I’ve followed the articles on this site to try and secure my Web Api (https://auth0.com/docs/quickstart/backend/webapi-owin/01-authorization).
I’m using PostMan to test my Api, prior to adding the Authorize attribute my api successfully returned data requested. I am able to get a token using the https://phonebook.eu.auth0.com/oauth/token endpoint and I have verified this token using https://jwt.io. I’ve also entered my certificate to verify the signature and this was successful.
However, I am receiving a 401 “Authorization has been denied for this request”. I’ve enabled Verbose debugging in Visual Studio but nothing is outputting to the debug output.
I’ve spent a few hours this morning to try to solve this or at least get some debug output. Some of things I have checked and tried:
- have set the Allowed Callback URLs, Allowed Web Origins and Allowed Origins (CORS) to allow http://localhost.
- that RS256 is the algorithm used to sign the token.
- Verified the token is correctly formed and valid
- Verified the issuer has the trailing ‘/’
Any help you can give will be appreciated, if there is any further info you need please let me know thanks.