Okta Angular Error : getUserInfo requires an access token object - okta

In our angular 13 SPA application, we have integrated the Okta SSO. After successful login via the okta singIn widget window, we are trying to fetch the authenticated user information but getting the below error:
AuthSdkError: getUserInfo requires an access token object AuthSdkError: get user info requires an access token object.
How to get resolved this error, any help/suggestion on this will be appreciated.

Do you request token in your app configuration? Or only id_token? If latter, then include token as well

Related

Laravel passport social grant type

I am using social grant type for social login with google/facebook for my project. It is in laravel 9 API implementation and frontend react native, mobile application.
Normal sign in using passport and its working and using auth:api middleware all other protected apis in the project is also working fine.
But for social sign in, this is not working as expected. As I am implemented the social sign as described in this video - https://www.youtube.com/watch?v=fHkXwGNnJWQ. This is also working and here I am using 'social' as grant type.
I am getting an "Unauthenticated" error message as I calling other api using access_token generated using social grant. I can't identify the problem as I am new to Laraval. Normal sign in using username, password and grant type is 'password'. But here this is not working.
For ref: token generated :Access token and refresh token using social and grant type
Api error using the genarated token,
Message I am getting
Please anyone help on this?

Use Access Token for Graph API in AAD B2C

The access token that the app receives after successful authentication, can we use the same token for invoking GRAPH APIs for /me.
I tried to use the access token that I received in POSTMAN for /me but got an invalid token error. If I explicitly generate the token in POSTMAN, I am able to use it for /me.
What am I doing wrong here?!
I tested it.The access token you get after successful authentication of the app you use should be b2c, while b2c cannot be used to request a graph endpoint. See reference from Azure AD B2C auth code flow.
You can successfully request /me endpoint with the explicitly generated access token in POSTMAN because you are using an access token from Azure AD auth code flow.

wsfed authentication in webapp-webapi

The issue I am facing is to get webApi authenticated with bearer token received from webapp authentication.
Created web app, Angular template of .net core 2.1. Aded WsFed authentication to it. https://demoapp (dummy name)
Created Web Api app. Added wsfed authentication to it. https://demoapp-api (dummy name)
Now target is to authenticate web app, use token from there to make calls to api, and get data.
In WebApp, in OnTicketReceived WsFederationEvent, acquiring token using AcquireTokenAsync(AppId, credential);
Doing this because, we receive SAML token from WsFed.
Here tried with AppId of WebAPI, and also of WebApp. Both tokens do not work.
Passing this token as Bearer token in header to API.
When hitting API, facing redirection for authentication.
Ideally, when sending token, it should be allowed, right ?
I have added permissions of WebAPI on WebAPP in Azure portal, and also vice-versa.
Acquiring token using AppSecret.
Am I missing something here ? Or I am trying to achieve something which is not possible with WsFed ?
Can anyone please help with this webapp-webapi-wsfed scenario ?

Invalid session when trying to create a session in OKTA

Very new to okta flow, please bear with my ignorance.
I am doing a poc to access sharepoint from my external site and sharepoint is authenticated through OKTA. I want to start getting list view data from share point and expose it on my site.
1) What is the difference of authenticating using username / password flow (vs) using token to authenticate into OKTA?
Step 1: Auth in through username / password get the session token
Step 2 : After this I tried to create a session as per docs:
http://developer.okta.com/docs/api/resources/sessions.html#create-session-with-session-token
You're probably missing a valid Okta API token (cf. Getting a Token ) when calling the /api/v1/sessions endpoint. In any event, you should use the /api/v1/authn endpoint for authentication purposes and that one usually doesn't need an api token (unless you want to authenticate it from a trusted application).
The /api/v1/sessions API with the username/password payload is deprecated so you should shy away from using it in favor of the /api/v1/authn API.
I hope this helps!

Issue token to logged in user via spring

I have a Spring (3.2) based web app that a user can log into. The site will also provide an API secured via OAuth 2.0. My question then, is how do I go about generating a token for a logged in user?
The underlying idea here is that there will be a mobile app that opens up a web frame to the login page, which will eventually redirect to a url schema with an oauth token that the app will catch and then use for the api calls. Looking at the code for TokenEndpoint, I see that it defers token creation to a list of TokenGranter types. Should I be creating my own TokenGranter extended class, or am I looking at this all wrong?
I ended up writing a controller like this:
OAuthClientRequest request = OAuthClientRequest
.authorizationLocation(csOauthAuthorizeUrl)
.setClientId(csClientId)
.setRedirectURI(
UrlLocator.getBaseUrlBuilder().addSubpath(AUTH_CODE_HANDLER_URL).asUnEscapedString())
.setResponseType("code")
.buildQueryMessage();
UrlUtils.temporarilyRedirect(httpResponse, request.getLocationUri());
return null;
Then handling the code returned. My big problem here was that I had the /oauth/authorize endpoint set to use client credentials. Once I realized that tokens were being issued for the client ID instead of the user, it started to make sense.
So you want to use the Authorization Flow of OAuth. Spring has already support that, if you have configured the spring-security-oauth correctly, you just have to redirect the user/your mobile apps to /oauth/authorize?client_id=xxx&response_type=code this will redirect user to authorization page, if user has not login yet, it will redirect the user to login page then to the authorization page.
After the user completed the authorization process, it will redirect the user to an already registered redirect_url parameter with the authorization_code 'yourapp.com/callback?code=xxxx'.
Your application should exchange this authorization_code with the real token access to /oauth/token?grant_type=authorization_code&code=xxxx&client_id=xxxx&client_secret=xxxx
After that you will receive the token access that can be used to access the resource server.

Resources