Closed JBuenoG closed 7 years ago
Hi @JBuenoG, I've been checking the code and there isn't any test to check your scenario. I'm going to add some test to try it and I'll post something here.
@JBuenoG I created the PR #104 to work on this.
The problem is with an older version of the package IdentityServer4.AccessTokenValidation. If I update this package to the last version works fine, but I have found another problem with the property AllowedScopes which doesn't works correctly.
@JBuenoG The PR #104 has been already merged into master.
Hi there, congratulations for this great project, it's being useful for me.
Let me talk about something about it. I think there is a problem with the authentication and authorization features.
If I have the following scenario:
and I install and configure the IdentityServer4 Nuget packages in Api1 and Api2, when I request a token to access to Api1 and I try access to Api2 with this token, Api2 return unhaurotized (that's OK!!).
But when I remove the IdentityServer4 Nuget packages from Api1 and Api2 and I configure the reroutes in my gateway to use authentication and authorization ocelot's features (in order to not have to use IS in the apis), and then I request a token to access to Api1 and I use it to access to Api2, the gateway allow the access to Api2 (with a token requested to access to Api1!! :'( ).
Thx and great work!!.