在使用id_token进行身份验证时,我没有收到任何来自Okta的群组声明。我得到的名称,电子邮件,地址和用户名,但没有组。
不确定我还需要做些什么来实现原则
var clientID = WebConfigurationManager.AppSettings["okta:ClientId"];
var oidcIssuer = WebConfigurationManager.AppSettings["okta:OIDC_Issuer"];
TokenValidationParameters tvps = new TokenValidationParameters
{
ValidateAudience = true,
ValidAudience = clientID,
ValidateIssuer = true,
ValidIssuer = oidcIssuer,
ValidateLifetime = true,
ClockSkew = TimeSpan.FromMinutes(5),
};
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions
{
AccessTokenFormat = new JwtFormat(tvps,
new OpenIdConnectCachingSecurityTokenProvider(oidcIssuer + "/.well-known/openid-configuration")),
});