Passing the access token on the URL #2716
Comments
|
IE has a 2048 length limitation on query strings. That's probably what you are hitting. Either reduce the number of claims or use reference tokens. |
|
I switched to using reference tokens by adding the AccessTokenType = AccessTokenType.Reference to the Client in the Identity Server. This reduced the size of the access token to 32 characters. Now, I'm well under the 2048 URL limit. I didn't need to change anything on the WebApi2 server and all of my authorization code still works. This is fantastic. However, I still get "Authorization has been denied for this request." when I visit https://localhost/DocumentWeb/GetFile/3234?access_token=81b88d0a52a77f934b9d50165e7ec6ff Is this the proper way of sending the access token via the URL? Thank you! Ranger. |
|
By default the MW looks for the token on the authorization header - you need to add a "provider" to check the query string. It's on the options. |
|
Excellent! That is what I needed. I created the following new TokenProvider that looks for the access_token in the URL. Thank you for pointing me in the right direction. Ranger. |
|
Hi Ranger Dunadan can i know where you change or in which file you done this change |
Where? And is similar possible with IdentityServer4.AccessTokenValidation? |
|
Ah it's |
|
Use an Authorization header to work with your own data: whenever i am trying to use this API:"https://reactnd-books-api.udacity.com/" and hit the server the above message is being displayed. i just want o view the data in json form |
|
Hi All
I am using wso2 identity server. I want to send token in url.is that
possible?
Thanks
Sonia Varshney
…On Thu, Aug 3, 2017 at 12:16 AM, vikas199 ***@***.***> wrote:
Use an Authorization header to work with your own data:
fetch(url, { headers: { 'Authorization': 'whatever-you-want' }})
The following endpoints are available:
GET /status
GET /books
GET /books/:id
PUT /books/:id { shelf }
POST /search { query, maxResults }
whenever i am trying to use this API:"https://reactnd-books-
api.udacity.com/" and hit the server the above message is being
displayed. i just want o view the data in json form
how is that possible
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#2716 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AIXxcwrH56U0mjeyF8ximhTzmQH4RFbLks5sUMPxgaJpZM4Hyrd_>
.
|
|
Yes #2716 (comment) |
Hello,
I have run into a predicament while using tokens and angularjs. I have a fairly large angularjs project that uses IdentityServer3 for authenticating against Active Directory and then providing a list of claims. I'm able to create an access token that has the list of groups the user has access to. Currently, the access token is nearly 2000 characters long.
Part of the angularjs app allows a user to download and view files depending upon the user's access. The problem is that I can't get IE 11 to display a PDF in an iframe...this is because IE 11 apparently doesn't support a data based URI. (Chrome works fine by the way). In order to overcome this I can't call the API that returns the binary version of the PDF using AJAX (because I'm then tied to a data based URI), and since I can't use AJAX I can't pass the access token via the header. So, I thought I would instead generate a URL to the API (I'm using webapi with UseIdentityServerBearerTokenAuthentication) and pass the access token on the URL as part of the query string.
I'm doing it like this: https://localhost/DocumentWeb/GetFile/3234?access_token=<access_token>
I'm using the access token that I find the Authorization Bearer Header. I always get the error message that states: "Authorization has been denied for this request."
Is this possible to do? If so what do you suppose I'm doing wrong?
Thank you!
Ranger.
The text was updated successfully, but these errors were encountered: