Closed akiander closed 7 years ago
brockallen
commented
7 years ago You can still use the IdentityServer3.AccessTokenValidation with IdentityServer4. We have a repo to show all those combinations: https://github.com/IdentityServer/CrossVersionIntegrationTests
akiander
commented
7 years ago I tried using the exact same code from the Katana examples, but when my API calls back into Identity Server to validate the reference token, then Identity Server logs this error:
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 POST http://localhost:44340/connect/accesstokenvalidation application/x-www-form-urlencoded 70
Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware:Debug: AuthenticationScheme: idsrv was not authenticated.
IdentityServer4.Hosting.EndpointRouter:Trace: No endpoint entry found for request path: /connect/accesstokenvalidationIs there a step that I'm missing here?
akiander
commented
7 years ago I figured it out. The API has to have a secret defined. I'm all set now, please disregard.
joesamraj
commented
7 years ago @akiander ,
Can you please explain a bit more, how did you fix it?Regards,. Joe
We currently use reference tokens with IdentityServer3 to secure our API layers.
We are trying to move these ASP.NET Web API Layers over to leverage IdentityServer4. I can't seem to get the IdentityServer4.AccessTokenValidation to work on these WebAPI projects.
The projects are ASP.NET Web API using .NET Framework 4.6.1 and OWIN.
So I get this error
...when I include this section:
That's apparently because the IAppBuilder for OWIN doesn't appear to be supported anywhere in IdentityServer4.AccessTokenValidation.
Is there an example Web API that uses OWIN and leverages this IdentityServer4.AccessTokenValidation with reference tokens?