Comments (10)
Thanks for reaching out.
When I run the sample application, and call the private-scoped
endpoint with a token, set as the Authorization header, that has the read:messages
scope, I am able to get to the controller successfully and the scopes are found in the HasScopeHandler
:
Have you verified your token contains the required scopes? You can use www.jwt.io to decode your token and look at its scope property, you should see something like this:
from auth0-aspnetcore-webapi-samples.
Hi Frederickprijck,
Thanks for getting back to me.
I've opted to use the RBAC option so have checked that an can confirm the permissions are visible in the token. However, when I attempt to debug I don't see any claims at all:
so at a bit of a loss.
from auth0-aspnetcore-webapi-samples.
In this case I've used postman to get a token and then tried to hit a protected endpoint on my local.
from auth0-aspnetcore-webapi-samples.
Thanks for sharing that, it does work for me when I use RBAC and check for the permissions claim.
A bit weird to not have any claims at all, as well as for isAuthenticated to be false. There must be something else going on, it typically means you are not sending a token, or the token is expired.
Did you verify that exact JWT token is not expired, contains the correct audience and are sending it using the Authorization: Bearer TOKEN_HERE
header?
from auth0-aspnetcore-webapi-samples.
I know...I'm at a bit of a loss myself.
I've checked the details of the token on jwt.io and everything seems to be in order. And definitely adding it as a Authorization header in Postman but still coming through empty when it hits my handler.
from auth0-aspnetcore-webapi-samples.
Any ideas?
from auth0-aspnetcore-webapi-samples.
I'm sorry, but there isn't much we can help with based on the information provided.
If the user is marked as not authenticated, and there is no claim set, I believe we shouldn't focus on the permissions claims or the Handler, but try and figure out why the token isn't being accepted.
Things I can think of (but have already mentioned) are:
- Ensure audience in the API project is the same as in the token
- Ensure the domain is correct in the API project
- Ensure you sent a non expired token
Can you reproduce the behavior you are experiencing with our Sample app?
from auth0-aspnetcore-webapi-samples.
Just found out from one of the UI team that they've added a Rule to Auth0 pipeline:
Can't see why this would affect my local but thought I'd ask all the same.
I'll try to give it a test with you sample and let you know how I get along.
from auth0-aspnetcore-webapi-samples.
Hi there....
Downloaded your sample and it worked first time so the issue is definitely with my implementation. Going to see if I can get to the bottom of the issue...if I do then will post here at least for future reference should anyone else ask about or come across this in future.
from auth0-aspnetcore-webapi-samples.
Thanks, let me know if I can still help.
Closing this for now, but happy to reopen as needed.
from auth0-aspnetcore-webapi-samples.
Related Issues (14)
- It doesn't work HOT 1
- Critical vulnerability in ASP.NET Core
- No SecurityTokenValidator available for token: <access_token> HOT 16
- Look into using Policy Provider for scope policies HOT 1
- WebApp ASP.net Core: Security Warning received from firefox browser. HOT 1
- DotNetCore v2.0 is buggy? HOT 1
- No Error message in response HOT 1
- GetUserInfoAsync() - All properties are null beside 'sub' HOT 2
- User.Claims is empty in HandleRequirementAsync HOT 2
- .NET 6 Support HOT 3
- ValidateIssuerSigningKey for RSA JWT HOT 2
- Bad link in auth0-aspnetcore-webapi-sample README.md file HOT 1
- A comment on this sample HOT 8
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from auth0-aspnetcore-webapi-samples.