vtvux (vtvux) asked a question.
Okta.AspNetCore version problems relating to example Blazor Code
Blazor sample at: https://github.com/okta/samples-blazor.git
- Cloned.
- Ran the SERVER SIDE example with my settings.
Works.
But vulnerabilities marked on two dependent Nuget packages (Microsoft.IdentityModel.JsonWebTokens, System.IdentityModel.Tokens.Jwt).
Uses Okta.AspNetCore 4.4.2. Old and crusty.
- Bump Okta.AspNetCore to latest version.
- No vulnerabilities. No workie.
Error:
The Validated Security Token must be of type JsonWebToken, but instead its type is 'System.IdentityModel.Tokens.Jwt.JwtSecurityToken'
- Bump Okta.AspNetCore version back one version to 4.5.0.
- Works again.
Same vulnerabilities are back.
Is this example just dead? Is there another way I am supposed to do this? Seems a bit problematic to have "official okta sample code" this old to me.
Hi @vtvux (vtvux) , Thank you for reaching out to the Okta Community!
This question is more appropriate for our dedicated Okta Developer Forum.
My advice would be to reach out via devforum.okta.com to take advantage of their expertise.
While we'll do our best to answer all of your questions here, this medium is more inclined towards Okta core products and features (non-developer work).
Regards.
--
Ask the Experts: Okta Device Access Product Team Now Thru 3/22
Thanks! I didn't see that there was such a thing. I was able to "kind of" fix the problem by bumping the individual dependent packages up to the first version where there was no vulnerability listed, but this is a temp fix.