search

IdentityModel / IdentityModel.AspNetCore.OAuth2Introspection

ASP.NET Core authentication handler for OAuth 2.0 token introspection
Apache License 2.0
146 stars 67 forks source link

Introspection does not work in .net 6.0 #154

Closed buehler closed 2 years ago

buehler commented 2 years ago

Dear developers :-)

Thank you for the introspection auth handler for asp.net. Sadly, I'm experiencing a weird behaviour: I try to use the handler to authenticate against a local "oidc-provider" instance (nodejs). The provider delivers an opaque (reference) token. That's the reason for the oauth2introspection handler.

With the following config:

builder.Services
    .AddAuthentication("token")
    .AddOAuth2Introspection("token", o =>
    {
        o.Authority = builder.Configuration.GetSection("Oidc").GetValue<string>("Issuer");
        o.ClientId = "wire-pact";
        o.ClientSecret = "demo-oidc-provider";
    });

I only receive the following log messages:

dbug: Microsoft.AspNetCore.Routing.Matching.DfaMatcher[1005]
      Endpoint 'OidcApi.Controllers.SwapiController.GetPeople (OidcApi)' with route pattern 'swapi/people' is valid for the request path '/swapi/people'
dbug: Microsoft.AspNetCore.Routing.EndpointRoutingMiddleware[1]
      Request matched endpoint 'OidcApi.Controllers.SwapiController.GetPeople (OidcApi)'
info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
      Authorization failed. These requirements were not met:
      DenyAnonymousAuthorizationRequirement: Requires an authenticated user.
info: IdentityModel.AspNetCore.OAuth2Introspection.OAuth2IntrospectionHandler[12]
      AuthenticationScheme: token was challenged.
dbug: Microsoft.AspNetCore.Server.Kestrel.Connections[9]
      Connection id "0HMGCSJFNL7LQ" completed keep alive response.
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
      Request finished HTTP/1.1 GET http://localhost:5000/swapi/people - - - 401 0 - 7.3836ms

I made the config according to the docs: https://docs.duendesoftware.com/identityserver/v6/apis/aspnetcore/reference/

What did I do wrong? :-)

Could you give any hint where my errors are? Regards

brockallen commented 2 years ago

Do you have builder.UseAuthentication() in your pipeline?

buehler commented 2 years ago 
var app = builder.Build();
app.UseRouting();
app.UseAuthorization();
app.MapControllers();

await app.RunAsync();
buehler commented 2 years ago

wait.... authentication is not in there. just a sec.

buehler commented 2 years ago

Holy moly. THANK YOU! @brockallen I'm sorry. Should've seen that.

Thank you ;-)

brockallen commented 2 years ago

Yea, it's strange that Microsoft throws in the UseAuthorization in their templates, but omit UseAuthetication. It's sort of like "duh". shrug

github-actions[bot] commented 2 years ago

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue.