1

I'm executing the following C# magic and read the token obtained in jwt.io. All's looking great.

DiscoveryResponse vasco = DiscoveryClient.GetAsync("http://localhost:5100").Result;
string tokenUri = vasco.TokenEndpoint;

TokenClient client = new TokenClient(vasco.TokenEndpoint, "Blopp", "SuperSecret");
TokenResponse cred = client.RequestClientCredentialsAsync("secured_api").Result;
string token = cred.AccessToken ?? "none!";

However, it seems not to be entirely well functioning one, because when pasted into Postman using key Authorization and value Bearer + token (the prefix daded manually), I get into the service not being reachable (as discussed in this question).

Using the same credentials on the endpoint http://localhost:5100/connect/token and Postman's OAuth 2.0 based wizard, produces a token that works.

My conclusion's that I somehow don't fetch the proper token using my code (and fail to realize it due to ignorance) or that I fetch a token that's missing something.

How do I fetch the proper token, complete and entirely equivalent to the one that Postman obtains at the URL above?

Konrad Viltersten
  • 36,151
  • 76
  • 250
  • 438
  • 1
    If the token is incorrect you should get an `unauthorized` response. As per the other question can you check that your website is using `https` or `http`. Using `https` when the site is actually on `http` usually causes the `Could not get any response` error. – Simply Ged Nov 04 '18 at 22:30
  • @SimplyGed As stated in the question - the token is correct and verified. I tried both HTTP and HTTPS - same result there. I'm pretty sure it's got to do with the token anyway but I can't tell how. I have the sense that somehow, illegal characters are being copied when I take the token string (and that JWT.io filters them out)... – Konrad Viltersten Nov 06 '18 at 14:26

1 Answers1

1

My conclusion's that I somehow don't fetch the proper token using my code (and fail to realize it due to ignorance) or that I fetch a token that's missing something.

From your codes , you are protecting an API using Client Credentials, so firstly please follow the detailed steps in article to config the identity server , web api and the clients .

For testing , i follow the steps in the article , and use same codes as you shown to acquire token :

        // discover endpoints from metadata
        var disco = await DiscoveryClient.GetAsync("http://localhost:5000");
        if (disco.IsError)
        {
            Console.WriteLine(disco.Error);
            return;
        }

        // request token
        var tokenClient = new TokenClient(disco.TokenEndpoint, "client", "secret");
        var tokenResponse = await tokenClient.RequestClientCredentialsAsync("api1");

        if (tokenResponse.IsError)
        {
            Console.WriteLine(tokenResponse.Error);
            return;
        }

        Console.WriteLine(tokenResponse.Json);
        Console.WriteLine("\n\n");

'http://localhost:5000' is the identity server's host endpoint and clinet/secret is the credential of my client :

 public static IEnumerable<Client> GetClients()
 {
  return new List<Client>
  {
    new Client
    {
        ClientId = "client",

        // no interactive user, use the clientid/secret for authentication
        AllowedGrantTypes = GrantTypes.ClientCredentials,

        // secret for authentication
        ClientSecrets =
        {
            new Secret("secret".Sha256())
        },

        // scopes that client has access to
        AllowedScopes = { "api1" }
    }
};
}

Use that token to access the web api in Postman : enter image description here

You can also compare the acquiring token request when using the OAuth 2.0 based wizard and confirm that you are using the client credential flow .

Nan Yu
  • 26,101
  • 9
  • 68
  • 148
  • Well, you were wrong on your analysis but managed to set me on the right course anyway, so good job. Turns out, when I copied the token, it got the line-breaks converted to spaces somehow and then, PostMan refuses to make the call to begin with. Now it works! THanks. – Konrad Viltersten Nov 06 '18 at 14:30