Thinktecture Identity Server 3 Asp.Net Identity Sample, constantly getting 401 authorization denied

Question

I am trying to get the Asp.Net Identity Sample of the Identity Server working in my Web Api project, and a beginner I am trying to work on getting tokens and sending request to APIs using the the bearer tokens.

So using fiddler, I can send a request to the https://localhost:44333/core/connect/token with the following content: client_id=roclient&client_secret=secret&grant_type=password&username=bob&password=mypass&scope=read write offline_access and it works fine, I get the access token and the refresh token.

Then I have a Web Api project in my solution, which has the code to use the bearer token:

app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
        {
            Authority = "https://localhost:44333",
            ValidationMode = ValidationMode.ValidationEndpoint,

            RequiredScopes = new[] { "api1" }
        });

and a test controller in which an api is protected using the [Authorize] decorator.

As I said, fetching the token works fine, but when I use fiddler to send the request to the api I always get "401 authorization denied..." thing.

What I put in my fiddler request is of course:

Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImE...

Am I doing anythign wrong?

Answer 1

In your Token request, you are requesting the read and write scope. Your api checks for the api1 scope. This cannot work.

Answer 2

Here you go, I've modified your sample so it will work for you:

app.UseIdentityServerBearerTokenAuthentication(new 
IdentityServerBearerTokenAuthenticationOptions
{
    Authority = "https://localhost:44333",
    ValidationMode = ValidationMode.ValidationEndpoint,

    RequiredScopes = new[] { "read", "write" } // scopes
});