Reputation: 871
Error 500 when sending Authorization Bearer accessToken to my API witth Auth0
I wanted to secure my web webAPI netcoreapp 2.0 using Auth0 online, so I did all the steps.
I Have a 401 when I don't send Authorization, it's ok.
I Have a 200 when I don't put a [Authorize]
I Have a 500 when I put the Authorization header with Bearer + accessToken (copied the token from API on Auth0 web site)
Did anyone have this problem ?
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
options.Authority = "https://******.eu.auth0.com/";
options.Audience = "https://**************.azurewebsites.net/";
});
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseAuthentication();
app.UseSwagger();
app.UseSwaggerUI(c =>
{
c.SwaggerEndpoint("/swagger/v1/swagger.json", "My API V1");
});
app.UseDeveloperExceptionPage();
app.UseStaticFiles();
app.UseMvcWithDefaultRoute();
}
Upvotes: 2
Views: 2135
Answers (1)
Reputation: 811
In Startup:
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters =
new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = TokenConstants.ValidIssuer,
ValidAudience = TokenConstants.ValidAudience,
IssuerSigningKey = JwtSecurityKey.Create(TokenConstants.IssuerSigningKey),
};
});
Anywhere:
public static class JwtSecurityKey
{
public static SymmetricSecurityKey Create(string secret)
{
return new SymmetricSecurityKey(Encoding.ASCII.GetBytes(secret));
}
}
I am creating my own key here, but .NET knows how to decipher it based on .IssuerSigningKey which is just random string that can be anything like "IAMsuperS3cretEcnryptionKey" I imagine .NET falls over by trying to decipher your token since it has no idea what it is and throws internal server error, you need to include signing key AUTH0 uses for your api to decipher it.
Upvotes: 0
Related Questions
- ASP.Net Core API always returns 401 but Bearer token is included
- HttpClient not sending authorization Bearer token in .Net Core 3.1
- ASP.NET Core WebAPI: Bearer error="invalid_token", error_description="The signature key was not found"
- Asp.net core 2 - 401 error with bearer token
- Auth0 api returning 401 www-authenticate: Bearer error="invalid_token" in .net core web api
- Token based authentication in ASP.NET Web API 2 not working
- Web API Bearer token authentication Authorize doesn't work
- why does Asp.net core Web API 2.0 returns Http Error 500
- Issue In calling web api. Always returns 500 server error
- Bearer token not working when calling web api in Azure