https://devforum.okta.com/t/error-validating-token/850

I get this error

IDX21323: RequireNonce is 'System.Boolean'. OpenIdConnectProtocolValidationContext.Nonce was null, OpenIdConnectProtocol.ValidatedIdToken.Payload.Nonce was not null. The nonce cannot be validated. If you don't need to check the nonce, set OpenIdConnectProtocolValidator.RequireNonce to 'false'. Note if a 'nonce' is found it will be evaluated.

GetConfigurationAsync().Result can cause Deadlock

Starting suggestion: https://blog.stephencleary.com/2012/07/dont-block-on-async-code.html
In short, never use .Result
See what this says:
https://weblogs.asp.net/pglavich/asp-net-web-api-request-response-usage-logging
" Here we are accessing the Result property from an asynchronous task in an attempt to make this code procedural and work in a synchronous manner. It is an easy thing to do, and looks like it makes sense. However, do not do this.
Generally, you should never access the ‘Result’ property of a Task unless you know that the task has completed as this can cause deadlocks in ASP.Net. Yes it is true.Sometimes this code may work but, if you don’t want to waste hours debugging deadlock issues in ASP.Net, I would advise against it. "

Out of the box there is no "default" available on an Okta instance.
To get the example working we changed the following:

web.config
line 16: change
from [add key="okta:Issuer" value="https://{yourOktaDomain}.com/oauth2/default" /]
to [add key="okta:Issuer" value="https://{yourOktaDomain}.com" /]

Because out of the box the url oauth2/default/.well-known/openid-configuration is not available in an Okta instance

startup.cs change
line: 72 add "/oauth2" before the "/v1/token"
line: 80 add "/oauth2" before the "/v1/token"

The below code periodically places an external web request inside the scope of a write lock. If there is a delay at connecting to Okta there is potential that requests could just stack up waiting for the lock to free up. I recommend moving line 91 to the top of the method to prevent this.

https://github.com/oktadeveloper/okta-oauth-aspnet-codeflow/blob/7f029019d71918375cfb4d00bf1bffa3fee58d52/Api/OpenIdConnectCachingSecurityTokenProvider.cs#L86-L99

@nbarbettini

In an MVC app we have (created by folloiwng the Okta sampels walkthru) we see the config file has:

        <add key="okta:RedirectUri" value="http://localhost:50583/authorization-code/callback" />

But we don't understand what this is, someone else asked about this too on the Okta forum but nobody has answered his question:

https://devforum.okta.com/t/what-is-authorization-code-callback-in-github-net-sample/3989

Could someone please explain what this is and what that URL means from a code standpoint?

Thanks

I setup the okta app for this code on my org, updated the web.config and ran the project as it is in the guide (readme.md). If I try to click login it gives me a 401 (Unauthorized) which is expected. Then what I do, is to login into my okta and then click on my configured web app and this redirects me to http://localhost:8080/authorization-code/callback, so bare with me here for a second: should I add a new controller to support the /authorization-code/callback action or this is done by owin? I am baffled on how this should work and if this is something missing in the sample code.

thanks for your feedback.

To match the new example 😄

In step #4 shows to --- Click on "Sign in with OpenID Connect" and sign in with your test user Okta credentials.

That navigation lands on /Callback/Tokens where the view shows Identity token, Access Token, and Refresh Token.

There is no login page, is something missing in this sample?

We should include the .NET SDK and give some examples of how it can be used alongside OpenID Connect.

https://github.com/oktadeveloper/okta-oauth-aspnet-codeflow/blob/master/Api/Startup.cs

Should this not be a defined value in the config file? Aud is supposed to be the value the token is intended for and it is not intended for oktapreview in this example.

In the CodeFlow CallBackController, the return:
return View("Token", response);
should be
return View("Tokens", response);

https://github.com/oktadeveloper/okta-aspnet-mvc-example/blame/master/README.md#L62

I'd like to request a UWP sample client that call the same API for this solution. I think that would be really helpful.

I just cloned this, compiled and ran it, against a new preview application.

The website loads without problems, but when I click on LOGIN I get Microsoft.IdentityModel.Protocols.OpenIdConnectProtocolException: unsupported_response_type
on the authorization-code/callback page.

In the sample the MVC application is working with Okta authentication. After getting the token when I try API call, it is failing with the following error:

An exception of type 'System.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException' occurred in System.IdentityModel.Tokens.Jwt.dll but was not handled in user code

Additional information: IDX10500: Signature validation failed. Unable to resolve SecurityKeyIdentifier: 'SecurityKeyIdentifier
(
IsReadOnly = False,
Count = 1,
Clause[0] = System.IdentityModel.Tokens.NamedKeySecurityKeyIdentifierClause
)
',

As per this SO question, how can we signout of Okta upon signing out of the client application?

Please add to Readme.md point about required SSL certificate to run the project. I didn't see any pop-up window in VisualStudio to generate such one. You will not be able to retrieve project URL without a signed certificate. To fix that just need to generate self-signed certificates for project addresses. This is the answer at stackoverflow which worked for me.