通过来自 Auth0 的令牌访问 API
Accessing API through token from Auth0
我正在实施 Auth0 以在我的带有 React 前端的 ASP.NET Core 2.1 应用程序中使用,但无法使用从 Auth0 获得的令牌进行 API 调用。我不断收到未经授权的错误。
这是我 Startup.cs 中 ConfigureServices() 方法中的代码:
services.AddAuthentication(options => {
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(jwtOptions => {
jwtOptions.Authority = "https://myapp.auth0.com/";
jwtOptions.Audience = "https://myapp.com/api/";
});
string domain = $"https://myapp.auth0.com/";
services.AddAuthorization(options =>
{
options.AddPolicy("read:data", policy => policy.Requirements.Add(new HasScopeRequirement("read:data", domain)));
});
services.AddSingleton<IAuthorizationHandler, HasScopeHandler>();
我有以下处理范围:
public class HasScopeRequirement : IAuthorizationRequirement
{
public string Issuer { get; }
public string Scope { get; }
public HasScopeRequirement(string scope, string issuer)
{
Scope = scope ?? throw new ArgumentNullException(nameof(scope));
Issuer = issuer ?? throw new ArgumentNullException(nameof(issuer));
}
}
public class HasScopeHandler : AuthorizationHandler<HasScopeRequirement>
{
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, HasScopeRequirement requirement)
{
// If user does not have the scope claim, get out of here
if (!context.User.HasClaim(c => c.Type == "scope" && c.Issuer == requirement.Issuer))
return Task.CompletedTask;
// Split the scopes string into an array
var scopes = context.User.FindFirst(c => c.Type == "scope" && c.Issuer == requirement.Issuer).Value.Split(' ');
// Succeed if the scope array contains the required scope
if (scopes.Any(s => s == requirement.Scope))
context.Succeed(requirement);
return Task.CompletedTask;
}
}
此外,在 Configure() 方法中,我有 app.UseAuthentication();
这是我的 auth0.js 服务中的代码:
auth0 = new auth0.WebAuth({
domain: 'myapp.auth0.com',
clientID: 'client_id_copied_from_application_settings_on_auth0',
redirectUri: 'http://localhost:49065/member/callback',
audience: 'https://myapp.com/api/',
responseType: 'token id_token',
scope: 'openid'
});
我的前端正在成功获取 access_token、expires_at 和 id_token。使用 Postman,我对我的 API 方法之一进行了 API 调用,但我不断收到 401 Unauthorized 错误。我在下面发布了我在 Postman 中看到的屏幕截图。看来观众不喜欢
知道我做错了什么吗?
我们在 Auth0 使用 .Net Core 2.0 整理了一个博客教程系列,这可能有助于追溯。
https://auth0.com/blog/developing-web-apps-with-asp-dot-net-core-2-dot-0-and-react-part-1/
我正在实施 Auth0 以在我的带有 React 前端的 ASP.NET Core 2.1 应用程序中使用,但无法使用从 Auth0 获得的令牌进行 API 调用。我不断收到未经授权的错误。
这是我 Startup.cs 中 ConfigureServices() 方法中的代码:
services.AddAuthentication(options => {
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(jwtOptions => {
jwtOptions.Authority = "https://myapp.auth0.com/";
jwtOptions.Audience = "https://myapp.com/api/";
});
string domain = $"https://myapp.auth0.com/";
services.AddAuthorization(options =>
{
options.AddPolicy("read:data", policy => policy.Requirements.Add(new HasScopeRequirement("read:data", domain)));
});
services.AddSingleton<IAuthorizationHandler, HasScopeHandler>();
我有以下处理范围:
public class HasScopeRequirement : IAuthorizationRequirement
{
public string Issuer { get; }
public string Scope { get; }
public HasScopeRequirement(string scope, string issuer)
{
Scope = scope ?? throw new ArgumentNullException(nameof(scope));
Issuer = issuer ?? throw new ArgumentNullException(nameof(issuer));
}
}
public class HasScopeHandler : AuthorizationHandler<HasScopeRequirement>
{
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, HasScopeRequirement requirement)
{
// If user does not have the scope claim, get out of here
if (!context.User.HasClaim(c => c.Type == "scope" && c.Issuer == requirement.Issuer))
return Task.CompletedTask;
// Split the scopes string into an array
var scopes = context.User.FindFirst(c => c.Type == "scope" && c.Issuer == requirement.Issuer).Value.Split(' ');
// Succeed if the scope array contains the required scope
if (scopes.Any(s => s == requirement.Scope))
context.Succeed(requirement);
return Task.CompletedTask;
}
}
此外,在 Configure() 方法中,我有 app.UseAuthentication();
这是我的 auth0.js 服务中的代码:
auth0 = new auth0.WebAuth({
domain: 'myapp.auth0.com',
clientID: 'client_id_copied_from_application_settings_on_auth0',
redirectUri: 'http://localhost:49065/member/callback',
audience: 'https://myapp.com/api/',
responseType: 'token id_token',
scope: 'openid'
});
我的前端正在成功获取 access_token、expires_at 和 id_token。使用 Postman,我对我的 API 方法之一进行了 API 调用,但我不断收到 401 Unauthorized 错误。我在下面发布了我在 Postman 中看到的屏幕截图。看来观众不喜欢
知道我做错了什么吗?
我们在 Auth0 使用 .Net Core 2.0 整理了一个博客教程系列,这可能有助于追溯。
https://auth0.com/blog/developing-web-apps-with-asp-dot-net-core-2-dot-0-and-react-part-1/