有效的访问令牌仍然获得401

我在React中有一个客户端应用程序,它使用Auth0正确验证,收到的访问令牌有效并包含适当的受众(使用Auth0证书验证了jwt.io 4中 的令牌)。服务器正在注册一个令牌验证事件,然后是一个消息,AuthenticationScheme: Bearer was challenged.并在401返回后不久。服务器也正确配置了适当的域和受众。HTTP请求包含Authorization带有Bearer方案的标头

解码的JWT有效载荷(有一些替代品):

{
  "iss": "https://work.eu.auth0.com/",
  "sub": "google-oauth2|XXXX",
  "aud": 
    "https://my-api.com",
    "https://work.eu.auth0.com/userinfo"
  ],
  "iat": 1507787600,
  "exp": 1507794800,
  "azp": "iqb4QobWGTA6Xmo3Ys8sIVCK1T5aPsdr",
  "scope": "openid profile my-api"
}

请求的服务器日志:

=> RequestId:0HL8GQM6G7E9T:00000001 RequestPath:/api/1.0/things => my-app.things.Controller.Get (Web)
      Authorization failed for user: (null).
Microsoft.AspNetCore.Authorization.DefaultAuthorizationService:Information: Authorization failed for user: (null).
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[3]
      => RequestId:0HL8GQM6G7E9T:00000001 RequestPath:/api/1.0/things => my-app.things.Controller.Get (Web)
      Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
info: Microsoft.AspNetCore.Mvc.ChallengeResult[1]
      => RequestId:0HL8GQM6G7E9T:00000001 RequestPath:/api/1.0/things => my-app.things.Controller.Get (Web)
      Executing ChallengeResult with authentication schemes ().
Microsoft.AspNetCore.Mvc.ChallengeResult:Information: Executing ChallengeResult with authentication schemes ().
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[2]
      => RequestId:0HL8GQM6G7E9T:00000001 RequestPath:/api/1.0/things => my-app.things.Controller.Get (Web)
      Successfully validated the token.
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler:Information: Successfully validated the token.
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[12]
      => RequestId:0HL8GQM6G7E9T:00000001 RequestPath:/api/1.0/things => my-app.things.Controller.Get (Web)
      AuthenticationScheme: Bearer was challenged.
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler:Information: AuthenticationScheme: Bearer was challenged.
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[2]
      => RequestId:0HL8GQM6G7E9T:00000001 RequestPath:/api/1.0/things => my-app.things.Controller.Get (Web)
      Executed action my-app.things.Controller.Get (Web) in 23.2551ms
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Executed action my-app.things.Controller.Get (Web) in 23.2551ms
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
      => RequestId:0HL8GQM6G7E9T:00000001 RequestPath:/api/1.0/things
      Request finished in 31.3853ms 401 
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 31.3853ms 401 
The thread 4456 has exited with code 0 (0x0).

必须在MVC之前设置身份验证的中间件。

app.UserAuthentication(); 

app.UseMvc();

上一篇:一分*领袖平台最高邀请码22110100


下一篇:iOS开发-项目的完整重命名方法,图文教程。