.NET 6 is here and many of us are making preparations to update .NET 5 codebases to .NET 6. As part of this review, today you will learn how to implement the client credentials flow in ASP.NET Core Web API.
That Okta guide includes using an Okta nuget package that “enables your application to validate Okta access tokens”.
I’m trying to reconcile that Okta guide and your statement–when you say “At this time, Okta does not provide a JWT Verification library for .NET” are you saying this, because the nuget package in the Okta guide is too specific in validating only Okta access tokens and cannot be used to serve a broader need to verify a JWT regardless of where it came from?
You’re right. The Okta.AspNet SDK is specific to Okta and the ASP.NET framework. If you need to validate tokens in other projects where the Okta.ASPNET is not an option you can do your validation manually as explained here.
Hi, Laura. Very good explanation. I have reviewed it, but it doesn’t work for Postman as you described this. But could you provide a description how integrate OKTA with ASP.NET Core .NET 6, when ClientId and Secretes are used in the code directly and when call some end-point, user in a browser authmatically redirected to the OKTA login page.Really very few documentaion on OKTA integration with .NET 6 ASP.NET Core. Could you provide it please.
As a c# webapi dev who’s used okta before to secure a webapi (.net core 3.1)b, you should re-write this to use the [Authorize] tag on the controller or controller method., instead of manually checking the token.
There is no way I’d use this article, for that single fact alone, even though I quite like rest of your implementation. [Authorize] is the best practice for how to add authentication to a controller method.
See how it’s implemented in this Okta article for .NetCore 3.1, using the tag correctly.
hi, I am trying to call Okta service from Postman but getting invalid_client error and summary is “Invalid value for ‘client_id’ parameter”. Can you please guide me what might be going wrong here? thanks.