signingCredentials);
return tokenHandler.WriteToken(jwtSecurityToken);
}
Is there full step-by-step example of using okta api (preferably C#
)
Thank you