Hello,
I have followed official Auht0 tutorials related to angular and net core auth0 implementation.
I totally cannot understand the concept behind audience to be honest.
So far i have working interceptor - it adds the bearer token to request, and of course login on frontend - i can see proper data in sample user component, like email, sub, taken from Auth0.
But as You can see i have got an error when calling my backend:
Here is my angular config:
AuthModule.forRoot({
// The domain and clientId were configured in the previous chapter
domain: 'dev-XXXXXXXXXXXXX.us.auth0.com',
clientId: 'XXXXXXXXXXXXXXXXXXXXXXXXX',
authorizationParams: {
redirect_uri: 'http://localhost:4200/profile',
audience: 'https://dev-XXXXXXXXXXXXX.us.auth0.com/api/v2/',
scope: 'read:current_user',
},
httpInterceptor: {
allowedList: [
{
uri: 'https://dev-XXXXXXXXXXXXX.us.auth0.com/api/v2/*',
tokenOptions: {
authorizationParams: {
audience: 'https://dev-XXXXXXXXXXXXX.us.auth0.com/api/v2/',
scope: 'read:current_user'
}
}
},
{
uri: 'https://localhost:7129/*',
tokenOptions: {
authorizationParams: {
audience: 'https://dev-XXXXXXXXXXXXX.us.auth0.com/api/v2/',
//if here i set audience to 'https://localhost:7129/*', my frontend isnt even calling my API
}
}
},
]
}
}),
And here is my .net 7 api configuration:
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddApplication()
.AddInfrastructure(builder.Configuration);
builder.Services.AddControllers();
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.Authority = "https://dev-XXXXXXXXXXXXX.us.auth0.com/";
options.Audience = "http://localhost:6060/";
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = ClaimTypes.NameIdentifier
};
});
builder.Services.AddCors(options =>
{
options.AddPolicy("AllowOrigin",
builder => builder.WithOrigins("http://localhost:4200")
.AllowAnyHeader()
.AllowAnyMethod());
});
builder.Services.AddHttpContextAccessor();
var app = builder.Build();
app.UseCors("AllowOrigin");
app.UseAuthentication();
app.UseAuthorization();
Here are my API’s Auth0:
My angular frontend is on http://localhost:4200/
And my application backend is on https://localhost:7129
IMPORTANT: Endpoint which im trying to reach has got [Authorize] attr, but even without this attribute, i can see that there are no any request headers inside this endpoint by accessing HttpContext, which is weird because as You can see there is bearer added to header
PS - I know that my API in Auth0 is localhost:6060 while in real my backend is hosted on https://localhost:7129, but even if i created new api (in Auth0 API settings) with audience set to https://localhost:7129 and of course modified my code to 7129 instead of 6060, result is totally the same.