I am passing an Access Token to my .NET 6 API and it is not passing Authorization. This token is generated by first loging in thorugh my web app and then getting the Access Token. I have properly set up the web app, and api app on auth0 portal. I am passing the proper audience when I ask for the access token. I have set up the middleware properly in the api. What am I doing wrong? The machine to machine access token is working but that does not do anything for me. I need to authorize specific users!
Hi there @mmamalis, welcome to the community!
Can you elaborate a bit more on what you mean by passing Authorization? Are you receiving an error of any kind? It sounds like you’ve done your due diligence so I’d be curious so I’d be curious to know how and where exactly this is breaking down for you.
The more information you can provide the better!
I have an endpoint on my API that is decorated with the [Authorize] attribute. When I pass an Access Token from the Web App to the API App, which is obtained by the Web App after authenticating the User with Auth0, the API endpoint returns a 401 Unauthorized. When I pass a machine -to-machine Access Token (obtained from the Auth0 Test section on the API Configuration screen) to the API then it goes through Authorization fine. But that M2M token is not useful to me cause I need the user claims which are only available through the Login process.
Thanks for the detailed information!
I’m not entirely sure what could be going on here - Having a misconfigured audience is what would typically cause a 401 like you are seeing. It sounds like, based on the fact that Access Tokens obtained elsewhere don’t have the same problem, the issue is in your client application somewhere. I recommend double checking all configuration related to requesting the Access Token itself and going from there.
Let us know what you come up with!
I can post images with the configuration from postman and the configuration on the api and you can see how it all matches.
1 Like
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.