Okta is an external identity provider service. It can be used to authenticate and authorize users and more. In the OidcWebExample Okta is used as an Openid Connect Provider to signin/signout the user and retrieve an access token with which the smart-me API can be accessed.
-
Create a developer account here and login to the developer console.
-
Add some users under Users/People. These users also have to exist in the smart-me cloud. Specifically the username (e-mail address) has to match.
-
Add an application under Applications.
-
Select Web for the
OidcWebExample -
Use the following settings:
- Name: My Web App
- Base URIs: http://localhost:5000/
- Login redirect URIs: http://localhost:5000/authorization-code/callback
- Group assignments: Everyone
- Grant type allowed: Check Authorzation Code and Implicit (Hybrid)
-
The general settings of your application should look like the screenshot below now. Copy Client ID and Client secret and put them into the Oidc section in
appsettings.json.
-
Add your users in the Assignments tab.
-
-
The smart-me API expects the claim preferred_username which must be the e-mail address of the user. Okta does not provide this claim by default. Go to API/Authorization Servers and edit the default authorization server.
-
From the Settings tab copy the Issuer and put it as Authority into the Oidc section in
appsettings.json.
-
In the Claims tab add a new claim. Use the following settings:
- Name: preferred_username
- Include in token type: Access Token
- Value type: Expression
- Value: (appuser != null) ? appuser.userName : app.clientId
The claim should look like this now:
-
