Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authorization error in API #6

Closed
marcantoinecouture opened this issue Apr 20, 2021 · 4 comments
Closed

Authorization error in API #6

marcantoinecouture opened this issue Apr 20, 2021 · 4 comments
Assignees
@skoruba

Comments

@marcantoinecouture
Copy link

marcantoinecouture commented Apr 20, 2021
edited
Loading

Describe the bug

I'm using Docker on Linux
I try to use Swagger to call the endpoints of the API, but I always get this error:

[INFO][13][Microsoft.AspNetCore.Authorization.DefaultAuthorizationService] Authorization failed. "These requirements were not met:\nHandler assertion should evaluate to true."
[INFO][13][Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler] AuthenticationScheme: "Identity.Application" was challenged.

I also get the same error using the images from Docker Hub (tag: preview3)
I tried to change the authorization policy (debugging), it seems that the authenticated user doesn't have claims:

Duende.IdentityServer.Admin/src/Skoruba.Duende.IdentityServer.Admin.Api/Helpers/StartupHelpers.cs

Lines 249 to 263 in a07a55f

public static void AddAuthorizationPolicies(this IServiceCollection services)
{
var adminApiConfiguration = services.BuildServiceProvider().GetService<AdminApiConfiguration>();
services.AddAuthorization(options =>
{
options.AddPolicy(AuthorizationConsts.AdministrationPolicy,
policy =>
policy.RequireAssertion(context => context.User.HasClaim(c =>
(c.Type == JwtClaimTypes.Role && c.Value == adminApiConfiguration.AdministrationRole) ||
(c.Type == $"client_{JwtClaimTypes.Role}" && c.Value == adminApiConfiguration.AdministrationRole)
)
));
});
}

To Reproduce

Steps to reproduce the behavior:

  1. git clone
  2. Delete the volumes in docker-compose.override.yml
  3. docker-compose build, docker-compose up
  4. Go to Swagger, login and

I also made some changes in URLs (use xip.io instead of skoruba.local, HTTP instead of HTTPS, no certificates), but the same changes work in "IdentityServer4.Admin" project. I don't think these changes are problems.
@skoruba
Copy link
Owner

skoruba commented Apr 21, 2021

Hello @coumarc9 - I will check it, thanks!

@skoruba skoruba mentioned this issue May 1, 2021
Merged
@skoruba
Copy link
Owner

skoruba commented May 1, 2021

I fixed this issue in the release 1.0.0-preview5, which is available in the master branch now.

Could you please test it? 😊

Thanks

@marcantoinecouture
Copy link
Author

Hello,

I tested and it's fixed now.

Thank you!

@skoruba
Copy link
Owner

skoruba commented May 4, 2021

Thank you for your feedback 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@skoruba skoruba

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@marcantoinecouture @skoruba