I created an SPA application and Asp.Net MVC application. Downloaded both samples. Both applications are under the same Auth0 account I have. SPA implicit grant flow works. Asp.Net MVC sample works. Logs in and Logs out. I used the same user account under my Auth0 account which is where both applications are. The samples I downloaded from Auth0 are literally unmodified. Logging in to Asp.Net MVC application and accessing protected method (Test/ConfirmAccess) works. But if I took the access token I got in SPA application and make CURL call the MVC application’s API endpoint (after adding a WebAPI endpoint) I get “unauthorized” error.
Dont you have any SPA + Asp.Net MVC sample? I am sure there are lot of applications that have this arrangement. (We have Asp.Net MVC application as well as SPA applications that use the APIs in our Asp.Net MVC application. I am surprised you dont have straight forward samples for this.
C:>curl --request GET --url “https://authtester.azurewebsites.net/api/Login/ConfirmAccess” --header “authorization: Bearer X5XP2FDEK3pd1ad5w-jw4CAUkxoadGAz”
{“Message”:“Authorization has been denied for this request.”}
C:>