I have Application Insights configured for my AspNet Web API application. On this application I also have OAuth2 authentication :
config.SuppressDefaultHostAuthentication();
config.Filters.Add(new HostAuthenticationFilter(OAuthDefaults.AuthenticationType));
In Live Metrics Stream I see some errors from OAuth middleware ( failed requests to /oauth2/token). But I cand found any requests to this url neither in ApplicationInsights Analytics nor using search on Azure portal. Why it happens?
Related
I am trying to develop a mobile application. I will use Java in the backend. However, I confused about auth processes.
I will use okta as a authorization server. But I do not want to redirect my user to okta login page. Instead, I will create a login page and connect it to my backend service. I need to find a way that I can register user from my backend service to okta.
To summarize,
Client ---> Secured Spring Gateway ---> /signin (my backend service) ----> okta ( registering user) ----> back to my service so that I can save user to my db as well to relate with my other models ---> client (with provided token from okta)
OR
Client ---> Secured Spring Gateway ---> okta ( registering user) ----> /signin (my backend service) back to my service so that I can save user to my db as well to relate with my other models ---> client (with provided token from okta)
I could not find any detailed example, almost all of them using okta's login form.
Any help will be appriciated.
You can host the login page (Okta sign in widget) yourself. Okta provides a spring boot SDK which can help you get started.
SDK can be found here: https://github.com/okta/okta-spring-boot
Sample code can be found here: https://github.com/okta/samples-java-spring/tree/master/custom-login
I'm currently developing an app in asp.net core 2. However, i'm having issue configuring swagger properly and the authentication layer for the webapi.
In my instance, I have a web api that is configured with jwt. It uses the app id url as the jwt audience. Swagger is configured to run on top of this service and AAD is set up. However, because it's logging in to itself it has the resource configured as the web api client ID. Login successfully works, but the token does not work with the api calls. The main reason is that there is difference in resource/audience. The token is configured with an audience of the client ID and the webapi is conifgured with a jwtaudience of the app ID URL.
It only works if i configure the jwtAudience to the clientID. I doesn't work if i try to update the swagger resource as the app ID URL.
I need the jwtAudience to be configured to the APP ID URL. I can't figure how to do this thou.
Do i need to modify the AAD manifest to give permission to itself?
Any advice appreciated?
Thanks,
Derek
I am working through a process of validating the JWT after OKTA Login. I have a SPA Sample SPA Site that handles user login and calling an API.
SPA SITE
User Logins into OKTA
Obtains a JWT
Passes JWT to a .NET Web API (hosted on my own server not at OKTA).
WEB API: This accepts the JWT and needs to validate it.
Per OKTA I need verify the JWT through an Authorization Server. I setup the Authorization Server but I cannot see where the two features (shown on the images) are located on the SPA API or the Auth Server. This includes a URL that is required that follows the format of xxxx.okta.com/AS/{key}
Is there something that has to be enabled that is not enabled in my OKTA Account? I think so but what is it? OKTA support states that everything is enabled and confirmed this is a good code sample (GitHub) to use.
The Image Below should appear after setting up the SPA App. I cannot find this feature under the SPA or under the Auth Server. It does not seem to exist anywhere on OKTA. This is why it seems something is not enabled on my Dev account, or this documentation is outdated?
SPA Code Sample (includes the images below from the PDF) https://github.com/oktadeveloper/okta-oauth-spa-authjs-osw
I see that under the Security menu item -> API.
Also, when I had my app OpenID Connect enabled, I used well-known endpoint:
GET /.well-known/openid-configuration to get "jwks_uri", I used this url to self-verify the JWT token at the API level.
OKTA confirmed the code sample and documentation is out of date. They have no ETA to any updated samples and could not provide any documentation to help. This was via a response on a support ticket. Well already then, time to look at Azure.
I have an issue with a web api returning HTTP 401 – Unauthorized when I use a Bearer Token to access it from a xamarin client. Either the iOS or UWP fail.
-This is an application that authenticates with Azure Active Directory to allow a user to login
-Once successfully logged in it gets a token that in turn is added to the web api request header
-The web api has its authentication turn on
The issue with azure settings
https://1drv.ms/v/s!ApPhjsvemKJggpR2ax5w4wRJcY7uXQ
the code
https://github.com/wleon12/XamarinForms-AAD-WebAPI.git
I cant seem to figure out what is wrong, appreciate any input or guidance
It depends how you protect the web API.
Normally, when we protect the web API using Azure AD, we will provide the the Audience and Tenant like this code sample. So that when we send the request with the token, the web API will verify the signature of the token and the value we config.
So for the 401 issue, please check the token you acquired with the value you config for the web API project. To check the Audience, Tenant and other values in the token, you can decode it from this site.
I am building an ionic2 app and implemented google login flow. Which works fine and i get the token after a success full. How do i use this token to authenticate my project web api Endpoint ( using Oauth for generating the tokens). I am using default asp.net web api project template