Nedo.AspNet.Authentication.Okta
2.0.9
dotnet add package Nedo.AspNet.Authentication.Okta --version 2.0.9
NuGet\Install-Package Nedo.AspNet.Authentication.Okta -Version 2.0.9
<PackageReference Include="Nedo.AspNet.Authentication.Okta" Version="2.0.9" />
<PackageVersion Include="Nedo.AspNet.Authentication.Okta" Version="2.0.9" />
<PackageReference Include="Nedo.AspNet.Authentication.Okta" />
paket add Nedo.AspNet.Authentication.Okta --version 2.0.9
#r "nuget: Nedo.AspNet.Authentication.Okta, 2.0.9"
#:package Nedo.AspNet.Authentication.Okta@2.0.9
#addin nuget:?package=Nedo.AspNet.Authentication.Okta&version=2.0.9
#tool nuget:?package=Nedo.AspNet.Authentication.Okta&version=2.0.9
Nedo.AspNet.Authentication.Okta
Okta as the canonical token issuer (JWT-bearer pattern). Validates tokens minted by an Okta Authorization Server, auto-maps Okta groups to ClaimTypes.Role.
Install
dotnet add package Nedo.AspNet.Authentication.Okta
Quickstart
using Nedo.AspNet.Authentication.Okta;
builder.Services.AddOkta(opts =>
{
opts.OktaDomain = builder.Configuration["Okta:Domain"]!; // "my-org.okta.com"
opts.AuthorizationServerId = "default"; // or a custom AS id
opts.Audience = builder.Configuration["Okta:Audience"]!; // typically "api://default"
});
builder.Services.AddAuthorization();
builder.Services.AddHttpContextAccessor();
builder.Services.AddScoped<IAuthContext, AuthContext>();
var app = builder.Build();
app.UseAuthentication();
app.UseNedoAuthContext();
app.UseAuthorization();
app.MapGet("/admin", (IAuthContext auth) => auth.UserId)
.RequireAuthorization(p => p.RequireRole("admin"));
Claims auto-mapping
| Okta claim | Mapped to |
|---|---|
groups: ["admin", "managers"] |
ClaimTypes.Role (one per value) |
sub |
ClaimTypes.NameIdentifier |
email |
ClaimTypes.Email |
name |
ClaimTypes.Name |
To get groups in the token, add a groups claim to your Okta Authorization Server's access-token policy (Security → API → Authorization Servers → your AS → Claims → Add).
Custom Authorization Server
The default "default" AS is fine for most apps. If you've created a custom AS for stricter audience scoping:
opts.AuthorizationServerId = "my-custom-as";
opts.Audience = "api://my-api";
The validator builds the issuer URL as https://{OktaDomain}/oauth2/{AuthorizationServerId} and probes its discovery doc for JWKS + signing keys.
Docs
docs/04-identity-providers.md.
License
MIT — see LICENSE.
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net9.0 is compatible. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 was computed. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
-
net9.0
- Nedo.AspNet.Authentication (>= 2.0.9)
- Nedo.AspNet.Authentication.Claims (>= 2.0.9)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.