So currently I am building an application that will be using Okta from logging in and identifying users.
The Frontend and Backend are separate Applications.
Both are essentially setup to authenticate user but I am having issue sharing these identities.
Bit more detail on the current state of both applications.
Frontend:
So the SPA is setup as the SDK Getting start page shows.
When you try to use a route that is marked secured you will have to login.
After login everything gets store in local storage under ‘okta-token-storage’.
And the implicit callback send you to the route you attempted to access.
So far so go.
Now this particular application will do some GET Requests upon landing on this page to the Backend application.
And this is where it goes wrong because as far as the Backend is concerned you are not logged in.(more on this later)
Backend:
The Web API is setup as the SDK Getting start page shows.
On the Backend if I am running it on localhost I can trigger a login route that we redirect me to the Okta login.
After login everything works as expected and sends me back to my api and completes the request.
Now once logged in the state of being authenticated / logged in is held by the HttpContext.
Within HttpContext.User.Claims and HttpContext.User.Identity
The Problem:
I do not know how to set all this information in the HttpContext ounce the Frontend has logged in.
In the local storage of the Frontend (okta-token-storage) aside from having a access token there is also all the claims that I require.
But this needs to be set inside of the HttpContext before any protected endpoints gets hit.
This is the best I can do to explain the issue for now if it is still unclear ask questions so I can clarify