我是身份服务器新手。我实际上是在尝试验证Okta提供程序从Ocelot网关生成的JWT令牌,并在验证成功后允许访问底层API。
我实际上可以使用Postman成功生成ID和访问令牌。但是我用令牌传递给Ocelot网关时总是显示401 unauthorized错误。
这是Ocelot gateway的代码。
public void ConfigureServices(IServiceCollection services)
{
services
.AddAuthentication()
.AddJwtBearer("Bearer", options =>
{
options.Audience = "api://default"; // Okta Authorization server Audience
options.Authority = "https://dev-12345678.okta.com/"; // Okta Authorization Issuer URI URL e.g. https://{subdomain}.okta.com/oauth2/{authidentifier}
options.RequireHttpsMetadata = false;
});
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Remove("scp");
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Add("scp", "scope");
services.AddOcelot(Configuration);
IdentityModelEventSource.ShowPII = true;
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseAuthentication().UseOcelot().Wait();
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
我会检查Configure方法中项的顺序。我将把UseRouting作为第一项之一,如:
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseRouting();
app.UseHttpsRedirection();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
app.UseOcelot();
请查看Github中现有的示例,执行以下搜索