IdentityModel / IdentityModel.AspNetCore.OAuth2Introspection

ASP.NET Core authentication handler for OAuth 2.0 token introspection
Apache License 2.0
147 stars 66 forks source link

Token Introspection for reference token in .Net 7 Core Web API #171

Open ILoveCoding1100 opened 1 year ago

ILoveCoding1100 commented 1 year ago

Environment I started the app in Visual Studio on my local PC. I'm using .Net 7 with IdentityModel.AspNetCore.OAuth2Introspection" Version="6.1.0"

Question 1 If I use the following code: builder.Services.AddAuthentication("token").AddOAuth2Introspection("token", options => { options.Authority = authority; options.ClientId = clientId; options.ClientSecret = clientSecret; If I call end endpoint with postman (with an reference token). I get the following error:

System.InvalidOperationException: Discovery endpoint https://xxx/as/introspect.oauth2 is unavailable: Error connecting to https://xxx/as/introspect.oauth2/.well-known/openid-configuration: Not Found at IdentityModel.AspNetCore.OAuth2Introspection.PostConfigureOAuth2IntrospectionOptions.GetIntrospectionEndpointFromDiscoveryDocument(OAuth2IntrospectionOptions options) at IdentityModel.AspNetCore.OAuth2Introspection.PostConfigureOAuth2IntrospectionOptions.InitializeIntrospectionClient(OAuth2IntrospectionOptions options) at IdentityModel.AspNetCore.OAuth2Introspection.OAuth2IntrospectionHandler.LoadClaimsForToken(String token, HttpContext context, AuthenticationScheme scheme, OAuth2IntrospectionEvents events, OAuth2IntrospectionOptions options) at IdentityModel.AspNetCore.OAuth2Introspection.OAuth2IntrospectionHandler.<>c__DisplayClass8_0.<b__2>d.MoveNext() --- End of stack trace from previous location --- at IdentityModel.AspNetCore.OAuth2Introspection.OAuth2IntrospectionHandler.HandleAuthenticateAsync() at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync() at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme) at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext) at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider) at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddlewareImpl.Invoke(HttpContext context)

I know it should work. Because other applications are using this token introspection endpoint as well. Am I missing something?

I added this snippets to my code:

builder.Services.AddAuthentication("token").AddOAuth2Introspection("token", options => { options.Authority = authority; options.ClientId = clientId; options.ClientSecret = clientSecret;

if (isAuthenticationEnabled) { app.UseAuthentication(); }

[Authorize] above my Controller Is that all to get the authentication up and running in principle?

Question 2 Is there a difference between: services.AddAuthentication(OAuth2IntrospectionDefaults.AuthenticationScheme) .AddOAuth2Introspection(options =>

and

builder.Services.AddAuthentication("token").AddOAuth2Introspection("token", options =>

Question 3 In the end I need a user context for a valid reference token. The following article describes how to get user information. What is not clear to me is which approach to use now? The one from Question 1 or the approach from the following article. https://identitymodel.readthedocs.io/en/latest/client/introspection.html

brockallen commented 1 year ago

Do you have a call stack anywhere that you can share?

ILoveCoding1100 commented 1 year ago

@brockallen I updated the post.

brockallen commented 1 year ago

System.InvalidOperationException: Discovery endpoint https://xxx/as/introspect.oauth2 is unavailable: Error connecting to https://xxx/as/introspect.oauth2/.well-known/openid-configuration: Not Found

As you can see, this is the problem. Your app can't reach that URL.