I want to be able to know who’s connected to my app. The client connected client is sending a request to https://<My-tenant>/api/v2/users/auth|7C5da4e39...
But all i’ve got is :
{
“statusCode”: 401,
“error”: “Unauthorized”,
“message”: “Invalid token”,
“attributes”: {
“error”: “Invalid token”
}
}
Your decoded token example looks like an ID token, where you will want to use an access token to talk to the management API. I suspect that is why you are seeing the 401. The bearer token should be an access token.
I tried with my accessToken, but if I use this acessToken as a Bearer token it doesn’t work. I can’t decode this accessToken on jwt.io.
The generated test token doesn’t look like the accessToken I got : it’s way longer than 33 chars.
Even after I refreshToken call, my accessToken is short and unusable.
Maybe I did something wrong and this accesToken is not correctly generated ?
@markd Can you tell me what audience I shoul put to access to this endpoint ?
Initially, I used https://<my-tenant>/userinfo as audience, but in the test token, the audience was https://<my-tenant>/api/v2/. I used the same, then after being authenticated, the app asked me to authorize access to profile etc… after that, my access token was normal (starting with ey... and with a lot of chars). Is that the right endpoint to use ?
I tried with my accessToken, but if I use this acessToken as a Bearer token it doesn’t work. I can’t decode this accessToken on jwt.io.
The generated test token doesn’t look like the accessToken I got : it’s way longer than 33 chars.
Even after I refreshToken call, my accessToken is short and unusable.
Is the access token you are using meant for the API endpoint you are calling? An access token can only be used with its intended audience.
Depending on how the access token was created, it may be a JWT or an opaque token. Opaque tokens cannot be decoded at jwt.io because they aren’t JWTs.
I have the same issue and I have no clue what’s going on…Am using an .net6 MVC app with .net6 web API. The login process is ok and I get back and id token and an opaque access token. I set the audience to the api identifier as mentioned in docs but still get an invalid_token error. here is my api configuration in program.cs:
I tried many other things as:
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = ClaimTypes.NameIdentifier,
ValidateAudience = true,
ValidAudiences = new List() { audience },
ValidateLifetime = true
};
But still getting the same error. Is there any way to investigate further?