Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Invalid token for access token.

See original GitHub issue

Hi , It’s me again 😃 I’ve one web app , one api resource and id server. I’m succesfully logged in web app(with getting succesfully access_token) but i can’t call api resource with specific scope. I also add my scopes dynamically in ticket;

            var resourceList = await _scopeManager.ListResourcesAsync(scopes);
            ticket.SetResources(resourceList);

web app adding api scopes;

                config.Scope.Add("email");
                config.Scope.Add("roles");
                config.Scope.Add("textileApi");

These are my clients and scopes ;

 OpenIddictApplicationDescriptor customApp = new OpenIddictApplicationDescriptor
                    {
                        ClientId = "xx",
                        ClientSecret = "xx",
                        DisplayName = "xx",
                        PostLogoutRedirectUris = { new Uri("http://localhost:55467/signout-callback-oidc"), new Uri("http://localhost:55467/Home/Index") },
                        RedirectUris = { new Uri("http://localhost:55467/signin-oidc") },
                        Permissions =
                        {
                            OpenIddictConstants.Permissions.Endpoints.Authorization,
                            OpenIddictConstants.Permissions.Endpoints.Logout,
                            OpenIddictConstants.Permissions.Endpoints.Token,
                            OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode,
                            OpenIddictConstants.Permissions.Scopes.Email,
                            OpenIddictConstants.Permissions.Scopes.Profile,
                            OpenIddictConstants.Permissions.Scopes.Roles,
                            OpenIddictConstants.Permissions.Prefixes.Scope + "textileApi"
                        }
                    };

OpenIddictApplicationDescriptor apiClient = new OpenIddictApplicationDescriptor
                    {
                        ClientId = "HasTextileAPI",
                        ClientSecret = "987654",
                        Permissions =
                        {
                            OpenIddictConstants.Permissions.Endpoints.Introspection,
                        }
                    };

                    var textileApiScope = new OpenIddictScopeDescriptor
                    {
                        Name = "textileApi",
                        Resources = { "HasTextileAPI" }
                    };

And this is my api resource’s startup ;

            services.AddAuthentication(options =>
            {
                options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
            }).AddJwtBearer(options =>
             {
                 options.Audience = "HasTextileAPI";
                 options.Authority = "http://localhost:53703";
                 options.RequireHttpsMetadata = false;
                 options.TokenValidationParameters.NameClaimType = "name";
                 options.TokenValidationParameters.RoleClaimType = "role";
             });
```

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:7 (2 by maintainers)

github_iconTop GitHub Comments

2reactions
kevinchaletcommented, Jun 24, 2020

Hey.

It’s very likely due to the fact OpenIddict 3.0 always encrypts its access tokens by default. As indicated in https://kevinchalet.com/2020/06/11/introducing-openiddict-3-0-beta1/, the OpenIddict validation handler is now the recommended option (even for JWT, which is the new default access token format in 3.0). It comes with a simpler configuration option when the API is in the same project as your OpenIddict server.

Cheers.

1reaction
mfarkancommented, Jun 24, 2020

Well , dude you’re rock again ! I figure it out. Thanks for helping. it is flying like a seagol 😃 👊

Read more comments on GitHub >

github_iconTop Results From Across the Web

Troubleshoot Invalid Token Errors
Calling /userinfo requires an Access Token . If you don't ask for an access token when authenticating, you will receive the following error:...
Read more >
Troubleshooting Invalid Access Tokens
Authentication failures and invalid token errors are usually due to one or more of these components being incorrect or used in the wrong...
Read more >
Access Token Error Response and Codes
If the token access request is invalid or unauthorized, then the authorization server returns an error response. For information on access token response,...
Read more >
I'm getting the "Your token is invalid [401]" error
This error means that the app has experienced an authentication problem and can't verify your account information. If it occurs, you'll be automatically ......
Read more >
Solved: Getting "Invalid Access Token' when trying to acce...
I am following the OAUTH flow, getting the code, then using that to get an access token. However, the access token I get...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Endpoints 404 with Asp.net MVC 5

Next page

Question on Certificate.pfx and Azure