locked
API is authorized without the Authorization Headers in Request using Identity Server 4 and .net core Identity RRS feed

  • Question

  • User-1637592233 posted

    I am making the API call after the successfully login through Identity server from my vue application (SPA).

    Firstly i was adding the Access token in the Header and it was Authorize but i was not getting the claim. Which i have the separate Question on SO, and now i tried by removing the access token from the header during API call the application is still being Authorized.

    I don't understand how i should solve the problem.

    service.interceptors.request.use(config => {
      return authService
        .getToken()
        .then(tokenResponse => {
          app.$Progress.start();
          //config.headers.Authorization = `Bearer ${tokenResponse}`; removed Token
          return Promise.resolve(config);
        })
        .catch(error => {
          app.prototype.$Progress.fail();
          alert("error");
        });
    });

    Oidc Client Manager

    export default {
        authority: "https://localhost:44305",
        client_id: "js",
        redirect_uri: `${domain}/authredirect`,
        response_type: "id_token token",
        scope:"openid profile email api1 role",
        post_logout_redirect_uri : `${domain}`,
        silent_redirect_uri: `${domain}/silent`,
    }

    Identity Server Client Configuration

    new Client
    
        {
            ClientId = "js",
            ClientName = "JavaScript Client",
            AllowedGrantTypes = GrantTypes.Implicit,
            AllowAccessTokensViaBrowser = true,
            AlwaysIncludeUserClaimsInIdToken = true,
            RedirectUris =            new List<string> {"http://localhost:8080/silent","http://localhost:8080/authredirect"},
            PostLogoutRedirectUris =   { "http://localhost:8080" },
            AllowedCorsOrigins =     { "http://localhost:8080" },
    
            AllowedScopes =
            {
                IdentityServerConstants.StandardScopes.OpenId,
                IdentityServerConstants.StandardScopes.Profile,
                 IdentityServerConstants.StandardScopes.Email,
                "api1",
                "role"
            }
        }

    API Configure Services

    public void ConfigureServices(IServiceCollection services)
    {
        services.AddMvcCore().AddJsonFormatters();
    
        services.AddAuthorization();
        services.AddCors(options =>
        {
            // this defines a CORS policy called "default"
            options.AddPolicy("default", policy =>
            {
                policy.WithOrigins("http://localhost:8080")
                    .AllowAnyHeader()
                    .AllowAnyMethod();
            });
        });
    
        var connectionString = Configuration.GetConnectionString("DefaultConnection");
        services.AddDbContext<MyContext>(o => o.UseSqlServer(connectionString));
        services.AddIdentity<User, IdentityRole<Guid>>().AddEntityFrameworkStores<MyContext>().AddDefaultTokenProviders();
    
        // register the repository
        services.AddScoped(typeof(IRepository<>), typeof(EfRepository<>));
    
        services.AddMvcCore().AddJsonFormatters();
    }

    I have added the Project on Github. Please suggest me something. Link for Project

    Wednesday, May 9, 2018 1:30 AM

All replies