CODEWITHSUNDEEP
.netasp.net-coreoauthopenidokta
845614720
845614720

Reputation: 838

Using Okta to authorize external API Calls

We have setup a Okta application (SPA) / authorization server for our Vue front-end application for users to log into. We are trying to have it so that when a user logs into our Vue application we can use the 'Session' from Okta to send requests to our external .Net Core API and validate that the user is logged in via Okta and can hit the specified endpoint (The only condition here being that the user is logged in and still has a valid session).

I see that Okta places some access / id tokens on the local storage once logged in but that's about as far as I've gotten so far.

Is there a way to do this via Okta or do we have to create/store/manage our own JWT's?

Upvotes: 0

Views: 1216

Answers (2)

Pruthvi Raj Nadimpalli
Pruthvi Raj Nadimpalli

Reputation: 1373

As you have discovered, Okta SDK stores JWT tokens in localstorage by default. You can use Okta's AuthJS SDK (you are probably already using it), you can use the following code to retrieve tokens:

authClient.tokenManager.get('accessToken')
.then(function(token) {
  if (token && !authClient.tokenManager.hasExpired(token)) {
    // Token is valid
    console.log(token);
  } else {
    // Token has been removed due to expiration or error while renewing
  }
})
.catch(function(err) {
  // handle OAuthError or AuthSdkError (AuthSdkError will be thrown if app is in OAuthCallback state)
  console.error(err);
});

You can then pass the access token as a bearer token in calls to external API. The resource server which servers API requests should validate these OAuth tokens using introspection or local validation. You can find more details here: https://developer.okta.com/code/dotnet/jwt-validation/

Thank you,
Raj

Upvotes: 1

hawk
hawk

Reputation: 126

For authorization, you should be passing the access token (from Okta) as a Bearer token to your .net api.

Please find our sample app here.

Upvotes: 1

Related Questions