0

I am still getting 401 unauthorized When I send my token across to my api via swagger

content-length: 0 date: Sat, 06 Jun 2020 12:51:50 GMT server: Microsoft-IIS/8.5 strict-transport-security: max-age=2592000
www-authenticate: Bearer error="invalid_token", error_description="The signature is invalid" x-powered-by: ASP.NET

This is my ConfigureServices Config

 services.AddSwaggerGen(c => {
 c.SwaggerDoc("v1", new OpenApiInfo { Title = "App Manager - Running Buddies", Version = "v1" });
 c.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme {
                Description = "JWT Authorization header using the Bearer scheme.",
                Name = "Authorization",
                In = ParameterLocation.Header,
                Type = SecuritySchemeType.Http,
                Scheme = "bearer",
                BearerFormat = "JWT"

            });

            c.AddSecurityRequirement(new OpenApiSecurityRequirement{
   {
    new OpenApiSecurityScheme{
        Reference = new OpenApiReference{
            Id = "Bearer", //The name of the previously defined security scheme.
            Type = ReferenceType.SecurityScheme
        }
    },new List<string>()  }
    });


        });

        services.AddTokenAuthentication(Configuration);

My AddTokenAuthentication call which is extension to configure the authentication JWT Bearer can swagger not allow the testing when its a barrer token 

 public static class AddTokenAuthentications {
    public static IServiceCollection AddTokenAuthentication(this IServiceCollection services, IConfiguration config) {
        var secret = config.GetSection("JwtToken").GetSection("SecretKey").Value;
        var keySecret = Base64UrlEncoder.DecodeBytes(secret);

        var key = Encoding.ASCII.GetBytes(keySecret.ToString());
        services.AddAuthentication(x => {
            x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
            x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
        })
               .AddJwtBearer(x => {

                   {

              //        x.Audience = config.GetSection("JwtToken").GetSection("Audience").Value;
                    //   x.Authority = config.GetSection("JwtToken").GetSection("Authority").Value;

                       x.RequireHttpsMetadata = false;
                       x.SaveToken = true;
                       x.TokenValidationParameters = new TokenValidationParameters {
                           ValidateIssuerSigningKey = true,
                           IssuerSigningKey = new SymmetricSecurityKey(key),
                           ValidateIssuer = false,
                           ValidateAudience = false
                       };
                   }
               });

        return services;
    }

As you can see the barrer token is in the curl statment so it should be authorised

curl -X GET "https://******/api/BmiInformations/bmi/all" -H "accept: text/plain" -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1OTE0NDk5NjIsImlzcyI6Imh0dHBzOi8vYXBpLWZpdG5lc3NidWRkaWVzLm5ldCIsImF1ZCI6Imh0dHBzOi8vYXBpLWZpdG5lc3NidWRkaWVzLm5ldCJ9.txG4OUUcfOqdDSBvPWJTuMaQ0RbThbvQwPiwgAleUrk"

Edit 2 As you see here the jwt token is valid

https://jwt.io/#debugger-io?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1OTE0NjEwNzksImlzcyI6Imh0dHBzOi8vbG9jYWxob3N0OjQ0Mzk2LyIsImF1ZCI6Imh0dHBzOi8vbG9jYWxob3N0OjQ0Mzk2LyJ9.pkw-RisnhJ6J2XuC8tynFeiN_zEygYblulNA4mqRbac

c-sharp-and-swiftui-devni
  • 3,743
  • 4
  • 39
  • 100

0 Answers0