I am trying to use Microsoft SSO with Azure Active Directory to authenticate users and also authorize API access. But I am stuck with token validation at the time of accessing the API. I get 401 Unauthorized
error with below response header
content-length →0
date →Tue, 28 Jan 2020 04:49:20 GMT
server →Kestrel
www-authenticate →Bearer
What is the cause of this error? I am using postman to hit the API with the token. The token is valid on jwt.io but still I am not able to access the APIs.
Below is the token:
token at jwt.io
Please help! Thanks.
I was running into this problem, where I had to sort out "invalid issuer" and then just got a plan "www-authenticate: Bearer" 401.
To solve it, I had to call app.UseAuthentication() before app.UseAuthorization() in Startup.Configure() for my API app. After that it would go through.
It might be nice if that were mentioned here: https://learn.microsoft.com/en-us/azure/active-directory/develop/scenario-protected-web-api-app-configuration.
My thought is that the application needs to authenticate you before it can tell if you should be authorized or not, so if that's not there it will fail authorization.
Related
getUserInfo within api Explorer dies
We were getting a 401 when attempting to use the REST getUserInfo endpoint. So, we decided to test it using the Docusign provided API explorer. Same error, but it also gives a response of "internal_server_error"
Does that endpoint just not work?
After further testing, we reauthenticated and used a brand new access token, instead of the one re-issued from the refresh token request, and it worked. Not sure if that endpoint is not available after a refresh token has been re-issued?
Note that the host for the method is different than for the other API methods, it's
account-d.docusign.com for the developer sandbox
account.docusign.com for the production platform.
It only works with a bearer token.
The refresh gives you a new bearer token, that should not be an issue.
Docs: https://docs.docusign.com/esign/guide/authentication/userinfo.html
I am receiving "Refresh failed with a 403 Forbidden error. The refresh token was revoked or expired." when i tried to enable the refreshtokens on Azure mobile app with AD authentication, app is build in Android(Xamarin) with client authentication flow implemented. I am doubting if refreshtokens are meant for client authentication flow, Please help.
In my case, I have issue with one of the Google account.
The others accounts do not have problem.
I notice the different is on the account with Two steps authentication enabled, the forbidden error is returned.
Please check it in your case.
Updated: it is not related to 2-step authentication.
Please check the detail here:
https://github.com/Azure/azure-mobile-apps-net-client/issues/293
Currently I try to implement user authorization into an iOS app. Therefore we use Active Directory B2C.
Everything works fine, except the refreshing of my expired tokens. I call the request url (fabrikamb2c.onmicrosoft.com/oauth2/v2.0/token?p=b2c_1_sign_in) to get an access_token and a refresh_token. The response seems to be valid and the access_token works very well as long as it's not expired.
But if I want to get a new token (like it is described here: OAuth 2.0 authorization code flow; see chapter 4) the request just gets responded with a 400: Bad Request.
I can't find out, what I am doing wrong. Do you guys now a way, how to debug these requests or have some kind of checklist what needs to get configured within the Azure portal?
Thanks!
Edit: this is the request I am using:
POST /xxx.onmicrosoft.com/oauth2/v2.0/token?p=b2c_1_local-account-signupin HTTP/1.1
HOST: login.microsoftonline.com
content-type: application/x-www-form-urlencoded
content-length: 1148
client_id=xxx&refresh_token=xxx&grant_type=refresh_token&redirect_uri=urn:ietf:wg:oauth:2.0:oob
Thanks everyone for trying to solve my problem! It came out, that the refresh_token I was using was invalid. So if you are sure, that the request is correct, and you get just a Bad Request response, check the parameters one more time.
I believe you need to specify a value for the scope parameter. The scope parameter is used to inform B2C which resource you are requesting a token for. At this time you'll most likely want to use scope=<client_id> or scope=openid.
I've been able to setup JHipster successfully using both Token and OAuth2 authentication. With both I can login using the default admin/admin account. However, in both cases, I get 401 errors when I want to access any API endpoint, i.e: http://127.0.0.1:8080/api/users
It renders a page with the following message:
Your request cannot be processed
Sorry, an error has occurred.
Status: Unauthorized (Unauthorized)
Message: Access Denied
Am I missing anything obvious?
Are you seeing any the spring security errors in the logs? Your angular session should be passing your recently acquired auth token for the admin user as part of the request to the api. If you want to access the api again outside of angular eg curl/Java client you'll need to request a new token for the user eg https://github.com/reddit/reddit/wiki/OAuth2-Quick-Start-Example
I am developing a skype Api to show user presence using ucwa with the help of steps outlined at Authentication using Azure AD.
I got the bearer token, but when I Perform a GET on the root resource with the bearer token, it always returns 404, Reason Phrase: not found. If I do not include token, it will return un-authorized. So, seems it authorized, but can not find the resource. what could cause this?