I’m trying to call a custom API on .net core from a js SPA, the authentification works fine but when I call the api it returns 401, using the access token. I don’t have any scopes or permissions set.
Does anyone know why this happens?
Edit: I’ve checked the bearer token that I received and it doesn’t seem valid, at least in the RS256 format.
@AlwaysBuyCheap welcome to the community!
I’m assuming this is due to the Access Token missing an audience (aud) claim - This is specified as a param in the
/authorize request and might be a good place to start.
Question: What is the Audience?
The audience parameter exists as part of the OAuth2.0 protocol. You can read more information from the specification here.
What is it?
The audience (presented as the aud claim in the access token) defines the intended recipients of the token.
This is typically the resource server (API, in the dashboard) that a client (Application) would like to access.
It can be added to the request to authorize i.e. audience: 'https://test-api'
Here is an example w…
I also came across the following topic which may be of use:
I have a .NET Core Angular app that has been setup to make secure calls to an API using but I’m getting a 401error when the client application makes the call to the API.
This issue has been reported several times, but none of the previous posts provide a solution.
I used the auth0-angular SDK as per the guidance in the
Complete Guide to Angular User Authentication and the instructions the from the Authorization for ASP.NET Web APIs blog post to setup authorization for the API. I can secur…
Let us know!
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.