添加链接
link管理
链接快照平台
  • 输入网页链接,自动生成快照
  • 标签化管理网页链接
I need to access to my API form a third system using he bearer token auth method. I've created a new client, add the API scope, assign grant types password and authorization_code and create a shared secret. I'ma able to login to Identity and obtain a new access_token like that

I try to make a new request to an Authorized controller and I get the error 401

the log of API:

[15:49:35 INF] Bearer was not authenticated. Failure message: No SecurityTokenValidator available for token.
[15:49:35 INF] Bearer was not authenticated. Failure message: No SecurityTokenValidator available for token.
[15:49:35 INF] Authorization failed. These requirements were not met:
DenyAnonymousAuthorizationRequirement: Requires an authenticated user.
[15:49:35 INF] AuthenticationScheme: Bearer was challenged.'

the log of Identity:

2022-08-03 15:49:20.681 +02:00 [INF] Try to use LDAP for external authentication
2022-08-03 15:49:20.684 +02:00 [WRN] Ldap login feature is not enabled!
2022-08-03 15:49:20.731 +02:00 [INF] Credentials validated for username: admin
2022-08-03 15:49:20.750 +02:00 [INF] {"Username":"admin","Provider":null,"ProviderUserId":null,"SubjectId":"3a03819c-c2b6-2cac-7579-1e9e95a62af7","DisplayName":null,"Endpoint":"Token","ClientId":"******_ind_Swagger","Category":"Authentication","Name":"User Login Success","EventType":"Success","Id":1000,"Message":null,"ActivityId":"800109bd-0001-d900-b63f-84710c7967bb","TimeStamp":"2022-08-03T13:49:20.0000000Z","ProcessId":20084,"LocalIpAddress":"","RemoteIpAddress":"","$type":"UserLoginSuccessEvent"}
2022-08-03 15:49:20.750 +02:00 [INF] Token request validation success, {"ClientId":"******_ind_Swagger","ClientName":"******_ind_Swagger","GrantType":"password","Scopes":"address email offline_access openid phone profile role ****** ******_industry","AuthorizationCode":"********","RefreshToken":"********","UserName":"admin","AuthenticationContextReferenceClasses":null,"Tenant":null,"IdP":null,"Raw":{"client_id":"******_ind_Swagger","client_secret":"***REDACTED***","grant_type":"password","username":"admin","password":"***REDACTED***"},"$type":"TokenRequestValidationLog"}
2022-08-03 15:49:20.767 +02:00 [INF] {"ClientId":"******_ind_Swagger","ClientName":"******_ind_Swagger","RedirectUri":null,"Endpoint":"Token","SubjectId":"3a03819c-c2b6-2cac-7579-1e9e95a62af7","Scopes":"address email offline_access openid phone profile role ****** ******_industry","GrantType":"password","Tokens":[{"TokenType":"refresh_token","TokenValue":"****DE7D","$type":"Token"},{"TokenType":"access_token","TokenValue":"****NJmA","$type":"Token"}],"Category":"Token","Name":"Token Issued Success","EventType":"Success","Id":2000,"Message":null,"ActivityId":"800109bd-0001-d900-b63f-84710c7967bb","TimeStamp":"2022-08-03T13:49:20.0000000Z","ProcessId":20084,"LocalIpAddress":":443","RemoteIpAddress":"","$type":"TokenIssuedSuccessEvent"}
2022-08-03 15:49:20.769 +02:00 [INF] Request finished HTTP/1.1 POST https://auth.************.com/connect/token application/x-www-form-urlencoded 108 - 200 - application/json;+charset=UTF-8 156.5627ms
2022-08-03 15:50:42.645 +02:00 [INF] Request starting HTTP/2 GET https://auth.************.com/connect/authorize?response_type=code&client_id=******_ind_Swagger&redirect_uri=https%3A%2F%2Flocalhost%3A44389%2Fswagger%2Foauth2-redirect.html&scope=******_industry&state=V2VkIEF1ZyAwMyAyMDIyIDE1OjUwOjQyIEdNVCswMjAwIChPcmEgbGVnYWxlIGRlbGzigJlFdXJvcGEgY2VudHJhbGUp - -
2022-08-03 15:50:42.730 +02:00 [INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeEndpoint for /connect/authorize
2022-08-03 15:50:42.759 +02:00 [INF] {"ClientId":"******_ind_Swagger","ClientName":"******_ind_Swagger","RedirectUri":"https://localhost:44389/swagger/oauth2-redirect.html","Endpoint":"Authorize","SubjectId":"3a03819c-c2b6-2cac-7579-1e9e95a62af7","Scopes":"******_industry","GrantType":"authorization_code","Tokens":[{"TokenType":"code","TokenValue":"****21B5","$type":"Token"}],"Category":"Token","Name":"Token Issued Success","EventType":"Success","Id":2000,"Message":null,"ActivityId":"80003e65-0001-8800-b63f-84710c7967bb","TimeStamp":"2022-08-03T13:50:42.0000000Z","ProcessId":20084,"LocalIpAddress":":443","RemoteIpAddress":"","$type":"TokenIssuedSuccessEvent"}
2022-08-03 15:50:42.764 +02:00 [INF] Request finished HTTP/2 GET https://auth.************.com/connect/authorize?response_type=code&client_id=******_ind_Swagger&redirect_uri=https%3A%2F%2Flocalhost%3A44389%2Fswagger%2Foauth2-redirect.html&scope=******_industry&state=V2VkIEF1ZyAwMyAyMDIyIDE1OjUwOjQyIEdNVCswMjAwIChPcmEgbGVnYWxlIGRlbGzigJlFdXJvcGEgY2VudHJhbGUp - - - 302 - - 118.8755ms
2022-08-03 15:50:42.916 +02:00 [INF] Request starting HTTP/2 OPTIONS https://auth.************.com/connect/token - -
2022-08-03 15:50:42.916 +02:00 [INF] CORS policy execution successful.

Thanks

Bearer was not authenticated. Failure message: No SecurityTokenValidator available for token.

Can you share your authentication code of API ?

services.AddAuthentication(

Hi Maliming,

finally I've solved my issue. When I created the API resources on my identity server I have not select the scope, I think the UI is not very clear.

Finally I think can be usefull if the documentation will be integrated wtih the full steps needed to authentic from third party stystem to the API using the bearer token, also the configuration steps for Identity

Thanks. Laura