1

I have a webapi and I need to have authentication, I'm doing this with AAD in V1.

I have all set, with postman I can get a token, but, whenever I try to make a request to the api, it gives me the error 401:

Bearer error="invalid_token", error_description="The signature is invalid"

this is the code on ConfigurationServices:

    services.AddAuthentication(sharedOptions =>
    {
        sharedOptions.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;

    })
    .AddAzureAdBearer(options => Configuration.Bind("AzureAd", options));

this is the class generated for azure authentication:

    public static AuthenticationBuilder AddAzureAdBearer(this AuthenticationBuilder builder)
        => builder.AddAzureAdBearer(_ => { });

    public static AuthenticationBuilder AddAzureAdBearer(this AuthenticationBuilder builder, Action<AzureAdOptions> configureOptions)
    {
        builder.Services.Configure(configureOptions);
        builder.Services.AddSingleton<IConfigureOptions<JwtBearerOptions>, ConfigureAzureOptions>();
        builder.AddJwtBearer();
        return builder;
    }

    private class ConfigureAzureOptions: IConfigureNamedOptions<JwtBearerOptions>
    {
        private readonly AzureAdOptions _azureOptions;

        public ConfigureAzureOptions(IOptions<AzureAdOptions> azureOptions)
        {
            _azureOptions = azureOptions.Value;
        }

        public void Configure(string name, JwtBearerOptions options)
        {
            options.Audience = _azureOptions.ClientId;
            options.Authority = $"{_azureOptions.Instance}{_azureOptions.TenantId}";
        }

        public void Configure(JwtBearerOptions options)
        {
            Configure(Options.DefaultName, options);
        }
    }

What is missing here? could please help?

Thank you

pcdev
  • 2,852
  • 2
  • 23
  • 39
HLourenco
  • 378
  • 5
  • 19
  • 1
    How are you sending the bearer token? There should be a header `Authorization Bearer `. Also have a look at [this answer](https://stackoverflow.com/a/45833632/2869344) to see if it helps you with the API configuration. – pcdev Sep 27 '17 at 01:59
  • Yes, I have the header... – HLourenco Sep 27 '17 at 08:47
  • @HLourenco do you remember if you ever fixed this problem? If so, how? I'm having the same issue... – Gabriel Bourgault Jul 26 '18 at 18:28
  • 1
    @Gabriel Bourgault I have solved this problem, I think what I did was, in AAD I changed permissions of my app and from that point onwards, the token has been valid because the entity was recognized – HLourenco Jul 27 '18 at 16:04

2 Answers2

0

As pcdev said in his comment make sure that you add the Authorization header to all requests.

The JWT token should be in three parts separated by dots. The signature is the third part.

You can check the token that you send at http://jwt.calebb.net or https://jwt.io

RasmusW
  • 3,355
  • 3
  • 28
  • 46
  • It didn't work, I had the correct header but it didn't work as well. The signature has [signature] in the end. Some another thing on that? – HLourenco Sep 27 '17 at 08:47
0

I had a similar problem and just used the following and it worked. 

services.AddAuthentication(AzureADDefaults.BearerAuthenticationScheme)
            .AddAzureADBearer(options => Configuration.Bind("AzureAd", options));
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
Suraj Rao
  • 29,388
  • 11
  • 94
  • 103
colin powell
  • 13
  • 3