I am working for AngularJS web application and we need to implement the OKTA authentication from Web Api.
Is there any possible to way to implement the OKTA authentication from Web Api ?
Yes, you can use Authentication API http://developer.okta.com/docs/api/getting_started/design_principles.html#authentication to build your own login page and authenticate user using Okta.
You can also use sign in widget from Okta for or use http://developer.okta.com/docs/guides/okta_auth_sdk in your angular js.
Related
I am working on the backend for our two applications, which require sign-in and sign-up with a google account via REST - SPA app in Vue and Angular app.
I am thinking about this flow:
User from SPA or mobile application will log in google auth server with his credentials
App receive auth code from google
App request for sign-in / sign-up with this code to our auth service
Auth service fetch information about the user from google by this token, and generate jwt token for our SPA / mobile app which return back
Can you tell me if Spring Social module provides some endpoints to handle and generate this tokens via REST or I must implement it by myself? Thank you.
I am working through a process of validating the JWT after OKTA Login. I have a SPA Sample SPA Site that handles user login and calling an API.
SPA SITE
User Logins into OKTA
Obtains a JWT
Passes JWT to a .NET Web API (hosted on my own server not at OKTA).
WEB API: This accepts the JWT and needs to validate it.
Per OKTA I need verify the JWT through an Authorization Server. I setup the Authorization Server but I cannot see where the two features (shown on the images) are located on the SPA API or the Auth Server. This includes a URL that is required that follows the format of xxxx.okta.com/AS/{key}
Is there something that has to be enabled that is not enabled in my OKTA Account? I think so but what is it? OKTA support states that everything is enabled and confirmed this is a good code sample (GitHub) to use.
The Image Below should appear after setting up the SPA App. I cannot find this feature under the SPA or under the Auth Server. It does not seem to exist anywhere on OKTA. This is why it seems something is not enabled on my Dev account, or this documentation is outdated?
SPA Code Sample (includes the images below from the PDF) https://github.com/oktadeveloper/okta-oauth-spa-authjs-osw
I see that under the Security menu item -> API.
Also, when I had my app OpenID Connect enabled, I used well-known endpoint:
GET /.well-known/openid-configuration to get "jwks_uri", I used this url to self-verify the JWT token at the API level.
OKTA confirmed the code sample and documentation is out of date. They have no ETA to any updated samples and could not provide any documentation to help. This was via a response on a support ticket. Well already then, time to look at Azure.
I am building an ionic2 app and implemented google login flow. Which works fine and i get the token after a success full. How do i use this token to authenticate my project web api Endpoint ( using Oauth for generating the tokens). I am using default asp.net web api project template
I have a Single Page Application for non-/mobile html5 browsers getting data from a RESTful HTTP API with asp.net web api. We use OWIN self hosting running in a windows service.
I do not want cookie based authentication. I would like to authenticate the user and give him a json based access token with its claims/permissions to edit/create/delete/show certains things in the UI.
I do not need external login provider. Our user will authenticate with username and password not their google email...
Now I askmyself should I go in direction thinktecture and identyserver, or asp.net identity or...OWIN and ExternalBearer authentication, I am lost here.
What would be your recommendation basing on my information?
IdentityServer is suitable for scenarios where you have multiple applications and want them to authenticate against a single STS, basically if you want SSO. The scenario you described is achieved in IdentityServer by OAuth. That is you define an application you wish to use IdentityServer to authenticate, and then create an OAuth client to get access tokens for accessing that application. If that's not the case then you're probably better off avoiding the complexity of introducing a 3rd party component to do that work. We're using IdentityServer to authenticate users of 3 different apps 2 SPAs and an MVC application. Also, you realy can't seperate OWIN and ASP.NET identity in this case. The OWIN middleware will give you the tokens and it will be using ASP.NET Identity as a user repository to authenticate users, so OWIN is just doing the job of providing tokens and using ASP.NET Identity to authenticate users.
Having a Asp.Net MVC 5 Web Role using OWIN Katana Components for OAuth and OpenId. Enabled Google Authentication support inside Startup.Auth.cs (provided by default MVC 5 template).
Everything works fine until authentication but not sure how to request authorizaion token as mentioned here Google Contacts API v3.
Please share pointers to samples or documentation. Thank you.
Google has multiple authentication protocols. The one implemented in Katana v2.0 is not OAuth2, so there is no authorization token. It's only useful for having google confirm who the user is, it does not give you access to their resources.
In Katana v2.1-rc1 (coming this month) support is being added for Google's OAuth2 protocol.
https://katanaproject.codeplex.com/SourceControl/changeset/0eb10848ae18a5f339e7fde8ff1e877242e944dc