.NET 6 is here and many of us are making preparations to update .NET 5 codebases to .NET 6. As part of this review, today you will learn how to implement the client credentials flow in ASP.NET Core Web API.
Hi, thanks for the informative postâvery helpful to see the implementation.
This part caught my attention: âAt this time, Okta does not provide a JWT Verification library for .NETâ.
Iâve worked through this Okta guide here: Protect your API endpoints | Okta Developer
That Okta guide includes using an Okta nuget package that âenables your application to validate Okta access tokensâ.
Iâm trying to reconcile that Okta guide and your statementâwhen you say âAt this time, Okta does not provide a JWT Verification library for .NETâ are you saying this, because the nuget package in the Okta guide is too specific in validating only Okta access tokens and cannot be used to serve a broader need to verify a JWT regardless of where it came from?
Hi @dmckisic,
Youâre right. The Okta.AspNet SDK is specific to Okta and the ASP.NET framework. If you need to validate tokens in other projects where the Okta.ASPNET is not an option you can do your validation manually as explained here.
I hope this helps!
Hi, Laura. Very good explanation. I have reviewed it, but it doesnât work for Postman as you described this. But could you provide a description how integrate OKTA with ASP.NET Core .NET 6, when ClientId and Secretes are used in the code directly and when call some end-point, user in a browser authmatically redirected to the OKTA login page.Really very few documentaion on OKTA integration with .NET 6 ASP.NET Core. Could you provide it please.
Best regards,
Vasili Holub
Great explanation,
As a c# webapi dev whoâs used okta before to secure a webapi (.net core 3.1)b, you should re-write this to use the [Authorize] tag on the controller or controller method., instead of manually checking the token.
There is no way Iâd use this article, for that single fact alone, even though I quite like rest of your implementation. [Authorize] is the best practice for how to add authentication to a controller method.
See how itâs implemented in this Okta article for .NetCore 3.1, using the tag correctly.
Thanks,
Eric-
hi, I am trying to call Okta service from Postman but getting invalid_client error and summary is âInvalid value for âclient_idâ parameterâ. Can you please guide me what might be going wrong here? thanks.
Thanks for your comment @ericbrown
I was about to go through all the steps to manually validate the token, not knowing I didnât have to. Iâm even using .NET authorization with the [Authorized] tags and having trouble with it, so I was about to start fresh with this article. Instead I followed the article you linked to and just needed a few tweaks to get up and running.
While I appreciate a detailed guide to manually validating tokens in .NET, it really should say that it isnât necessary except in specific circumstances perhaps.