Hello guys.
I tried to create .NET Core 2 app which uses only REST API. To consume this API I want to use Vanila JS or Jquery.
I played around with a sample app: “ASP.NET Core v2.0: Login” (in github: auth0-aspnetcore-webapi-samples/tree/master/Quickstart) and with a sample app “JavaScript: Login” (in github auth0-javascript-samples). But without success :(.
I want on UI get JWT token from Auth0.com. I think that I should be transferred to Auth0.com site and log in there. Then go back to my site with JWT token. After that, I want to call my API with the token to Authorize this call. Can you suggest me how I can do it? Some links or anything like that?
The other idea is to call REST API. UI I’ll sent as params login and password. Then the method will call Auth0. Auth0 will return to app JWT token. The app will return JWT token to UI. UI will save token and every time when I’ll call any API method I’ll use that JWT token.
If those approaches are wrong, please tell me what is a proper way of doing that stuff?
I want to also say that I want to be able to test that solution with Postman :).
@Tomasz let’s see what we can do! Your approach sounds correct. What kind of application do you have? If it’s a single page application there is a short intro here on them Single Page Applications and as you mentioned the JavaScript Login is a good one (the guide can be found here: Auth0 JavaScript SDK Quickstarts: Login
You said you tried but without success. What happened when you tried these applications? Where did things not work. What happened and what did you expect to happen? And we can see how to fix any issues that came up.
Hey @kimcodes!
I’ll do all my steps once again for you :).
So… I downloaded the sample for jQuery. I can log in within auth0.com nice and smooth :).
Then I download the sample ASP.NET Core Web API v2.0: Authorization. I kicked off. I went to site: http://localhost:3010/api/public and I can see: {“message”:“Hello from a public endpoint! You don’t need to be authenticated to see this.”}.
A token which I’ll use I took from localStorage.id_token.
I tried to go to the site: http://localhost:3010/api/private. I saw: This page isn’t working. If the problem continues, contact the site owner. HTTP ERROR 401
I ran Postman:
Get: http://localhost:3010/api/private
Authorisation Type: Bearer Token (localStorage.id_token token from there)
I send a request. I got 401 Unauthorized
Thanks so much for outlining the steps for me! Let’s take a look. I believe we will need to pass the access token instead of the id token , can you give that a shot and see what you get back?
Looks like your access token might be opaque (you can check your token at https://jwt.io/). Usually an opaque token means that the token was not requested for a particular audience. Does the request have an audience value in the payload? (It would need to be the API identifier as the value if that is what you are trying to call.)
Hey Kim.
Probably I did something wrong with my configuration. Can you take a look at that?
Thanks :).
I check id_token:
[mod edit: private info included] .
For access_token:
[mod edit: private info included] .
My auth0-variables.js: [mod edit: private info included] .
In my c# app:
[mod edit: private info included]
Applications:
[mod edit: private info included]
APIs:
[mod edit: private info included]
Auth0 Managment API:
[mod edit: private info included]
Muzyczni:
[mod edit: private info included]
The invalid signature is that what you get when you copy/paste the access token ? The API Authorization expects a JWT which only happens if the audience parameter is passed when authorizing from the client side. When audience parameter must be set to the API’s Audience parameter. Have you specified the audience?