Auth0 Home Blog Docs

Access token not working

#1

I created an SPA application and Asp.Net MVC application. Downloaded both samples. Both applications are under the same Auth0 account I have. SPA implicit grant flow works. Asp.Net MVC sample works. Logs in and Logs out. I used the same user account under my Auth0 account which is where both applications are. The samples I downloaded from Auth0 are literally unmodified. Logging in to Asp.Net MVC application and accessing protected method (Test/ConfirmAccess) works. But if I took the access token I got in SPA application and make CURL call the MVC application’s API endpoint (after adding a WebAPI endpoint) I get “unauthorized” error.

Dont you have any SPA + Asp.Net MVC sample? I am sure there are lot of applications that have this arrangement. (We have Asp.Net MVC application as well as SPA applications that use the APIs in our Asp.Net MVC application. I am surprised you dont have straight forward samples for this.

C:>curl --request GET --url “https://authtester.azurewebsites.net/api/Login/ConfirmAccess” --header “authorization: Bearer X5XP2FDEK3pd1ad5w-jw4CAUkxoadGAz”
{“Message”:“Authorization has been denied for this request.”}
C:>

#2

I tried SPA + API too… Authorization failed. I am not sure if I am extracting the bearer token right (from SPA). I pulled the bearer token from the callback (this is what I pulled wkme7MdsdR7nmp7PiTcO2FgaCVdBD3hV)

https://authtester.azurewebsites.net/Home#access_token=wkme7MdsdR7nmp7PiTcO2FgaCVdBD3hV&scope=openid&expires_in=7200&token_type=Bearer&state=QQdQLdBPlA.hYEc7Amb6MN3nXRpX_tpO&id_token=eyJ0eXAiOiJKV1QiLCJhbGcidiJSUzI1NiIsImtpZCI6Ik9EVXlORVl6UWpoRE5UVXhNMFpFT1VReE5qUTFSVEZHT1VZeU5ESkRNa05GTdRRMVJrTkZOUSJ9.eyJpc3MiOiJodHRwczovL3JhamFueHQuYXV0aDAuY29tLyIsInN1YiI6ImF1dGgwfDVjYjE0NmUwNTc5ZjA3MGVjMWU3NWE5NyIsImF1ZCI6IjZIV3hhWWFUczhkTnBBMUs5TURPVXhdQzRLNFNYRWNkIiwiaWF0IjoxNTU1Mzg2MzI3LCJleHAiOjE1NTU0MjIzMjcsImF0X2hhc2giOiJaM0gzSzdfRzY1eW5IdGs4ZlpYY3NBIiwibm9uY2UiOiJwfmxGZ0l6UnlfdFIyaS1QN0ZyTG5vVmpUUHpmTlZHaCJ9.OdnMroJF2SDN4hC2zexMJod9U63-Ms0gQxtn5XBiYljukuatxjrx5UkMC8aEVJS_tJ-q5mvNvaEPPKpOBsOReuhz_HJjJsO7HytDlDgqLHBPP5y9XIVo_HCobTVuo7fkcgA8-CQ5OKdpWk6mHTE8wr0FpFM-GKTrCJ_qNdbstCl6eLXuN0MXIGMppgTn8UOn6ydaKm52vqFnkuWbmiYOjr4Msonrlj7ZVL70Mw7LfyHikG3r8B3BRmvkOxfSwLzKpBZA83vsgYYr3UENZhShyj4QVVuwt91G3YjBf2yb08-TvR5-KIHdgxZC7wIdPEP0_Krb9kyK3v0XJeC5akORtg