Search code examples
c#asp.net-coreoauth-2.0oktapkce

Authorization Flow with PKCE help.. For Native mobile backend restful api asp.net core C#

I am currently building an api along side our external app developers. I have read that the Authorization Flow with PKCE is definitely what we need for this set up however I am looking for some more detailed advice.

Our existing api uses the implicit flow and the app sends credentials + secret etc to the /Token endpoint in the api this then looks up the passed in data and compares with our users table. If that passes an Access Token is returned to the app.

With this new flow I have the following questions.....

  1. Do I have to use Okta Portal/Dashboard and set up the api there?
  2. Do all app users have to be stored in Okta dashboard? We usually manage our own users table where we add users from a custom tool. However I am presuming when using Okta our custom tool would need to call Okta api endpoint and register the user from there and then get and store the users Okta ID in our own table. **Does anyone have an example of how I do this from a C# Wpf application?
  3. Do I then need to request the Redirect URL's from the App developer and set them up as a Native App in Okta dashboard. Presuming I need to give them some set values to hold their end to allow them to call Okta at authorization.
  4. OpenID????? do I need this if so how and where does this get implemented?

I have read through so many tutorials but just havent quite found the exact fit yet.

Many thanks

Solution
    1. You will need to access Okta admin console to register a client application. Once done, you can use Okta OIDC API's: https://developer.okta.com/docs/reference/api/oidc/. You can use Okta SDK's to simplify the development process. Ex: https://github.com/okta/okta-oidc-ios
    2. If Okta is going to be the authorization server, users and their credentials will need to exist in Okta
    3. When you create a native App in Okta admin console, you will need to provide the redirect URI's that will be whitelisted
    4. OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner. When you create a native application in Okta, will be a OIDC application.