I have an application with Angular front end and .Net core on the back end.
I have created a custom Authorization server. I am able to authenticate and get back an access token.
and I am using JwtBearerDefaults.AuthenticationScheme to validate token on the back end.
How do I go a bout securing my backend APIs with policies.
for example I have an endpoint that requires adming policy with read/write access
then I have another end point with Read only policy.
in the backend I am marking my controllers with
[Authorize(Policy = “ReviewerPolicy”)]
[Authorize(Policy = “AdminPolicy”)]
How can I go about doing this using OKTA as my authorization server?