Closed ghost closed 7 years ago
Ok, I think my issues may have stemmed from the fact that my identity server is running in a docker container and my url from outside the container is different than the url from inside the container. To fix it, I setup a reroute to my identity server. I then use ocelot to hit my identity server and get a bearer token. Then I send the bearer token to my service (also through ocelot). I think the key here is that the DownstreamHost "identityservice.name" must match the ProviderRootUrl "http://identityservice.name". However, I'm still somewhat new to this, so I'm curious of what others think?
{
"ReRoutes": [
{
"DownstreamPathTemplate": "/api/mypath",
"DownstreamScheme": "http",
"DownstreamPort": 80,
"DownstreamHost": "myservice.name",
"UpstreamPathTemplate": "/mypath",
"UpstreamHttpMethod": "get",
"ReRouteIsCaseSensitive": false,
"AuthenticationOptions": {
"Provider": "IdentityServer",
"ProviderRootUrl": "http://identityservice.name",
"ScopeName": "myscope",
"ScopeSecret": "secret"
}
},
{
"DownstreamPathTemplate": "connect/token",
"DownstreamScheme": "http",
"DownstreamPort": 80,
"DownstreamHost": "identityservice.name",
"UpstreamPathTemplate": "connect/token",
"UpstreamHttpMethod": "post",
"ReRouteIsCaseSensitive": false
}
]
}
@FryDerm you are correct about the use of DownstreamHost in this situation.
The tests here pretty much show what Ocelot can do with Identity Server.
Seems like you've got it nailed though! Hope it works for you let me know if you have anymore problems.
Are there any examples of using an identity server? How do you call the gateway? How does it interact with identity server? Do you interact with identity server directly and then send the bearer token to ocelot or do you hit the identity server through ocelot?