I have a microservice architecture with a ASP.NET Core MVC application as a frontend. All the microservices are also implemented as ASP.NET Core services (Rest Services). I created a Client in my dashboard and a API for each Microservice. I authorized the client for all the API’s. I am able to login to my application and save the tokens. The access_toke I get is really short, so not really a bearer token. If I then try to access the API i get a 401 Unautherized.
Which step am I missing? Do I need to implement another call to get an access_token?
Update
I just saw this in the quickstart
OnRedirectToIdentityProvider = context =>
{
context.ProtocolMessage.SetParameter("audience", "http://my-api");
return Task.FromResult(0);
}
But I have more than one API. How can I add multiple audience?