diff --git a/backend/Versteigerungs-App/Versteigerungs-App/Controllers/AuctionController.cs b/backend/Versteigerungs-App/Versteigerungs-App/Controllers/AuctionController.cs index 151ffdc..63ac3e6 100644 --- a/backend/Versteigerungs-App/Versteigerungs-App/Controllers/AuctionController.cs +++ b/backend/Versteigerungs-App/Versteigerungs-App/Controllers/AuctionController.cs @@ -10,7 +10,6 @@ namespace Versteigerungs_App.Controllers [Route("api/auction")] [ApiController] [Authorize] - [RequiredScope("unrestricted")] public class AuctionController : ControllerBase { private readonly IAuctionService _auctionService; diff --git a/backend/Versteigerungs-App/Versteigerungs-App/Controllers/BiddingController.cs b/backend/Versteigerungs-App/Versteigerungs-App/Controllers/BiddingController.cs index 6abd3b9..6a38e35 100644 --- a/backend/Versteigerungs-App/Versteigerungs-App/Controllers/BiddingController.cs +++ b/backend/Versteigerungs-App/Versteigerungs-App/Controllers/BiddingController.cs @@ -10,7 +10,6 @@ namespace Versteigerungs_App.Controllers [Route("api/bid")] [ApiController] [Authorize] - [RequiredScope("unrestricted")] public class BiddingController : ControllerBase { private readonly IBiddingService _biddingService; diff --git a/backend/Versteigerungs-App/Versteigerungs-App/Controllers/DeviceGroupsController.cs b/backend/Versteigerungs-App/Versteigerungs-App/Controllers/DeviceGroupsController.cs index 997d7b8..1c6d6e1 100644 --- a/backend/Versteigerungs-App/Versteigerungs-App/Controllers/DeviceGroupsController.cs +++ b/backend/Versteigerungs-App/Versteigerungs-App/Controllers/DeviceGroupsController.cs @@ -10,7 +10,6 @@ namespace DeviceAuctionAPI.Controllers; [Route("api/device-groups")] [ApiController] [Authorize] -[RequiredScope("unrestricted")] public class DeviceGroupsController : ControllerBase { private readonly IDevicesRepository _devicesRepository; diff --git a/backend/Versteigerungs-App/Versteigerungs-App/Controllers/DevicesController.cs b/backend/Versteigerungs-App/Versteigerungs-App/Controllers/DevicesController.cs index 9bf8be3..9673b0f 100644 --- a/backend/Versteigerungs-App/Versteigerungs-App/Controllers/DevicesController.cs +++ b/backend/Versteigerungs-App/Versteigerungs-App/Controllers/DevicesController.cs @@ -10,7 +10,6 @@ namespace Versteigerungs_App.Controllers [Route("api/device-groups/{groupId}/devices")] [ApiController] [Authorize] - [RequiredScope("unrestricted")] public class DevicesController : ControllerBase { private readonly IDeviceService _deviceService; diff --git a/backend/Versteigerungs-App/Versteigerungs-App/appsettings.json b/backend/Versteigerungs-App/Versteigerungs-App/appsettings.json index 66a9632..f88fc7e 100644 --- a/backend/Versteigerungs-App/Versteigerungs-App/appsettings.json +++ b/backend/Versteigerungs-App/Versteigerungs-App/appsettings.json @@ -27,6 +27,7 @@ "Domain": "versteigerungen.onmicrosoft.com", "TenantId": "393f7f62-ffae-4740-b443-bd04273d7320", "SignedOutCallbackPath": "/signout/B2C_1_flow1", - "SignUpSignInPolicyId": "B2C_1_flow1" + "SignUpSignInPolicyId": "B2C_1_flow1", + "AllowWebApiToBeAuthorizedByACL" : true } } diff --git a/frontend/components/api.ts b/frontend/components/api.ts index 59eb911..c2011b4 100644 --- a/frontend/components/api.ts +++ b/frontend/components/api.ts @@ -17,7 +17,7 @@ instance.interceptors.request.use(async (config) => { }); if (accessTokenResponse) { - const accessToken = accessTokenResponse.accessToken; + const accessToken = accessTokenResponse.idToken; if (config.headers && accessToken) { config.headers['Authorization'] = 'Bearer ' + accessToken; }