Using okta with .net 5 in back end and react in frontend.Backend configuration issues

I am trying to set up configuration for okta in .net core.
I have created a developer account. I want to use oAuth/OIDC.
In appsettings, under domain,
“Okta”: {
“Domain”: “
I have used the value which was there in dashboard’s API section Auth0 Management API identifier.
I am getting this error.
{“IDX20803: Unable to obtain configuration from: ‘’.”}|System.InvalidOperationException|
Also, this is the code in program.cs
services.AddAuthentication(options =>
options.DefaultAuthenticateScheme = OktaDefaults.ApiAuthenticationScheme;
options.DefaultChallengeScheme = OktaDefaults.ApiAuthenticationScheme;
options.DefaultSignInScheme = OktaDefaults.ApiAuthenticationScheme;
).AddOktaWebApi(new OktaWebApiOptions()
OktaDomain = Configuration[“Okta:Domain”].ToString()
Am I missing out on something?

Those are Auth0 domains in your configuration so I recommend reaching out in the Auth0 Community with this question.

If you need to test with an Okta account, you can create an Okta dev account here.

Like @nicole mentioned, you seem to be using an Auth0 org with Okta’s .NET MVC library. I’m not positive whether or not that will work (I should note that okta-aspnet is just a wrapper around OWIN and is designed to work with Okta’s OAuth implementation). You could look to use Auth0s library instead, I’m betting it will be a bit smoother sailing for you. This article looks to walk through the full set-up: Add Login to your ASP.NET MVC application | Auth0

The main error you seem to be encountering is related to how the library attempts to hit the OIDC metadata endpoint. From what I’ve seen, this is based on a combination of OktaDomain and AuthorizationServerId.

I don’t know as much about Auth0/CIC’s request paths for their authorization servers, but you could try setting AuthorizationServerId to string.Empty (which Okta WIC/CIS already supports). It should then try to hit the well-known endpoint by just slapping /.well-known/openid-configuration onto the end of the OtkaDomain value (which I believe you will need to remove /api/v2/ from), which I see does seem to be the correct metadata endpoint for your org:

Like I said, not sure if this will wind up working as I haven’t tested this library with an Auth0 org before and you might wind up running into other discrepancies with assumptions made in Okta’s library, but could be worth a shot!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.