Ready to post? First, try searching for your answer.
(i am using .NET 8 and also all the packages that i use related to .net/auth0 8.0)
(i am using the Blazor template)
I am trying to obtain the access token in the frontend, because finally i want to use roles inside the access token to send requests to a rest api which requires certain roles.
in my code i configure the clientID as clientID and inside the tokenvalidation i use my authority
builder.Services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(options =>
{
options.Authority = $"https://{builder.Configuration["Auth0:Domain"]}";
options.ClientId = builder.Configuration["Auth0:ClientId"];
options.ClientSecret = builder.Configuration["Auth0:ClientSecret"];
options.ResponseType = "code";
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("email");
// Set the audience in the Token Validation Parameters
options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
{
ValidAudience = builder.Configuration["Auth0:Audience"] // This should be the API identifier you want to access
};
options.SaveTokens = true;
options.CallbackPath = "/signin-auth0";
});
as error i get that the value of the clientID is not in the audiences (see error below)
Microsoft.AspNetCore.Authentication.AuthenticationFailureException: An error was encountered while handling the remote login.
---> Microsoft.IdentityModel.Tokens.SecurityTokenInvalidAudienceException: IDX10214: Audience validation failed. Audiences: 'lMzCtrFAeBCX8VpFdKDkgvZSRUwb9Mle'. Did not match: validationParameters.ValidAudience: 'https://vvt-en-de-kansen-van-ai.eu.auth0.com/api/v2/' or validationParameters.ValidAudiences: 'null'.
at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.ValidateTokenUsingHandlerAsync(String idToken, AuthenticationProperties properties, TokenValidationParameters validationParameters)
at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync()
--- End of inner exception stack trace ---
at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddlewareImpl.Invoke(HttpContext context)
My questions are
- am i on the right track to authorize endpoints using roles.
- how is it even possible that the value of the clientID is being saved in the audiences?
(yes i triple checked my appsettings.json the variables are configured correctly)