Base solution for your next web application
Ends in:
01 DAYS
01 HRS
01 MIN
01 SEC
Open Closed

External Authenticate - id_token and access token #10481


User avatar
0
maharatha created

Prerequisites

Please answer the following questions before submitting an issue. YOU MAY DELETE THE PREREQUISITES SECTION.

  • What is your product version? v10.2.0
  • What is your product type (Angular or MVC)? Angular
  • What is product framework type (.net framework or .net core)? .net core

Problem Trying to Solve : I have configured a Tenant with its own Openid connect information i.e ClientId LoginUrl AuthorityURl

Now I want to consume my API from a different Application who uses the same OpenID info as above.

When I uses Postman and call the ExternalAuthenticate API and passes the following :

Abp.TenantID - Header

Body :

{"authProvider":"OpenIdConnect","providerKey":"xxxxxxxxF8Z356","providerAccessCode":"eyJraWQiOiJaUHpRQlBEOGRSemZLM0FzWFU2ZFZHsUmVnaW9uIjoiVVMsQ2FuYWRhIn0.lrRRCAI3yhZ5aR66Qs5RZLLsjSoknJpuvfiwzb0vvwR35FIZ4Lj_MvaTGdXG9giDWDx2QxR5_LeMkMbeXqjcBZ6wF1UUXkqqa7aOzO13G-OYM_X3ftpvwKoiwXAjmUewsM5pZWjo4s5fsxj6ms6XWy5J9Xri-yI9lGvcFPCdXUPa5hoWmprW3G_kd17ApLkvg4SzFsSQCU7h7dP5MYcj1fi79AiKLJjFZG9hK8h21Gw8GZeyJHzTHoiYxq5No24NT5_urjkiKM8tYhNggLWggexEFIVs7wvBT_MWOV9kQA8CTzGFBvnyRfjxHsD6CM4l7K1-cUkycVnED0GYIAg9gA","returnUrl":null,"singleSignIn":false}

When I pass the id_token from the other app to the APi endpoint my system is able to validate the Token.

However if I pass the accesstoken from the other app to the API endpoint my system is throwing Signature mismatch error.

I was under the assumption the system could validate the id_token and access token, but it doesn't work that way.

Anyways to solve this issue where i can validate the access token.


2 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @maharatha

    access token is generated by AspNet Zero which doesn't use Identity Server, so it shouldn't work. Could you share how do you retreive the access token which doesn't work for you ?

    Thanks,

  • User Avatar
    0
    maharatha created

    I think you can close this issue as now I have a better understand of the Access Token and Id Token. And it make sense what ASPNet Zero is doing.

    https://www.c-sharpcorner.com/article/accesstoken-vs-id-token-vs-refresh-token-what-whywhen/