Closed utterances-bot closed 1 year ago
Thanks for this tutorial... hopefully you see this :P...
I've been trying to get Swagger authorised to access my [Authorize]'d endpoints (not the controllers).
I've got it to the point following this and other tutorials such that unauthorized endpoints are still accessible - great. The authorize button and modal etc. appear and ask me to confirm the one and only Scope (OpenId) and upon clicking Authorize it bounces back and Swagger says I'm authorized - great.
BUT... I still cannot access my restricted endpoints.
From your tutorial it didn't sound like I needed to add scopes and setup my API to use them etc, so I assumed out of the box as long as I confirmed the 'OpenId' scope I would be able to access ALL of my endpoints - because I'm authorized to access it via Auth0.
So umm, what could the missing link be?
Ps. My configuration is using the 'Explicit' workflow.
Annnd just as I posted this I had an a epiphany and re-checked the configuration and realised my Auth was using JWT Bearer and not OpenId. Duhh. Changed the configuration accordingly and now it works. Phew!
Spoke to soon. While Swagger can be authorized and access the API. Now my public site has been blocked from access to the API. I thought these changes would only affect Swagger. Sigh.
Annnnnd it appears to have been a weird build issue. Sorted. Man some days this stuff just... grr ;)
Glad you got it resolved!
hey this is a good blog on this and i am trying to do this right now.... one small item is that in auth0 application creation for "single page apps" there are multiple choices .... Angular, Flutter JS, React and VUE... i think the right one for this is JS ?? might want to update the blog to say that if that is right.
ASP.NET Core APIs: Getting Swashbuckle to work with Auth0 | Know Your Toolset
Updating ASP.NET Core Swashbuckle OAuth2 options to support authentcation with Auth0 and prevent invalid_token JWT errors
https://knowyourtoolset.com/2022/07/swashbuckle-with-auth0/