According to log Audience is invalid, below is JWT and Module code:
022-10-12 00:44:56.852 +02:00 [INF] Request starting HTTP/1.1 GET https://REDACTED/api/app/orders application/json -
2022-10-12 00:44:56.854 +02:00 [INF] Failed to validate the token.
Microsoft.IdentityModel.Tokens.SecurityTokenInvalidAudienceException: IDX10214: Audience validation failed. Audiences: 'System.String'. Did not match: validationParameters.ValidAudience: 'System.String' or validationParameters.ValidAudiences: 'System.String'.
at Microsoft.IdentityModel.Tokens.Validators.ValidateAudience(IEnumerable1 audiences, SecurityToken securityToken, TokenValidationParameters validationParameters) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateTokenPayload(JwtSecurityToken jwtToken, TokenValidationParameters validationParameters) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken) at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync() 2022-10-12 00:44:56.854 +02:00 [INF] Bearer was not authenticated. Failure message: IDX10214: Audience validation failed. Audiences: 'System.String'. Did not match: validationParameters.ValidAudience: 'System.String' or validationParameters.ValidAudiences: 'System.String'. 2022-10-12 00:44:56.855 +02:00 [INF] Executing endpoint 'Waltons.Switch.Controllers.Orders.OrderController.GetListAsync (Waltons.Switch.HttpApi)' 2022-10-12 00:44:56.855 +02:00 [INF] Route matched with {area = "app", controller = "Order", action = "GetList", page = ""}. Executing controller action with signature System.Threading.Tasks.Task
1[Volo.Abp.Application.Dtos.PagedResultDto`1[Waltons.Switch.Orders.OrderWithNavigationPropertiesDto]] GetListAsync(Waltons.Switch.Orders.GetOrdersInput) on controller Waltons.Switch.Controllers.Orders.OrderController (Waltons.Switch.HttpApi).
2022-10-12 00:44:56.866 +02:00 [INF] Authorization failed. These requirements were not met:
PermissionRequirement: Switch.Orders
2022-10-12 00:44:56.868 +02:00 [WRN] ---------- RemoteServiceErrorInfo ----------
{
"code": "Volo.Authorization:010001",
"message": "Authorization failed! Given policy has not granted.",
"details": null,
"data": {},
"validationErrors": null
}
Hi, we are attempting to authenticate an external system using the client_credentials grant type.
We have setup the client through the Identity Server UI and granted permission. We are able to retrieve a token from /connect/token that includes a scope and the audience however when we use the token to access any API we receive the above error stating that permissions are not granted.
If we create a regular user and authenticate through the password grant type we are able to access the API however this is not what we want as the credentials could be used to access the frontend.
I have aligned the settings (incl permissions) for the new client with the default ProjectName_App client. If I use ProjectName_App as the client_id the API calls complete successfully. if I use the test client it fails due to permissions.
The tokens received back are near identical, only difference is the client_id
What am I missing?
Looks like that did the trick thank you! I will run some more testing over the coming days
Created a fresh 5.2.1 Blazor Server project using the suite, getting "type or namespace AbpUowHubFilter not found"
This wasn't an issue on < 5.2 of ABP
As per the title and information above, a core feature of the ABP Commercial does not work. There seems to be very little priority to resolve this.