承载错误-invalid_token-找不到签名密钥 [英] Bearer error - invalid_token - The signature key was not found

问题描述

我有一个与.Net Core 2.2 API后端接口的Angular 7应用程序.这是与Azure Active Directory的接口.

I have an Angular 7 application interfacing with a .Net Core 2.2 API back-end. This is interfacing with Azure Active Directory.

在Angular 7方面，它已通过AAD进行了正确的身份验证，并且我得到了有效的JWT，如 jwt.io .

On the Angular 7 side, it is authenticating properly with AAD and I am getting a valid JWT back as verified on jwt.io.

在.Net Core API方面，我创建了一个简单的测试API，上面有[Authorize].

On the .Net Core API side I created a simple test API that has [Authorize] on it.

当我从Angular调用此方法时，添加Bearer令牌后，我得到了(如Chrome调试工具的网络"标签中的标题"所示):

When I call this method from Angular, after adding the Bearer token, I am getting (as seen in Chrome Debug Tools, Network tab, "Headers"):

WWW-Authenticate:承载错误="invalid_token"，error_description ="The 找不到签名密钥"

WWW-Authenticate: Bearer error="invalid_token", error_description="The signature key was not found"

使用 HTTP/1.1 401未经授权.

简单的测试API是:

    [Route("Secure")]
    [Authorize]
    public IActionResult Secure() => Ok("Secure works");

Angular调用代码也很简单:

The Angular calling code is also as simple as I can get it:

    let params : any = {
        responseType: 'text',
        headers: new HttpHeaders({
            "Authorization": "Bearer " + token,
            "Content-Type": "application/json"
        })
    }

    this.http
        .get("https://localhost:5001/api/azureauth/secure", params)
        .subscribe(
            data => { },
            error => { console.error(error); }
        );

如果我删除了[Authorize]属性，只是将其作为来自Angular的标准GET请求调用，它就可以正常工作.

If I remove the [Authorize] attribute and just call this as a standard GET request from Angular it works fine.

我的Startup.cs包含:

My Startup.cs contains:

        services
            .AddAuthentication(AzureADDefaults.AuthenticationScheme)
            .AddAzureADBearer(options => this.Configuration.Bind("AzureAd", options));

所有选项均已在appsettings.json中正确设置(例如ClientId，TenantId等)，并且options此处已按预期填充.

The options are all properly set (such as ClientId, TenantId, etc) in the appsettings.json and options here is populating as expected.

推荐答案

我遇到了同样的问题，因为我缺少授权..确保授权和api名称正确，现在启动文件中配置服务中的此代码适用于我:

I was facing the same issue was i was missing the authority..make sure authority and api name is correct now this code in configure services in startup file works for me:

services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
                .AddIdentityServerAuthentication( x =>
                {
                    x.Authority = "http://localhost:5000"; //idp address
                    x.RequireHttpsMetadata = false;
                    x.ApiName = "api2"; //api name
                });

这篇关于承载错误-invalid_token-找不到签名密钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！