Trying to get the user name who calls the web api

Hi Developers,

I have managed to get the access token by using the client-credential flow for my .net core web api authentication.

What I am trying to do now is to get the username of the caller who is from the desktop app (the user is authenticated using windows auth), so the web api can log the user (trying to know who is calling this web api).

Is there any way I can achieve this by using client-credential flow or a better way to achieve this?

Thanks in advance!

Client credentials flow is typically used in machine-to-machine integrations and the tokens will be granted to the application itself, not to an individual user.

If you need information about the individual users accessing your API, you may want to look into using a different flow, such as Authorization Code flow.

Thanks for your answer,

I was thinking about you solution but using authorization code flow requires web page to sign in, I should add a web page to my desktop app? I am just a confused about how the desktop app talks to the authenticated web api

You’re correct in that this flow typically uses a web browser (since the authorize request involves a redirect) Your desktop application can use an embedded browser to facilitate this flow and/or you can look into making all these calls on behalf of the user. To do so, you would need to prompt the user for their username/password to complete primary authentication (which means user MUST be a local Okta user) and then take the sessionToken returned from a successful authentication and pass it along in an /authorize request.

This type of authentication is usually handled by some sort of a front end though, as you can see noted for our Resource Server sample applications that involve using one of our front end SDKs to get Access Tokens for the user to use to access the Web API app.