承载错误="invalid_token",错误_说明=“发行者无效". [英] Bearer error="invalid_token", error_description="The issuer is invalid"

查看:430
本文介绍了承载错误="invalid_token",错误_说明=“发行者无效".的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个简单的Web api项目,如下所示:

  [授权][Route("Get")]公共ActionResult< string>问好(){返回"Hello World";} 

我正在尝试与邮递员进行测试.请按照以下步骤操作:

2)尝试发送另一个带有授权令牌的请求,如下所示:

为什么会出现401(未经授权)错误?WWW-Authenticate响应标头说:Bearer error ="invalid_token",error_description =发行者无效".我正在使用.Net Core 3.1.我已在屏幕快照中注释掉了敏感信息.

从MVC应用程序访问时,Web api可以按预期工作.

这是启动代码:

  services.AddAuthentication("Bearer").AddIdentityServerAuthentication(options =>{options.Authority = identityUrl;//identityurl是一个配置项options.RequireHttpsMetadata = false;options.ApiName = apiName;}); 

解决方案

AddIdentityServerAuthentication 中间件的 Authority 应该是您的Identityserver的基址,中间件将与身份服务器的OIDC元数据端点,以获取用于验证JWT令牌的公共密钥.

请确认授权机构是您颁发jwt令牌的身份服务器的URL.

I have a simple web api project, which looks like this:

[Authorize]
        [Route("Get")]
        public ActionResult<string> SayHello()
        {
            return "Hello World";
        }

I am trying to test it with Postman. By following the steps here: https://kevinchalet.com/2016/07/13/creating-your-own-openid-connect-server-with-asos-testing-your-authorization-server-with-postman/

1) Send the request below and receive a token as expected:

2) Attempt to send another request with the authorization token as shown below:

Why do I get a 401 (unauthorized) error? The WWW-Authenticate response header says: Bearer error="invalid_token", error_description="The issuer is invalid". I am using .Net Core 3.1. I have commented out the sensitive information in the screenshots.

The web api works as expected when accessed from an MVC application.

Here is the startup code:

services.AddAuthentication("Bearer")
                .AddIdentityServerAuthentication(options =>
                {
                    options.Authority = identityUrl; //identityurl is a config item
                    options.RequireHttpsMetadata = false;
                    options.ApiName = apiName;

                });

解决方案

The Authority of AddIdentityServerAuthentication middleware should be the base-address of your identityserver , middleware will contact the identity server's OIDC metadata endpoint to get the public keys to validate the JWT token .

Please confirm that the Authority is the url of identity server where you issued the jwt token .

这篇关于承载错误="invalid_token",错误_说明=“发行者无效".的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆