search

dahlsailrunner / knowyourtoolset-blog

MIT License
0 stars 0 forks source link

2022/07/swashbuckle-with-auth0/ #6

Closed utterances-bot closed 1 year ago

utterances-bot commented 1 year ago

ASP.NET Core APIs: Getting Swashbuckle to work with Auth0 | Know Your Toolset

Updating ASP.NET Core Swashbuckle OAuth2 options to support authentcation with Auth0 and prevent invalid_token JWT errors

https://knowyourtoolset.com/2022/07/swashbuckle-with-auth0/

JeremyQtweb commented 1 year ago

Thanks for this tutorial... hopefully you see this :P...

I've been trying to get Swagger authorised to access my [Authorize]'d endpoints (not the controllers).

I've got it to the point following this and other tutorials such that unauthorized endpoints are still accessible - great. The authorize button and modal etc. appear and ask me to confirm the one and only Scope (OpenId) and upon clicking Authorize it bounces back and Swagger says I'm authorized - great.

BUT... I still cannot access my restricted endpoints.

From your tutorial it didn't sound like I needed to add scopes and setup my API to use them etc, so I assumed out of the box as long as I confirmed the 'OpenId' scope I would be able to access ALL of my endpoints - because I'm authorized to access it via Auth0.

So umm, what could the missing link be?

Ps. My configuration is using the 'Explicit' workflow.

JeremyQtweb commented 1 year ago

Annnd just as I posted this I had an a epiphany and re-checked the configuration and realised my Auth was using JWT Bearer and not OpenId. Duhh. Changed the configuration accordingly and now it works. Phew!

JeremyQtweb commented 1 year ago

Spoke to soon. While Swagger can be authorized and access the API. Now my public site has been blocked from access to the API. I thought these changes would only affect Swagger. Sigh.

JeremyQtweb commented 1 year ago

Annnnnd it appears to have been a weird build issue. Sorted. Man some days this stuff just... grr ;)

dahlsailrunner commented 1 year ago

Glad you got it resolved!

figuerres commented 4 months ago

hey this is a good blog on this and i am trying to do this right now.... one small item is that in auth0 application creation for "single page apps" there are multiple choices .... Angular, Flutter JS, React and VUE... i think the right one for this is JS ?? might want to update the blog to say that if that is right.