Story

As an administrator, I would like a method to authenticate users who would like to access API.

UAC

Confirm

1. Users with proper authentication are able to access InFORM API.
2. Unauthenticated users can not connect to the API.

Developer Notes

For now, we are using our own developer Okta account for the auth server, configured to use the Client Credentials grant type.

To use PostMan to call the API, go to the Authorization tab, select "Auth 2.0" as the TYPE, click "Get New Access Token," and fill out the modal form as follows:
Token Name: (doesn't matter, pick anything you like)
Grant Type: Client Credentials
Access Token URL: https://dev-737058.okta.com/oauth2/default/v1/token*
Client Id: 0oamae3j1zHJ4OTUv4x6
Client Secret: MJy6OeN71RhAmUKxINLiVlG34NQwX_rAPr80xnPl
Scope: manage:reasons

Note that the client id, client secret, and scope may change. You can always find the latest information by logging into the Okta account here:
url: https://dev-737058.okta.com/login/login.htm*
login: david.nayyar@hotschedules.com
pwd: MyVoiceIsMyPassport13

• - the base url here may change as well, it will be in the Mx.config file under the appsetting key AuthServerUrl.

Okta's article here may be helpful if there are any questions: https://developer.okta.com/blog/2019/03/13/build-rest-api-with-aspnet-web-api