-
-
Notifications
You must be signed in to change notification settings - Fork 149
How to use together with other token validation middleware? #92
Comments
I'd remove the required scopes property on our middleware and see if that changes anything. |
Hi @leastprivilege , thank you for replying. After I commented out the required scope line, the AAD JWT is valid but the request with token issued from local simple auth server still return error 500, with a little different error:
Please help... |
did you set the authentication type to a unique value on each MW? That's an OWIN requirement. |
Ah! It works! Thank you very much @leastprivilege !!! |
@leastprivilege Sorry but I need reopen this issue. I can use multiple MW now with unique AuthenticationType name. But the "insufficient_scope" issue is not resolved... Now the AAD is working with AccessTokenValidation MW, but the local auth server is still not working. As a workaround I added "scope" claim with same required value when I issue token from local auth server. Then when I bring the token to the api, 2 identical identities are added. I believe one is from "UseOAuthBearerAuthentication", one is from "UseIdentityServerBearerTokenAuthentication" |
Are you sure that each middleware has a unique authentication type? |
When I stop the pipeline by breaking at
Please help.. |
The scope validation should only kick in if the |
This is weird.. When I bring the token issue by my own |
does the problem only exist for your own oauth provider - or also for AAD tokens? |
The problem only exists for my own oauth provider... But when I check the token got from AAD, the |
did you ever resolve that? |
No I haven't.... Not sure if it's my
|
anything you want to add? Or can I close this? |
I didn't resolve this... Now I disabled my own OAuth provider to bypass this issue... |
There are two lines in the configuration that say:
|
Hi,
I'm sorry for the dumb question. I'm trying to make my API valid the token issued by IdentityServer3(provided by 3rd party) and the JWT from Azure AD, and the token from MSA, and the token issued by the API's own simple OAuth Authorization Server. So I'm like
app.UseOAuthAuthorizationServer(...)
app.UseMicrosoftAccountAuthentication(...)
app.UseWindowsAzureActiveDirectoryBearerAuthentication(...)
app.UseIdentityServerBearerTokenAuthentication(...)
The token validation was working until I added the last line above. It looks like the Authorization part in http request header is always caught by the IdentityServer3.AccessTokenValidation MW .
The token issued by local AS is no longer valid. I got the error 500 with following message when I provide the bearer token issued by local AS:
And if I provide the token from Azure AD, I will get error 403 with cookie:
WWW-Authenticate: Bearer error="insufficient_scope"
Could you please tell me how to make all validation methods work together? Thanks!
The text was updated successfully, but these errors were encountered: