Bearer error="invalid_token" Signature Invalid after Authorised with Swagger via MSAL Microsoft Azure
I am trying to call the weather forecast endpoint after authenticating via MSAL. (Enabling user authentication in Swagger using Microsoft Identity)
As per this article.
I have created a default Identity linked API with VS2022. I have configured my client on Azure. The difference in my code is the following
s.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme
{
Type = SecuritySchemeType.OAuth2,
Flows = new OpenApiOAuthFlows
{
Implicit = new OpenApiOAuthFlow()
{
AuthorizationUrl = new Uri("https://login.microsoftonline.com/common/oauth2/v2.0/authorize"),
TokenUrl = new Uri("https://login.microsoftonline.com/common/common/v2.0/token"),
Scopes = new Dictionary<string, string>() {
{ "user.read", "Access App Graph" },
{ "api://29867508-2243-4ae2-9e04-c740dfe793a2/access_as_user","Access my Api stuff on my Client"}
}
}
}
});
I manage to Authorise via Microsoft Api, and swagger says I am Authorised. But when I try to call the weather forecast api - I am still getting a 401.
Any assistance would be amazing. I am at a loss on what to try next.
Edit. I tried to remove the scope for MS Graph (user.read) and just call the API for my client, I get a 403 error.
But the api is definitely there
I am expecting to see the data and a 200 returned when calling the weather forecast endpoint.
I trust the decoded token can explain the error message, the token had "scp": "User.Read profile openid email" while the correct scope for your api should be "scp": "api://29867508-2243-4ae2-9e04-c740dfe793a2/access_as_user".
The reason for it is, you both set graph api permission(User.Read) and your custom api permission at the same time. They have different audience so the token can only generate for one of the api permission. I'm afraid if you write like below will work(just adjust the order, because when have 2 kinds of api permissions, it will generate token for the first kind of api permission).
Scopes = new Dictionary<string, string>() {
{ "api://29867508-2243-4ae2-9e04-c740dfe793a2/access_as_user","Access my Api stuff on my Client"}
{ "user.read", "Access App Graph" },
},
By the way, I had a test long time ago which had the same requirement.
- How to run stored procedures in Entity Framework Core?
- How do resolve this exception about an ambiguous constructor in ASP.NET Core?
- Unable to resolve service for type 'System.Net.Http.HttpClient'
- Why is Razor Pages the recommended approach to create a Web UI in Asp.net Core?
- Why is the parameter value in Razor Pages named page handler null?
- Pass Data From One Razor Page to Another Razor Page
- Publish to IIS, setting Environment Variable
- My ASP project can't access classes from a NuGet package I created
- How to add new record in a table with a value for primary key?
- How to prevent clients from overriding your service in C# using a public interface?
- How to indicate a method in a controller is not an action method?
- Does AJAX call reload my entire page in Razor Pages?
- How to submit an ASP.NET Core Razor Pages form without reloading the page
- Are you still supposed to use controllers when using Razor Pages?
- Font awesome icons not showing up in ASP.NET CORE MVC Project
- Asp.Net Core - simplest possible forms authentication
- Routing in ASP.NET Core MVC with controllers and views
- Login Page with ASP.NET Core (MVC)
- How can I use both UseDeveloperExceptionPage() and custom logging?
- How to get a server exception to display on a Razor Pages error page
- Adding Admins using Seed data Asp.net core
- Displaying an HTML error page in ASP.NET Core
- HTTP Error 500.19 - Internal Server Error (0x8007000d)
- How to resolve open generic service without registering type object?
- How can i see which code is setting my components parameter property
- Certificate based authentication failed with ERR_BAD_SSL_CLIENT_AUTH_CERT
- Get license information for all used NuGet packages in .NET Core outside of Visual Studio
- How to properly use Azure Function Build and Deploy in Azure DevOps with multiple projects
- Why blazor select/inputselect is not working in a new app?
- How to send multipart/form-data to ASP.NET Core Web API?