Hi there, I've been trying to use the UseIdentityServerBearerTokenAuthentication , but it's not working all the time.
I couldn't find a way to debug it or enable logging to see how its working.
I have an MVC app with hybrid flow, an API (the one with the problem) and an identity server.
This works most of the times fine. I can login, and call my API from the MVC app without a problem.
But if I leave the webpage open for a while, less than the expire time, and I refresh the page and get a new access_token, when I call the API, it returns 401. Even though its actually authenticated.
If I see the logs from identity server it seems that the API its calling the server and asking for the info, and the server is returning token success, but the API returns 401.
If I refresh the page a couple of times, it works again.
Is there a way to debug the MW or enable logging? I can not figure out why it does that.
This is my setup:
MVC:
AntiForgeryConfig.UniqueClaimTypeIdentifier = "sub";
JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies",
CookieSecure = CookieSecureOption.SameAsRequest
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ClientId = ClientId,
Authority = config.IdentityServerUrl,
RedirectUri = config.ServiceUrl,
PostLogoutRedirectUri = config.ServiceUrl,
ResponseType = "code id_token",
Scope = "openid profile offline_access roles all_claims permissions Sis.Presentismo.Api",
TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name",
RoleClaimType = "role"
},
SignInAsAuthenticationType = "Cookies",
Notifications = new OpenIdConnectAuthenticationNotifications
{
SecurityTokenValidated = async n =>
{
n.AuthenticationTicket.Properties.IsPersistent = true;
},
MessageReceived = n =>
{
return Task.FromResult(0);
},
AuthorizationCodeReceived = async n =>
{
// use the code to get the access and refresh token
var tokenClient = new TokenClient(
n.Options.Authority + "/connect/token",
ClientId,
SecretClient);
var tokenResponse = await tokenClient.RequestAuthorizationCodeAsync(n.Code, n.RedirectUri);
if (tokenResponse.IsError)
{
// todo: tokenResponse.IsError
throw new Exception(tokenResponse.Error);
}
// use the access token to retrieve claims from userinfo
var userInfoClient = new UserInfoClient(n.Options.Authority + "/connect/userinfo");
var userInfoResponse = await userInfoClient.GetAsync(tokenResponse.AccessToken);
// create new identity
var id = new ClaimsIdentity(n.AuthenticationTicket.Identity.AuthenticationType, "name", "role");
id.AddClaims(userInfoResponse.Claims);
id.AddClaim(new Claim("access_token", tokenResponse.AccessToken));
id.AddClaim(new Claim("expires_at", DateTime.Now.AddSeconds(tokenResponse.ExpiresIn).ToLocalTime().ToString()));
id.AddClaim(new Claim("refresh_token", tokenResponse.RefreshToken));
id.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken));
id.AddClaim(new Claim("sid", n.AuthenticationTicket.Identity.FindFirst("sid").Value));
n.AuthenticationTicket = new AuthenticationTicket(id, n.AuthenticationTicket.Properties);
},
RedirectToIdentityProvider = n =>
{
// if signing out, add the id_token_hint
if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest)
{
var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token");
if (idTokenHint != null)
{
n.ProtocolMessage.IdTokenHint = idTokenHint.Value;
}
}
return Task.FromResult(0);
}
}
});
Hi there, I've been trying to use the
UseIdentityServerBearerTokenAuthentication
, but it's not working all the time.I couldn't find a way to debug it or enable logging to see how its working.
I have an MVC app with hybrid flow, an API (the one with the problem) and an identity server.
This works most of the times fine. I can login, and call my API from the MVC app without a problem.
But if I leave the webpage open for a while, less than the expire time, and I refresh the page and get a new access_token, when I call the API, it returns 401. Even though its actually authenticated.
If I see the logs from
identity server
it seems that the API its calling the server and asking for the info, and the server is returning token success, but the API returns 401.If I refresh the page a couple of times, it works again.
Is there a way to debug the MW or enable logging? I can not figure out why it does that.
This is my setup:
MVC:
API:
Server logs:
thanks!