Replies: 1 comment
-
|
Authorization flows and responses for the following authentication setup: "host": {
"authentication": {
"provider": "AzureAD",
"jwt": {
"audience": "api://dab",
"issuer": "https://{OKTA_TENANT}/oauth2/{AUTH_SERVER_ID}"
}
}
}
"permissions": [
{
"role": "authenticated",
"actions": [
{
"action": "execute"
}
]
}
] Case 1 - No Bearer access token present in Authorization headerResponse: 403 ( valid ) {
"error": {
"code": "AuthorizationCheckFailed",
"message": "Authorization Failure: Access Not Allowed.",
"status": 403
}
}Case 2 - Expired access token in authorization headerResponse: 401 * Mark bundle as not supporting multiuse
< HTTP/1.1 401 Unauthorized
< Content-Length: 0
< Date: Thu, 24 Oct 2024 08:53:43 GMT
< Server: Kestrel
< WWW-Authenticate: Bearer error="invalid_token", error_description="The token expired at '10/03/2024 07:26:44'"
< x-ms-correlation-id: 44c0b940-af30-4ca2-8c2e-faf358350808
* Connection #9 to host localhost left intactCase 3 - Valid Bearer access token issued by oktaResponse: 401 * Mark bundle as not supporting multiuse
< HTTP/1.1 401 Unauthorized
< Content-Length: 0
< Date: Thu, 24 Oct 2024 09:18:10 GMT
< Server: Kestrel
< WWW-Authenticate: Bearer error="invalid_token", error_description="The signature key was not found"
< x-ms-correlation-id: 4cb07176-7acb-4db3-a7fc-c9e8656d3758
* Connection #11 to host localhost left intact |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hey guys,
Is it possible to configure authentication to work directly with Okta ? To be more specific, can I specify for JWT configuration which is part of host authentication setup, the audience and issuer of an Okta Authorization Server created specifically for protecting the APIs exposed by DAB ? I don't want to add an extra configuration hop in Azure services.
In terms of authentication providers currently are supported:
enabled and configured (EasyAuth).
I have tried using AzureAD provider with aud and issuer values from okta. When passing JWT issued by okta I am getting 401 with invalid key id ( kid ). kid from the JWT header matches 100% the key id present in my Okta Authorization server JWKS endpoint. So clearly the signature is valid.
Thank you,
Iulian
Beta Was this translation helpful? Give feedback.
All reactions