0

I'm requesting a token against an identity server app, that we used on a previous project, for the current project. On my local machine, so localhost level.

The token request works:

IdentityServer3.Core.ResponseHandling.TokenResponseGeneratorCreating token response
IdentityServer3.Core.ResponseHandling.TokenResponseGeneratorProcessing token request
Identity.Api.Monitoring.IdentityEventServiceInformation - 2020 - Refresh token issued -  - IdentityServer3.Core.Events.RefreshTokenDetails
Identity.Api.Monitoring.IdentityEventServiceInformation - 2000 - Access token issued -  - IdentityServer3.Core.Events.AccessTokenIssuedDetails
Identity.Api.Monitoring.IdentityEventServiceSuccess - 3000 - Endpoint success -  - IdentityServer3.Core.Events.EndpointDetail
IdentityServer3.Core.Endpoints.TokenEndpointControllerEnd token request
IdentityServer3.Core.Results.TokenResultReturning token response.

I get this response:

{
    "access_token": "myaccesstoken",
    "expires_in": 86400,
    "token_type": "Bearer",
    "refresh_token": "myrefreshtoken"
}

Now if I use that token on my request, I get a 401 unauthorized response:

enter image description here

At face value I'd expect this call to work, as I'm passing a correct token. So, what can I do to figure out why it doesn't work?

Spikee
  • 3,967
  • 7
  • 35
  • 68

1 Answers1

1

Authorization header should have Bearer instead of BASIC

Authorization: Bearer SomeTokenHere
StefanE
  • 7,578
  • 10
  • 48
  • 75
  • Oh, that simple, no idea how that got there. An oversight :). – Spikee Sep 05 '18 at 11:28
  • As an aside, a 400 Bad Request response would seem more logical than the 401 I got. Receiving that 401 made me overthink the issue as I had no direction to look at. – Spikee Sep 05 '18 at 11:50
  • I believe 400 is returned as it won't consider the Basic Auth header as a proper formatted request.. Discussed here: https://stackoverflow.com/questions/10576898/what-is-the-most-appropriate-http-status-code-to-return-if-a-required-header-is – StefanE Sep 07 '18 at 08:29