How do I send an Authorized request from client-side js?

[briantheitguy]

Which version of Duende IdentityServer are you using? 6.0.4 Which version of .NET are you using? 7.0

I am trying to send an ajax GET from client-side js while logged in. The api controller has the [Authorize] attribute. I get a 401 (as expected) because I am not sending the proper headers.

How do I send the headers needed to authorize said ajax call?

Example:

fetch('api/CustomController/secureMethod/'+AppUserId, {
        method: 'GET'       
    }).then(function (response) {
        //do something
    }).catch(function (err) {
        console.log(err); //gets a 401 Unauthorized
    });

[RolandGuijt]

I'm assuming the API you mention is using the JwtBearer handler that requires a valid access token from an IdentityServer instance. To get this to work you need to obtain the access token and include it in a HTTP header when sending the request. To obtain the token we recommend using an OpenID Connect compliant javascript library. We have quickstarts to help you get started with that. The examples use oidc-client as the library but there are others out there. You can either choose a solution with a backend (BFF) or without. The former is more secure for reasons explained in the linked page.

[briantheitguy]

Thank you for the assist. I'm working on this as a side project so I spend time on it as much as I can. I'm reading through the quickstart now.

[briantheitguy]

As soon as I install Duende.BFF.Yarp, I get the following build error... NETSDK1082 There was no runtime pack for Microsoft.AspNetCore.App available for the specified RuntimeIdentifier 'browser-wasm'. Project.Client C:\Program Files\dotnet\sdk\7.0.400\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.Sdk.FrameworkReferenceResolution.targets 447

[RolandGuijt]

It looks like you're trying to install the package in a Blazor WebAssembly project. This is not possible: The BFF should run on the server and is designed to be used in an server-side ASP.NET Core application.

[briantheitguy]

This is not going well :/ ... See attached.. I have no idea how to debug that

[briantheitguy]

Here is the output... output.txt

[RolandGuijt]

It's hard to determine what exactly is going on with this information. It seems you're trying to open the browser on a websockets URL somehow when the project is ran. It looks like that issue doesn't have anything to do with our products.

To get started with a BFF I would suggest picking a sample that covers your scenario, study that and recreate it step by step in your own solution.

[RolandGuijt]

@briantheitguy Are you OK with closing this issue? Feel free to add anything if you want.

[briantheitguy]

Yes, sir. I found a solution.

On Mon, Jul 8, 2024 at 11:26 AM RolandGuijt @.***> wrote:

@briantheitguy https://github.com/briantheitguy Are you OK with closing this issue? Feel free to add anything if you want.

— Reply to this email directly, view it on GitHub https://github.com/DuendeSoftware/Support/issues/1298#issuecomment-2214439651, or unsubscribe https://github.com/notifications/unsubscribe-auth/AANLDFP3FTGDI3FBBRBWZYTZLKVQNAVCNFSM6AAAAABJNZIQ2GVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEMJUGQZTSNRVGE . You are receiving this because you were mentioned.Message ID: @.***>