Auth0 Home Blog Docs

Receiving 401 Unauthorized when testing web api using Implicit Grant

implicit-grant
owin
authorization
webapi
401

#1

I’ve followed the articles on this site to try and secure my Web Api (https://auth0.com/docs/quickstart/backend/webapi-owin/01-authorization).

I’m using PostMan to test my Api, prior to adding the Authorize attribute my api successfully returned data requested. I am able to get a token using the https://phonebook.eu.auth0.com/oauth/token endpoint and I have verified this token using https://jwt.io. I’ve also entered my certificate to verify the signature and this was successful.

However, I am receiving a 401 “Authorization has been denied for this request”. I’ve enabled Verbose debugging in Visual Studio but nothing is outputting to the debug output.

I’ve spent a few hours this morning to try to solve this or at least get some debug output. Some of things I have checked and tried:

  1. have set the Allowed Callback URLs, Allowed Web Origins and Allowed Origins (CORS) to allow http://localhost.
  2. that RS256 is the algorithm used to sign the token.
  3. Verified the token is correctly formed and valid
  4. Verified the issuer has the trailing ‘/’

Any help you can give will be appreciated, if there is any further info you need please let me know thanks.