Мобильная версияУ нас есть приложение Next.js, которое выполняет проверку подлинности в Azure AD B2C с помощью Next-Auth. Это успешно возвращает токен JWT. Однако, когда я открываю Swagger и использую id_token, я получаю ошибку 401 Unauthorized с возвратом заголовка www-authenticate:
www-authenticate: Ошибка носителя="invalid_token"
info: Microsoft.IdentityModel.LoggingExtensions.IdentityLoggerAdapter[0]
IDX10242: Security token: '[PII of type 'Microsoft.IdentityModel.JsonWebTokens.JsonWebToken' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]' has a valid signature.
info: Microsoft.IdentityModel.LoggingExtensions.IdentityLoggerAdapter[0]
IDX10239: Lifetime of the token is valid.
info: Microsoft.IdentityModel.LoggingExtensions.IdentityLoggerAdapter[0]
IDX10234: Audience Validated.Audience: '4a61b4f1-8e3f-488a-ad74-a491b569b0eb'
info: Microsoft.IdentityModel.LoggingExtensions.IdentityLoggerAdapter[0]
IDX10245: Creating claims identity from the validated token: '[PII of type 'Microsoft.IdentityModel.JsonWebTokens.JsonWebToken' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
Он говорит, что токен действителен, но возвращает инвалидный_токен, почему?
import type { NextAuthOptions } from 'next-auth';
import AzureADB2CProvider from 'next-auth/providers/azure-ad-b2c';
const options: NextAuthOptions = {
providers: [
AzureADB2CProvider({
tenantId: process.env.AZURE_AD_B2C_TENANT_NAME,
clientId: process.env.AZURE_AD_B2C_CLIENT_ID || '',
clientSecret: process.env.AZURE_AD_B2C_CLIENT_SECRET || '',
primaryUserFlow: process.env.AZURE_AD_B2C_PRIMARY_USER_FLOW,
checks: ['pkce'],
client: {
token_endpoint_auth_method: 'none',
client_secret: process.env.AZURE_AD_B2C_CLIENT_SECRET
},
authorization: {
params: {
scope: 'offline_access openid'
}
}
})
],
session: {
strategy: 'jwt' // Use JWTs instead of session cookies
},
secret: process.env.NEXTAUTH_SECRET,
callbacks: {
jwt({ token, account }) {
const result = token;
// If it's the first time signing in, persist the access token from the provider
if (account) {
result.accessToken = account.id_token;
}
return result;
}
}
};
export default options;
"AzureAdB2C": {
"Instance": "hidden",
"Domain": "hidden.onmicrosoft.com",
"TenantId": "hidden",
"ClientId": "hidden",
"ClientSecret": "hidden",
"SignUpSignInPolicyId": "hidden",
"CallbackPath": "/signin-oidc",
"Audience": "hidden",
"SignedOutCallbackPath": "/signout-callback-oidc"
}
using System.Reflection;
using Asp.Versioning;
using FluentValidation;
using MediatR;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.Extensions.Options;
using Microsoft.Identity.Web;
using Swashbuckle.AspNetCore.SwaggerGen;
var builder = WebApplication.CreateBuilder(args);
// Azure
builder.AddAzureAppConfiguration(StartupLogger.Current);
builder.Services.AddApplicationInsightsTelemetry(options => options.EnableAdaptiveSampling = false);
// Common
builder.Services
.AddPersistence(StartupLogger.Current)
.AddInfrastructure(builder.Environment, builder.Configuration);
// Host
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApi(builder.Configuration.GetSection("AzureAdB2C"));
builder.Services.AddAuthorization();
builder.Services.AddAutoMapper(Assembly.GetExecutingAssembly());
builder.Services.AddValidatorsFromAssemblyContaining();
builder.Services.AddMediatR(configure =>
{
configure.RegisterServicesFromAssemblyContaining();
configure.AddBehavior(typeof(IPipelineBehavior), typeof(MetricsBehavior));
configure.AddBehavior(typeof(IPipelineBehavior), typeof(UnhandledExceptionBehaviour));
configure.AddBehavior(typeof(IPipelineBehavior), typeof(ValidationBehavior));
});
builder.Services.AddFeatures(builder.Configuration);
// See: https://github.com/dotnet/aspnet-api-ve ... ApiExample
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddApiVersioning(options =>
{
options.DefaultApiVersion = new ApiVersion(1);
options.ReportApiVersions = true;
options.AssumeDefaultVersionWhenUnspecified = true;
options.ApiVersionReader = new UrlSegmentApiVersionReader();
})
.AddApiExplorer(options =>
{
options.GroupNameFormat = "'v'V";
options.SubstituteApiVersionInUrl = true;
});
builder.Services.AddTransient();
builder.Services.AddSwaggerGen(x => x.OperationFilter());
var app = builder.Build();
var apiVersionSet = app.NewApiVersionSet()
.HasApiVersion(new ApiVersion(1))
.ReportApiVersions()
.Build();
app.UseSwagger();
app.UseSwaggerUI(options =>
{
var descriptions = app.DescribeApiVersions();
// Build a swagger endpoint for each discovered API version
foreach (var description in descriptions)
{
var url = $"/swagger/{description.GroupName}/swagger.json";
var name = description.GroupName.ToUpperInvariant();
options.SwaggerEndpoint(url, name);
}
// RoutePrefix is set to an empty string to serve Swagger UI at the application's root instead of /swagger.
options.RoutePrefix = string.Empty;
});
app.UseHttpsRedirection();
app.UseAuthentication();
app.UseAuthorization();
var group = app.MapGroup("api/v{version:apiVersion}")
.WithApiVersionSet(apiVersionSet);
group.MapEndpoints();
app.Run();
public partial class Program;
Подробнее здесь: https://stackoverflow.com/questions/791 ... alid-token
Аутентификация Azure AD, JWT Next-Auth и веб-API .NET Core "invalid_token" ⇐ C#
Место общения программистов C#
1729592435
Anonymous
У нас есть приложение Next.js, которое выполняет проверку подлинности в Azure AD B2C с помощью Next-Auth. Это успешно возвращает токен JWT. Однако, когда я открываю Swagger и использую id_token, я получаю ошибку 401 Unauthorized с возвратом заголовка www-authenticate:
www-authenticate: Ошибка носителя="invalid_token"
info: Microsoft.IdentityModel.LoggingExtensions.IdentityLoggerAdapter[0]
IDX10242: Security token: '[PII of type 'Microsoft.IdentityModel.JsonWebTokens.JsonWebToken' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]' has a valid signature.
info: Microsoft.IdentityModel.LoggingExtensions.IdentityLoggerAdapter[0]
IDX10239: Lifetime of the token is valid.
info: Microsoft.IdentityModel.LoggingExtensions.IdentityLoggerAdapter[0]
IDX10234: Audience Validated.Audience: '4a61b4f1-8e3f-488a-ad74-a491b569b0eb'
info: Microsoft.IdentityModel.LoggingExtensions.IdentityLoggerAdapter[0]
IDX10245: Creating claims identity from the validated token: '[PII of type 'Microsoft.IdentityModel.JsonWebTokens.JsonWebToken' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
Он говорит, что токен действителен, но возвращает инвалидный_токен, почему?
import type { NextAuthOptions } from 'next-auth';
import AzureADB2CProvider from 'next-auth/providers/azure-ad-b2c';
const options: NextAuthOptions = {
providers: [
AzureADB2CProvider({
tenantId: process.env.AZURE_AD_B2C_TENANT_NAME,
clientId: process.env.AZURE_AD_B2C_CLIENT_ID || '',
clientSecret: process.env.AZURE_AD_B2C_CLIENT_SECRET || '',
primaryUserFlow: process.env.AZURE_AD_B2C_PRIMARY_USER_FLOW,
checks: ['pkce'],
client: {
token_endpoint_auth_method: 'none',
client_secret: process.env.AZURE_AD_B2C_CLIENT_SECRET
},
authorization: {
params: {
scope: 'offline_access openid'
}
}
})
],
session: {
strategy: 'jwt' // Use JWTs instead of session cookies
},
secret: process.env.NEXTAUTH_SECRET,
callbacks: {
jwt({ token, account }) {
const result = token;
// If it's the first time signing in, persist the access token from the provider
if (account) {
result.accessToken = account.id_token;
}
return result;
}
}
};
export default options;
"AzureAdB2C": {
"Instance": "hidden",
"Domain": "hidden.onmicrosoft.com",
"TenantId": "hidden",
"ClientId": "hidden",
"ClientSecret": "hidden",
"SignUpSignInPolicyId": "hidden",
"CallbackPath": "/signin-oidc",
"Audience": "hidden",
"SignedOutCallbackPath": "/signout-callback-oidc"
}
using System.Reflection;
using Asp.Versioning;
using FluentValidation;
using MediatR;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.Extensions.Options;
using Microsoft.Identity.Web;
using Swashbuckle.AspNetCore.SwaggerGen;
var builder = WebApplication.CreateBuilder(args);
// Azure
builder.AddAzureAppConfiguration(StartupLogger.Current);
builder.Services.AddApplicationInsightsTelemetry(options => options.EnableAdaptiveSampling = false);
// Common
builder.Services
.AddPersistence(StartupLogger.Current)
.AddInfrastructure(builder.Environment, builder.Configuration);
// Host
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApi(builder.Configuration.GetSection("AzureAdB2C"));
builder.Services.AddAuthorization();
builder.Services.AddAutoMapper(Assembly.GetExecutingAssembly());
builder.Services.AddValidatorsFromAssemblyContaining();
builder.Services.AddMediatR(configure =>
{
configure.RegisterServicesFromAssemblyContaining();
configure.AddBehavior(typeof(IPipelineBehavior), typeof(MetricsBehavior));
configure.AddBehavior(typeof(IPipelineBehavior), typeof(UnhandledExceptionBehaviour));
configure.AddBehavior(typeof(IPipelineBehavior), typeof(ValidationBehavior));
});
builder.Services.AddFeatures(builder.Configuration);
// See: https://github.com/dotnet/aspnet-api-versioning/tree/main/examples/AspNetCore/WebApi/MinimalOpenApiExample
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddApiVersioning(options =>
{
options.DefaultApiVersion = new ApiVersion(1);
options.ReportApiVersions = true;
options.AssumeDefaultVersionWhenUnspecified = true;
options.ApiVersionReader = new UrlSegmentApiVersionReader();
})
.AddApiExplorer(options =>
{
options.GroupNameFormat = "'v'V";
options.SubstituteApiVersionInUrl = true;
});
builder.Services.AddTransient();
builder.Services.AddSwaggerGen(x => x.OperationFilter());
var app = builder.Build();
var apiVersionSet = app.NewApiVersionSet()
.HasApiVersion(new ApiVersion(1))
.ReportApiVersions()
.Build();
app.UseSwagger();
app.UseSwaggerUI(options =>
{
var descriptions = app.DescribeApiVersions();
// Build a swagger endpoint for each discovered API version
foreach (var description in descriptions)
{
var url = $"/swagger/{description.GroupName}/swagger.json";
var name = description.GroupName.ToUpperInvariant();
options.SwaggerEndpoint(url, name);
}
// RoutePrefix is set to an empty string to serve Swagger UI at the application's root instead of /swagger.
options.RoutePrefix = string.Empty;
});
app.UseHttpsRedirection();
app.UseAuthentication();
app.UseAuthorization();
var group = app.MapGroup("api/v{version:apiVersion}")
.WithApiVersionSet(apiVersionSet);
group.MapEndpoints();
app.Run();
public partial class Program;
Подробнее здесь: [url]https://stackoverflow.com/questions/79113560/azure-ad-authentication-next-auth-jwt-and-net-core-web-api-invalid-token[/url]
Ответить
1 сообщение
• Страница 1 из 1
Перейти
- Кемерово-IT
- ↳ Javascript
- ↳ C#
- ↳ JAVA
- ↳ Elasticsearch aggregation
- ↳ Python
- ↳ Php
- ↳ Android
- ↳ Html
- ↳ Jquery
- ↳ C++
- ↳ IOS
- ↳ CSS
- ↳ Excel
- ↳ Linux
- ↳ Apache
- ↳ MySql
- Детский мир
- Для души
- ↳ Музыкальные инструменты даром
- ↳ Печатная продукция даром
- Внешняя красота и здоровье
- ↳ Одежда и обувь для взрослых даром
- ↳ Товары для здоровья
- ↳ Физкультура и спорт
- Техника - даром!
- ↳ Автомобилистам
- ↳ Компьютерная техника
- ↳ Плиты: газовые и электрические
- ↳ Холодильники
- ↳ Стиральные машины
- ↳ Телевизоры
- ↳ Телефоны, смартфоны, плашеты
- ↳ Швейные машинки
- ↳ Прочая электроника и техника
- ↳ Фототехника
- Ремонт и интерьер
- ↳ Стройматериалы, инструмент
- ↳ Мебель и предметы интерьера даром
- ↳ Cантехника
- Другие темы
- ↳ Разное даром
- ↳ Давай меняться!
- ↳ Отдам\возьму за копеечку
- ↳ Работа и подработка в Кемерове
- ↳ Давай с тобой поговорим...
