I have a .net core 3.0 application that consumes a bearer token that I am currently providing via postman call.
In my developer okta account I have setup a group named : xyz (By going under Users → Groups).
Then in my authorization Servers : under the default server I added a claim as explained in the video :
[ Use the Built-In ASP.NET Core 3.0 OIDC Middleware with Okta]
(Use the Built-In ASP.NET Core 3.0 OIDC Middleware with Okta - YouTube)
In my net core application :
in my startup.cs
services.AddAuthentication(options =>
{
options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.Authority = "https://dev-75725943.okta.com/oauth2/default";
options.Audience = "api://default";
options.RequireHttpsMetadata = false;
options.TokenValidationParameters.NameClaimType = "name";
options.TokenValidationParameters.RoleClaimType = "groups";
});
In my controller endpoint :
(Below is a part of code : shows Authorize)
[HttpGet]
[ProducesResponseType(typeof(IEnumerable<DeviceTypeStatusCnt>), (int)HttpStatusCode.OK)]
[Authorize(Roles = "xyz")]
public async Task<IActionResult> GetDeviceModelsAsync()
{
Now in postman :
The api works just fine with [Authorize] but the bearer token does not work with
[Authorize(Roles=“xyz”)]
and gives the follwoing stacktrace (part of the whole stacktrace):
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler: Information: Successfully validated the token.
Microsoft.AspNetCore.Authorization.DefaultAuthorizationService: Information: Authorization failed.
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler: Information: AuthenticationScheme: Bearer was forbidden.
Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request finished in 54.4103ms 403
Not sure what is wrong?