0

I've set up a simple API in .NET Core protecting it using JWT orchestrated by Identity Server 4. When I access an endpoint attributed [Authorize], I get the response as expected (401 Unauthorized). Commented out, it returns the actual data, just as suppsed to.

Now, when added the header with key Authorization and value Bearer XXX, where XXX is my obtained token, I get an immediate error message saying that

Could not get any response

followed by four suggestions on what to do. I turned off the SSL cert and the proxy isn't needed as everything's run locally in a basic setup. The timeout isn't relevant (set to 0 and the error occurs immediately).

It leaves me with the abstract option of *backend not working properly. I haven't done anything special, simply following the guide provided at IS's site. My impression, supprted by the immediateness of the error is that I've done something less bright in Postman. ALso, the console of the IS says nothing about errors, which furthermore strenghtens my suspition of the issue being with unrelated to it.

I tried to set different authorizations on the tab below URL. Same result for each call. I checked the hosts file and it looks like this

127.0.0.1 localhost

I've made sure there's no line break at the end of the pasted-in token as suggested by this article. I've tried setting key Content-type to application/json et.al. like suggested here. I've checked that I don't have colliding environmental variables like shown here. Etc. - basically any info, article and hint I've found.

At this stage, I'm out of ideas on how to troubleshoot the issue and I'm dry on new keywords to google for.

What might be the cause, what can be done about it and, at least, where can I get more inspiration on how to proceed?

Konrad Viltersten
  • 36,151
  • 76
  • 250
  • 438
  • Are you sure the website is running under `https`? Have you tried using `http` in Postman? – Simply Ged Nov 04 '18 at 22:26
  • For `where XXX is my obtained token`, how did you obtain this token? To check whether it is related with postman configuration, you could make a test with simple html page and send ajax request to this endpoint, did you get any error? In additition, you could make a test with Fiddler to send request. – Edward Nov 05 '18 at 01:38
  • @TaoZhou Turns out, the token copied got the line-breaks incorporated into the string and converted to spaces. That made PostMan choke. It was yours *how did you obtain the token* that made me think. You probably meant **the code** but it got me thinking about the actual act of copying it. And pasting in, of course. Please repost your remark as a reply so I can accept it. – Konrad Viltersten Nov 06 '18 at 14:33

2 Answers2

1

For narrowing down this issue, check whether the token is validate and whether the token is copied correctly, compare the token sent from request and the original token.

Edward
  • 28,296
  • 11
  • 76
  • 121
1

I ran into this issue recently and fixed it by doing request Authorization in the Authorization tab instead of the Headers tab.

Click the Authorization tab, change the type to Bearer, and paste in your token.

If possible, you might also want to automate the capturing of your access token as an environment variable; this prevent copy/paste issues and allows you to easily refresh your token after it expires.

To do this, you would need to create and save a Postman request that retrieves the access token, then use the "Tests" tab from that request to parse the response and set the access token as a variable.

Here's some example test code that may need modification depending on your specific endpoint:

var jsonData = JSON.parse(responseBody);
postman.setEnvironmentVariable("accessToken", jsonData.accessToken);

After making the request to login, the {{accessToken}} environment variable should be populated, and you can use {{accessToken}} as your Authorization value instead of the raw token string.

humbleice
  • 816
  • 8
  • 15