TechQA.

How to configure an API for access token validation using OpenIddict

272 views Asked by At

I am using the configuration examples of OpenIddict (https://github.com/openiddict/openiddict-samples), specifically the example of Zirku.Api1 for token validation through introspection and accessing the endpoints of this API in .Net 6.0. The identity server is not in the same solution.

Below, I'll show you how I have it configured. In the ConfigureServices method:

services.AddOpenIddict()
                    .AddValidation(options =>
                    {
                        options.SetIssuer("https://localhost:6001/");
                        
                        // Configure the validation handler to use introspection and register the client
                        // credentials used when communicating with the remote introspection endpoint.
                        options.UseIntrospection()
                               .SetClientId("testapp")
                               .SetClientSecret("6da97943-865d-41c4-970b-5a2670b7e347");
                        // Register the System.Net.Http integration.
                        options.UseSystemNetHttp();

                        // Register the ASP.NET Core host.
                        options.UseAspNetCore();
                    });
            services.AddAuthentication(OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme);

and in the Configure method:

app.UseEndpoints(endpoints =>
            {
                endpoints.MapGet("/api", async context =>
                {
                    var user = context.User;
                    if (user.Identity?.IsAuthenticated == true)
                    {
                        await context.Response.WriteAsync($"{user.Identity.Name} is allowed to access Api1.");
                    }
                    else
                    {
                        context.Response.StatusCode = StatusCodes.Status401Unauthorized;
                        await context.Response.WriteAsync("Unauthorized");
                    }
                }).RequireAuthorization(); // Requiere autorizaciĆ³n

                endpoints.MapControllerRoute(
                    name: "default",
                    pattern: "{controller=Home}/{action=Index}/{id?}");
                endpoints.MapRazorPages();
                endpoints.MapHub<HubServer>("/hub");
            });

and in the controller:

[HttpGet]
        [Authorize(AuthenticationSchemes = OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme)]
        public async Task<Utils.HttpResponse> listAll(int page = 1, int itemsPerPage = 10, string search = "")
        {...//more code

The issue must lie in the configuration of the API since when making a request through Insomnia (Postman), the Identity API responds correctly. However, when I make the request to the API, it tries to connect to the Identity API using 'https://localhost:6001/.well-known/openid-configuration' and fails, displaying the following error:

 OpenIddict.Validation.OpenIddictValidationDispatcher[0]
      The response was successfully returned as a challenge response: {
        "error": "server_error",
        "error_description": "The remote authorization server is currently unavailable or returned an invalid configuration.",
        "error_uri": "https://documentation.openiddict.com/errors/ID2170"
      }.

if anyone could help me I will really appreciated

authentication authorization .net-6.0 introspection openiddict
Original Q&A
0

There are 0 answers

Related Questions in AUTHENTICATION

Related Questions in AUTHORIZATION

Related Questions in .NET-6.0

Related Questions in INTROSPECTION

Related Questions in OPENIDDICT

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions