Prerequisites
Please answer the following questions before submitting an issue. YOU MAY DELETE THE PREREQUISITES SECTION.
- What is your product version? v10.2.0
- What is your product type (Angular or MVC)? Angular
- What is product framework type (.net framework or .net core)? .net core
Problem Trying to Solve : I have configured a Tenant with its own Openid connect information i.e ClientId LoginUrl AuthorityURl
Now I want to consume my API from a different Application who uses the same OpenID info as above.
When I uses Postman and call the ExternalAuthenticate API and passes the following :
Abp.TenantID - Header
Body :
{"authProvider":"OpenIdConnect","providerKey":"xxxxxxxxF8Z356","providerAccessCode":"eyJraWQiOiJaUHpRQlBEOGRSemZLM0FzWFU2ZFZHsUmVnaW9uIjoiVVMsQ2FuYWRhIn0.lrRRCAI3yhZ5aR66Qs5RZLLsjSoknJpuvfiwzb0vvwR35FIZ4Lj_MvaTGdXG9giDWDx2QxR5_LeMkMbeXqjcBZ6wF1UUXkqqa7aOzO13G-OYM_X3ftpvwKoiwXAjmUewsM5pZWjo4s5fsxj6ms6XWy5J9Xri-yI9lGvcFPCdXUPa5hoWmprW3G_kd17ApLkvg4SzFsSQCU7h7dP5MYcj1fi79AiKLJjFZG9hK8h21Gw8GZeyJHzTHoiYxq5No24NT5_urjkiKM8tYhNggLWggexEFIVs7wvBT_MWOV9kQA8CTzGFBvnyRfjxHsD6CM4l7K1-cUkycVnED0GYIAg9gA","returnUrl":null,"singleSignIn":false}
When I pass the id_token from the other app to the APi endpoint my system is able to validate the Token.
However if I pass the accesstoken from the other app to the API endpoint my system is throwing Signature mismatch error.
I was under the assumption the system could validate the id_token and access token, but it doesn't work that way.
Anyways to solve this issue where i can validate the access token.
2 Answer(s)
-
0
Hi @maharatha
access token is generated by AspNet Zero which doesn't use Identity Server, so it shouldn't work. Could you share how do you retreive the access token which doesn't work for you ?
Thanks,
-
0
I think you can close this issue as now I have a better understand of the Access Token and Id Token. And it make sense what ASPNet Zero is doing.
https://www.c-sharpcorner.com/article/accesstoken-vs-id-token-vs-refresh-token-what-whywhen/