Unable to send request from .NET backend to Okta users endpoint

Hi, we are trying to migrate our application to using Okta authentication/authorization. We’ve figured out how to authenticate the user and send the JWT token to our backend to authorize users, but now we are stuck with one problem. The backend will need to verify that a user exists in the security server, by performing a request via HttpClient. I’ve modified the original code to send the request to our okta authentication server, the code kinda looks like this below:

using ( var client = new HttpClient { BaseAddress = new Uri(oktaDomain) })
{
    // get access token from request header. 
    var token = HttpContext.Current.Request.Headers["Authorization"].Replace("Bearer ", "");      

    // Add the current user's access token to the request.
    client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(BEARER_HEADER_NAME, token);

    // Contact the server.
    var response = client.GetAsync($"api/v1/users/{loginName}").Result;

    // Get the results.
    var content = response.Content.ReadAsStringAsync ().Result;

    // Was the call successful?
    if ( !response.IsSuccessStatusCode )
    {
        ProcessError ( response, content );
    }

    // Parse the result.
   ... Details hidden ...
}

Unfortunately, the code does not work and we keep getting 400 bad request. Inspecting the response object and we find that the error appears to be ‘The authorization server id is invalid’. Why does this happen? The authorization server appears valid when we make AJAX calls from the client side, and even the token can be obtained from HTTP request headers correctly. Please help.

Actually I tried it on the client side, and the below JQuery failed to work either:

                $.ajax({
                    dataType: "json",
                    headers: {
                        Authorization: accessToken.tokenType + ' ' + accessToken.accessToken
                    },
                    url: oktaURL + "/api/v1/users/" + usernameOrEmail
                }).then(function(response){
                    console.log("Successfully found user info: ");
                    console.log(response);
                });

The response contains information in the Www-authenticate header(the domain information is replaced by {OktaDomain}):

Bearer authorization_uri=“{OktaDomain}/oauth2/v1/authorize”, realm=“{OktaDomain}”, scope=“okta.users.read”, error=“invalid_request”, error_description=“The authorization server id is invalid.”, resource=“/api/v1/users”

Can someone assist with fixing this issue? Id just want to call an API to verify if an email address exists on the okta auth server.

Hi there,

This is Akash, from Okta and I will be assisting you with your queries.

Before we moving forward, I would like to get some additional details. Please answer the following questions.

  1. Are you implementing OAuth for Okta? Are you trying to access Okta API using the OAuth2 access token in your application.
  2. What is the iss value for the access token you are using for authorization?
  3. What is the exact endpoint returning the 400 error?
  4. Do you have API Access Management feature enabled in your org?

This will help me understand the issue better and get you the right solution or insights.