Problem Statement : I want to secure APIs using ping identity OAuth 2.0. I am following this blog but I get 401.
I have configured in postman tool with OAuth2.0 with details provided by ping identity team and I'm able to generate the token but the same token when I copy paste and send it as Bearer, I get 401 in the API.
I doubt if I'm giving the wrong callback URL. If my API URL is say http://web.abc.com/_api/home/userinfo then what should be my callback URL?
NOTE : I am not using this solution in the browser and directly trying to secure the APIs. May be my approach itself is not correct. Let me know if any better solution.
EDIT :
Startup.cs
looks like this :
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
string x509PublicCert = @"XXXXXXXXXXX";
var byteCert = Convert.FromBase64String(x509PublicCert);
var x509Cert = new X509Certificate2(byteCert);
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.Audience = "http://localhost:65180/";//Configuration["Audience"]; //"http://localhost:9000/";
options.Authority = "https://myloginqa.xyz.com:8080/"; //Configuration["Authority"]; // "https://idp.yourcompany.com:5000/";
options.TokenValidationParameters = new TokenValidationParameters
{
// Validate the JWT Audience
ValidateIssuerSigningKey = true,
IssuerSigningKey = new X509SecurityKey(x509Cert),
ValidateIssuer = true,
ValidIssuer = "myloginqa.xyz.com",//Configuration["Issuer"], //idp.yourcompany.com
ValidateAudience = false,
ValidateLifetime = true,
// If you want to allow a certain amount of clock drift, set that here:
ClockSkew = TimeSpan.Zero
};
});
services.AddControllersWithViews();
// In production, the React files will be served from this directory
services.AddSpaStaticFiles(configuration =>
{
configuration.RootPath = "ClientApp/build";
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Error");
}
app.UseStaticFiles();
app.UseSpaStaticFiles();
app.UseRouting();
app.UseCookiePolicy();
app.UseAuthentication();
app.UseAuthorization();
app.UseCors("CorsApi");
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller}/{action=Index}/{id?}");
});
app.UseSpa(spa =>
{
spa.Options.SourcePath = "ClientApp";
if (env.IsDevelopment())
{
spa.UseReactDevelopmentServer(npmScript: "start");
}
});
}
}
Controller
looks like this :
[EnableCors("CorsApi")]
//[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
[Authorize]
[ApiController]
[Route("[controller]")]
public class WeatherForecastController : ControllerBase
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…