Auth0 api 返回 401 www-authenticate: Bearer error="invalid_token" in .net core web api

Question

我將 auth0 與 .net core web api 一起使用，下面是我的配置。

1. 在我的 ConfigureServices() 我有

   services.AddAuthentication(options => { options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }).AddJwtBearer(options => { options.Authority = "https://xxxxxxx.auth0.com/"; options.Audience = "https://localhost:5001"; });

2. 在我的 Configure() 方法中，我有

   // 2. Enable authentication middleware app.UseAuthentication(); app.UseMvc();

最后在我的 HomeController.cs

    [HttpGet("private")]
    [Authorize]
    public IActionResult Private()
    {
        return Ok(new
        {
            Message = "Hello from a private endpoint! You need to be authenticated to see this."
        });
    }

當我嘗試使用正確的訪問令牌，使用郵遞員或我的反應應用程序訪問端點時，我收到 401 未授權或www-authenticate: Bearer error="invalid_token"

我遵循了示例文檔，無法弄清楚我在這里做錯了什么。 請指教。

Answer 1

嘗試明確指定您使用的方案：

[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]

代替

[Authorize]

Answer 2

您也可以嘗試在 Postman 中使用此策略：

https://learning.getpostman.com/docs/postman/sending_api_requests/authorization/#bearer-token

Answer 3

通過配置令牌驗證嘗試這種方式

.AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options =>
{
    options.TokenValidationParameters = new TokenValidationParameters
    {
        ValidateIssuer = true,
        ValidIssuer = "https://xxxxxxx.auth0.com/",
        ValidateAudience = true,
        ValidAudience = "https://localhost:5001",
        ValidateLifetime = true,
        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(YourSecretKey)),
        ValidateIssuerSigningKey = true
    };
});