JimR.40875 (Customer) asked a question.
We have a React App for our frontend and are using ASP.Net Core Web API. We can successfully sign users in and out of the application. If we implement CORS in our API everything works as expected; the frontend app consumes the API resources successfully. But when we try to protect the API using Okta in our Staging environment it fails and returns a 500 server error. It works successfully in localhost. We are passing the Bearer token in the API call headers. We've followed the quick start guides for creating a React App with Okta and the Protect Your API Endpoints with Okta, but we are obviously missing something (something important), but I do not know what it is.
We are using the Authorization Code flow and the default Authorization server. We do not have a paid account; only using the free account.
Is there something in the free account preventing us from doing what we are trying to do? Or are we missing a step in the auth process somewhere to successfully consume resources on an API protected endpoint?
Thanks,
Jim
Hi @JimR.40875 (Customer),
Thank you for posting on the Okta community page!
I would recommend to capture a Fiddler trace while replicating the behaviour to see if any additional information is being captured that would indicate the root cause of the issue. I have provided bellow an article about how to capture a Fiddler trace:
Additionally, your assumption related to the free account preventing you from having a successful implementation is not wrong, because a free Okta Account does not have all the features that a paid account would have, therefore, there might be a missing feature that would cause the issue.
Also, my advice would be to leverage the Okta Developer forums for this type of questions and take advantage of their expertise.
I hope the above information is useful!