greglovely
Occasional Contributor
Joined 3 years ago
User Profile
User Widgets
Contributions
Re: How to clear an Okta connection when pressing the Logout button
Well, this is the third post that I've made and have had zero responses. From what I have seen on this board, that is a common experience. Apparently, no one supports this product. After trying to resolve this issue, I contacted Okta support and they informed me that out of all their customers, they only had 97 that used Swagger. They recommended that we switch to Postman. Since Swagger doesn't have any support, that is what I am recommending for our project.How to clear an Okta connection when pressing the Logout button
Not sure if this is the correct board, as none of my previous questions were ever answered, but I'll give it another shot just in case. I have a .Net Core 6 web api integrated with Okta and am generating the Swagger UI at runtime. I am able to Authenticate with Okta by pressing the Authorize button, filling in the Client ID, checking the Scope and pressing Authorize. I receive the Okta Sign In page and fill in my credentials. When it returns to the Authorize popup, it shows that the connection is Authorized. I can then invoke the endpoints from my web api and see the results. When I am done, I press the Authorize button, then press the Logout button and then the Close button. To test a different Okta account with different roles, I attempt to connect to Okta again. I press the Authorize button, fill in the Client ID, check the Scope and press Authorize. This time, however, I do not receive the Okta Sign In page. The Authorize popup shows that the connection is Authorized. I can still invoke the endpoints from my web api and I can even access my Okta dashboard without having to sign in. It appears that the Logout button does nothing more than clear the previous Access token. I need to know how I can get the Logout button to actually log the user out of Okta. Since the Swagger page is generated at runtime, I have no idea how to do this.Swashbuckle requests swagger.json as 'text/html' content type on server, not 'application/json'
When I run my web api project from VS2022 on my desktop, I get the results that I expect (screen print 1). When I inspect the request for swagger.json, I see the headers (screen print 2). They show that the swagger.json file was requested as ‘application/json’. When I run the web api on the server from the browser, I get the results indicating that the file couldn’t be rendered (screen print 3). When I inspect the request for swagger.json, I see the headers (screen print 4). They show that the swagger.json file was requested as ‘text/html’. Obviously, if it is reading the json file as text it will be unable to render it correctly. How can I get Swagger to request the swagger.json as 'application/json'? Since the swagger.json is generated at runtime, the only control I have is in my .Net Core web api project. As you can see in screen print 5, the swagger.json does contain a correct version.Unable to receive the access token returned from Okta
I downloaded the example from: https://lurumad.github.io/swagger-ui-with-pkce-using-swashbuckle-asp-net-core so that I had a starting point. I upgraded the version of Swashbuckle to the latest and switched to use .Net 6. I modified the code to integrate with Okta. I have that working and Swagger displays 'Authorized'. However, I do not see the returned access token. I have verified that the token is sent in the response, but I shouldn't have to Inspect the Response to obtain the token. Also, while Swagger shows that it is Authorized, the padlock for the api/weather endpoint is still unlocked, so obviously I just receive a 401 when I try the endpoint. I'm fairly new to both Swagger and Okta, so it is possible that I missed something in the configurations. Since I have verified that an access token is returned in the response, I must be missing something in the configuration of Swagger UI in my project. Since I am unsure what I would do with the returned access token, as there isn't any place to paste it so that I can authorize the endpoints, I guess what I really need is for some way to authorize the endpoints once the token is returned. I also noticed that when I pressed the grey padlock on the endpoint, I see the following. It presents an empty list of authorizations.
