fix token validation

diamant-software · Sep 7, 2023 · 616c9bd · 616c9bd
1 parent 74fa17d
commit 616c9bd
Show file tree

Hide file tree

Showing 6 changed files with 3 additions and 6 deletions.
diff --git a/backend/Versteigerungs-App/Versteigerungs-App/Controllers/AuctionController.cs b/backend/Versteigerungs-App/Versteigerungs-App/Controllers/AuctionController.cs
@@ -10,7 +10,6 @@ namespace Versteigerungs_App.Controllers
     [Route("api/auction")]
     [ApiController]
     [Authorize]
-    [RequiredScope("unrestricted")]
     public class AuctionController : ControllerBase
     {
         private readonly IAuctionService _auctionService;

diff --git a/backend/Versteigerungs-App/Versteigerungs-App/Controllers/BiddingController.cs b/backend/Versteigerungs-App/Versteigerungs-App/Controllers/BiddingController.cs
@@ -10,7 +10,6 @@ namespace Versteigerungs_App.Controllers
     [Route("api/bid")]
     [ApiController]
     [Authorize]
-    [RequiredScope("unrestricted")]
     public class BiddingController : ControllerBase
     {
         private readonly IBiddingService _biddingService;

diff --git a/backend/Versteigerungs-App/Versteigerungs-App/Controllers/DeviceGroupsController.cs b/backend/Versteigerungs-App/Versteigerungs-App/Controllers/DeviceGroupsController.cs
@@ -10,7 +10,6 @@ namespace DeviceAuctionAPI.Controllers;
 [Route("api/device-groups")]
 [ApiController]
 [Authorize]
-[RequiredScope("unrestricted")]
 public class DeviceGroupsController : ControllerBase
 {
     private readonly IDevicesRepository _devicesRepository;

diff --git a/backend/Versteigerungs-App/Versteigerungs-App/Controllers/DevicesController.cs b/backend/Versteigerungs-App/Versteigerungs-App/Controllers/DevicesController.cs
@@ -10,7 +10,6 @@ namespace Versteigerungs_App.Controllers
     [Route("api/device-groups/{groupId}/devices")]
     [ApiController]
     [Authorize]
-    [RequiredScope("unrestricted")]
     public class DevicesController : ControllerBase
     {
         private readonly IDeviceService _deviceService;

diff --git a/backend/Versteigerungs-App/Versteigerungs-App/appsettings.json b/backend/Versteigerungs-App/Versteigerungs-App/appsettings.json
@@ -27,6 +27,7 @@
     "Domain": "versteigerungen.onmicrosoft.com",
     "TenantId": "393f7f62-ffae-4740-b443-bd04273d7320",
     "SignedOutCallbackPath": "/signout/B2C_1_flow1",
-    "SignUpSignInPolicyId": "B2C_1_flow1"
+    "SignUpSignInPolicyId": "B2C_1_flow1",
+    "AllowWebApiToBeAuthorizedByACL" : true
   }
 }
diff --git a/frontend/components/api.ts b/frontend/components/api.ts
@@ -17,7 +17,7 @@ instance.interceptors.request.use(async (config) => {
     });
 
     if (accessTokenResponse) {
-      const accessToken = accessTokenResponse.accessToken;
+      const accessToken = accessTokenResponse.idToken;
       if (config.headers && accessToken) {
         config.headers['Authorization'] = 'Bearer ' + accessToken;
       }