Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Unable to start Ocelot, errors are: Authentication Options AuthenticationProviderKey:TestKey,AllowedScopes:[] is unsupported authentication provider

See original GitHub issue

Expected Behavior / New Feature

Ocelot starts and works with IdentityServer4 Authentication

Actual Behavior / Motivation for New Feature

Ocelot crashes with:

Unable to start Ocelot, errors are: Authentication Options AuthenticationProviderKey:TestKey,AllowedScopes:[] is unsupported authentication provider

Steps to Reproduce the Problem

Follow the steps for IdentityServer 4 Config looks like:

    {
      "DownstreamPathTemplate": "/{everything}",
      "DownstreamScheme": "https",
      "DownstreamHostAndPorts": [
        {
          "Host": "localhost",
          "Port": 44309
        }
      ],
      "UpstreamPathTemplate": "/{everything}",
      "UpstreamHttpMethod": [ "Get", "Post" ],
      "AuthenticationOptions": {
        "AuthenticationProviderKey": "TestKey",
        "AllowedScopes": []
      }
    }

Startup:

    public class Startup
    {
        public Startup(IConfiguration configuration)
        {
            Configuration = configuration;
        }

        public IConfiguration Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
            //services.AddControllers();
            ConfigureIdentityServer(services);
            services.AddOcelot();
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }

            app.UseStaticFiles();
            app.UseHttpsRedirection();
            app.UseRouting();

            app.UseAuthentication();
            app.UseAuthorization();

            //app.UseEndpoints(endpoints =>
            //{
            //    endpoints.MapControllers().RequireAuthorization();
            //});

            app.UseOcelot().Wait();
        }

        private void ConfigureIdentityServer(IServiceCollection services)
        {
            //IdentityServerConfig identityServerConfig = new IdentityServerConfig();
            //Configuration.Bind("IdentityServerConfig", identityServerConfig);
            var authenticationProviderKey = "TestKey";

            services.AddAuthentication()
                .AddIdentityServerAuthentication(authenticationProviderKey, options =>
                {
                    options.RequireHttpsMetadata = false;
                    options.Authority = $"http://localhost:5000";
                    options.ApiName = "api1";
                }
                );
        }

Program

    public class Program
    {
        public static void Main(string[] args)
        {
            Log.Logger = new LoggerConfiguration()
               .Enrich.FromLogContext()
               .MinimumLevel.Debug()
               .WriteTo.Console(
                   LogEventLevel.Verbose,
                   "{NewLine}{Timestamp:HH:mm:ss} [{Level}] ({CorrelationToken}) {Message}{NewLine}{Exception}")
                   .CreateLogger();

            try
            {
                CreateHostBuilder(args).Build().Run();
            }
            finally
            {
                Log.CloseAndFlush();
            }
        }

        public static IWebHostBuilder CreateHostBuilder(string[] args) =>
            WebHost.CreateDefaultBuilder(args)
            .UseStartup<Startup>()
            .ConfigureAppConfiguration((hostingContext, config) =>
            {
                config
                    .SetBasePath(hostingContext.HostingEnvironment.ContentRootPath)
                    .AddJsonFile("ocelot.json")
                    .AddEnvironmentVariables();
            })
            .ConfigureServices(s =>
            {
                s.AddOcelot();
                s.AddMvc();
            })
            .ConfigureLogging((hostingContext, logging) =>
            {
                //add your logging
                logging.AddSerilog();
            })
            .Configure(a =>
            {
                a.UseOcelot().Wait();
            });
    }

Run the application

Specifications

Version: Ocelot 13.8.0
Platform: .Net Core 3.0 on Windows 10 x64
Subsystem:

Issue Analytics

State:
Created 4 years ago
Reactions:9
Comments:9 (1 by maintainers)

Top GitHub Comments

1reaction

metalrose24commented, Oct 21, 2020

I manged to solve this. For me, I had configuration in both Startup.cs and Program.cs. It wasn’t using my Startup.cs for the Ocelot config. If your following the samples then the configuration for authentication needs to be under the .ConfigureServices part of the WebHostBuilder e.g. in Program.cs Main method:

        new WebHostBuilder()
            .UseKestrel()
            .UseContentRoot(Directory.GetCurrentDirectory())
            .ConfigureAppConfiguration((hostingContext, config) =>
            {
                config
                    .SetBasePath(hostingContext.HostingEnvironment.ContentRootPath)
                    .AddJsonFile("appsettings.json", true, true)
                    .AddJsonFile($"appsettings.{hostingContext.HostingEnvironment.EnvironmentName}.json", true, true)
                    .AddJsonFile("ocelot.json", false, true)
                    .AddEnvironmentVariables();
            })
            .ConfigureServices(services =>
            {
                void Options(IdentityServerAuthenticationOptions o)
                {
                    o.Authority = authenticationServerBaseAddress;
                    o.ApiName = ServiceClientId;
                    o.SupportedTokens = SupportedTokens.Both;
                    o.ApiSecret = ServiceSecret;
                }

                services.AddAuthentication()
                    .AddIdentityServerAuthentication(authenticationProviderKey, Options);

                services.AddOcelot();
            })
            .ConfigureLogging((hostingContext, logging) =>
            {
                //add your logging TODO
            })
            .UseIISIntegration()
            .Configure(app =>
            {
                app.UseOcelot().Wait();
            })
            .Build()
            .Run();

I found it useful to actually take a copy of the code so I could debug through it then it made more sense what it was doing and why it wasn’t picking up my authentication config

Hope this helps someone !

0reactions

Iran-aspcommented, Nov 30, 2021

I had it too because my SymmetricSecurityKey does not loaded correctly from database in ConfigureServices() method.

Top Results From Across the Web

Net 5: Unable to start Ocelot, unsupported authentication ...

Just moved the authentication configuration from the startup. cs file to the program.

Developers - Unable to start Ocelot, errors are

Unable to start Ocelot, errors are: Authentication Options AuthenticationProviderKey:TestKey,AllowedScopes:[] is unsupported authentication ...

Authentication — Ocelot 1.0.0 documentation

AuthenticationProviderKey and check that there is an Authentication provider registered with the given key. If there isn't then Ocelot will not start up,...

3 Ways to do Authorization in Ocelot API gateway in ASP. ...

When we ran with only above code changes, we see a error that it is asking for authentication is missing. It means we...

Part Two - Building API Gateway Using Ocelot In ASP.NET ...

When Ocelot runs, it will look at this ReRoutes AuthenticationOptions.AuthenticationProviderKey and check that there is an Authentication ...