验证错误invalid_scope”，“ error_description”：“自定义+范围+不允许+允许+为此+请求”。 OKTA Asp.net核心Swagger

Question

我正在尝试对OKTA进行全面认证。但是将错误显示为

invalid_scope","error_description":"Custom+scopes+are+not+allowed+for+this+request.

不确定如何解决此问题。

这是我的设置代码

 public const string ResourceIdentifier = "id-gateway-api";

public void Configure(SwaggerGenOptions options)
        {
            foreach (var description in provider.ApiVersionDescriptions)
            {
                options.SwaggerDoc(description.GroupName, CreateInfoForApiVersion(description));
            }

            options.OrderActionsBy(apiDesc => apiDesc.RelativePath);

            options.IncludeXmlComments(Path.ChangeExtension(typeof(Startup).GetTypeInfo().Assembly.Location, "xml"));
            options.DescribeAllEnumsAsStrings();
            options.DescribeStringEnumsInCamelCase();

            //options.AddSecurityRequirement(new[] { "oauth2", "api1" });
            var OktaConfig = new OktaConfig();
            Configuration.GetSection("OktaConfig").Bind(OktaConfig);

            options.AddSecurityDefinition("oauth2",
                new OpenApiSecurityScheme
                {
                    Type = SecuritySchemeType.OAuth2,

                    Flows = new OpenApiOAuthFlows
                    {
                        Implicit = new OpenApiOAuthFlow
                        {

                            AuthorizationUrl = new Uri(OktaConfig.OktaDomain),
                            Scopes = new Dictionary<string, string>
                            {
                                {Program.ResourceIdentifier, Program.ApplicationName}
                            }
                        }
                    }
                });

            options.AddSecurityRequirement(new OpenApiSecurityRequirement
            {
                {
                    new OpenApiSecurityScheme
                    {
                        Reference = new OpenApiReference
                        {
                            Type = ReferenceType.SecurityScheme,
                            Id = "oauth2"
                        }
                    },
                    new[] {"oauth2", Program.ResourceIdentifier }
                }
            });

            options.EnableAnnotations();
        }

中间件设置

public static void UseSwaggerMiddleware(this IApplicationBuilder app, IApiVersionDescriptionProvider provider, IConfiguration Configuration)
        {
            app.UseSwagger();
            // Enable middleware to serve swagger-ui (HTML, JS, CSS etc.), specifying the Swagger JSON endpoint.
            app.UseSwaggerUI(c =>
            {
                // build a swagger endpoint for each discovered API version
                foreach (var description in provider.ApiVersionDescriptions)
                {
                    c.SwaggerEndpoint($"/swagger/{description.GroupName}/swagger.json", description.GroupName.ToUpperInvariant());
                }

                //OAuth2
                var OktaConfig = new OktaConfig();
                Configuration.GetSection("OktaConfig").Bind(OktaConfig);
                c.OAuthClientId(OktaConfig.ClientId);
                //c.OAuth2RedirectUrl("");
                //c.OAuthUseBasicAuthenticationWithAccessCodeGrant();
                c.OAuthClientSecret(OktaConfig.ClientSecret);
                c.OAuthAppName(OktaConfig.ClientName);
                c.OAuthScopeSeparator($"openid profile email {Program.ResourceIdentifier}");
                //c.ConfigObject.DeepLinking = true;

            });
        }

Okta设置

错误

错误 隐藏

Auth error
{"state":"VGh1IE9jdCAwMyAyMDE5IDE3OjM1OjA2IEdNVCsxMDAwIChBVVMgRWFzdGVybiBTdGFuZGFyZCBUaW1lKQ==","error":"invalid_scope","error_description":"Custom+scopes+are+not+allowed+for+this+request."}