Secure Your .NET 6 Web API

.NET 6 is here and many of us are making preparations to update .NET 5 codebases to .NET 6. As part of this review, today you will learn how to implement the client credentials flow in ASP.NET Core Web API.


This is a companion discussion topic for the original entry at https://developer.okta.com/blog/2022/04/20/dotnet-6-web-api

Hi, thanks for the informative post–very helpful to see the implementation.

This part caught my attention: “At this time, Okta does not provide a JWT Verification library for .NET”.

I’ve worked through this Okta guide here: Protect your API endpoints | Okta Developer

That Okta guide includes using an Okta nuget package that “enables your application to validate Okta access tokens”.

I’m trying to reconcile that Okta guide and your statement–when you say “At this time, Okta does not provide a JWT Verification library for .NET” are you saying this, because the nuget package in the Okta guide is too specific in validating only Okta access tokens and cannot be used to serve a broader need to verify a JWT regardless of where it came from?

Hi @dmckisic,

You’re right. The Okta.AspNet SDK is specific to Okta and the ASP.NET framework. If you need to validate tokens in other projects where the Okta.ASPNET is not an option you can do your validation manually as explained here.

I hope this helps!

1 Like