Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Help - Getting Error 500 when I include the access token #3

Open
lawrenceong001 opened this issue Mar 5, 2021 · 6 comments
Open

Help - Getting Error 500 when I include the access token #3

lawrenceong001 opened this issue Mar 5, 2021 · 6 comments

Comments

@lawrenceong001
Copy link

hello Daniel,

Tks for providing this example -- it has been very educational so far!

I have managed to replicate the api and had been trying to use it. so far, using the swagger interface, I'm able to execute cars get all without using any authorization (since it allowed anonymous).

To execute the post car reservation, I first generated a token using this link: https://<tenantname>.b2clogin.com/<tenantname>.onmicrosoft.com/oauth2/v2.0/authorize?p=<userflowname>&client_id=<clientid>&nonce=defaultNonce&redirect_uri=https%3A%2F%2Fjwt.ms&scope=https://<tenantname>.onmicrosoft.com/<clientid>/<scopename>&response_type=code&prompt=login. From there, I get a JWT, which I then fed into a post command: https://<tenantname>.b2clogin.com/<tenantname>.onmicrosoft.com/{{policy-name}}/oauth2/v2.0/token, with a body that contained:
grant_type=authorization_code &client_id=<application-ID> &scope=https://<tenant-name>.onmicrosoft.com/api/read &code=<jwt from previous call>.. &redirect_uri=https://jwt.ms &client_secret=<generatedsecretforapi>

This then returned an access token, which when I fed it into jwt.ms I do see the "access_as_user" scope.
image

I then proceeded to enter "Bearer " with the access token using the Authorize button on top.

However, when I try to post the car reservation, I get the 500 error :

{
  "Id": "5b5aeb9f-eaec-4f5b-b056-4dd8d34e9be2",
  "Status": 500,
  "Code": null,
  "Links": null,
  "Title": "Some kind of error occurred in the API.  Please use the id and contact our support team if the problem persists.",
  "Detail": null
}

the command shown was:

curl -X POST "https://localhost:44375/api/CarReservation" -H  "accept: */*" -H  "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ilg1ZVhrNHh5b2pORnVtMWtsMll0djhkbE5QNC1jNTdkTzZRR1RWQndhTmsifQ.eyJpc3MiOiJodHRwczovL291dHNpZGU3MjU2MjIxLmIyY2xvZ2luLmNvbS8zYTFlNzYyOS05OGUzLTRmMjEtODc4OC04NzI1MGNlNzQ3OTEvdjIuMC8iLCJleHAiOjE2MTQ5NzI3MDgsIm5iZik2OTEwOCwiYXVkIjoiZjVlYTdiYjUtODE4OS00MTgyLWJmZTQtNmZjZGZhMzNiNTRiIiwiaWRwX2FjY2Vzc190b2tlbiI6InlhMjkuYTBBZkg2U01CaEh1UjRoVDFUbzdnTWZLb3FxWTVnRUtVMlNsV1lxcTM0SHdqcVNYLVEzOTlMUGpUVmhjWEYtYUl2aGVZVGxRbW8wTkhjcUs2a0tiR0lwMFFTWkJia1lqd1BYb1FaVmNjQ3I1cDhNbUdjbXVkX0xLeGdmOWtDT3RmMG82OUQxY2E1YVdoWEtLS0RyTUlZeVl2SFFuU3JrZyIsImdpdmVuX25hbWUiOiJMYXdyZW5jZSAobGF3cmVuY2VvbmcuZGV2KSIsImZhbWlseV9uYW1lIjoiT25nIiwibmFtZSI6Ikxhd3JlbmNlIE9uZyIsImlkcCI6Imdvb2dsZS5jb20iLCJvaWQiOiJkZWJjwN2VhNTA3MTA4MDUiLCJjaXR5Ijoib3R0YXdhIiwic3RhdGUiOiJPTiIsImVtYWlscyI6WyJsYX9uZy5kZXZAZ21haWwuY29tIl0sInRmcCI6IkIyQ18xX3NpZ251cF9zaWduaW4iLCJub25jZSI6ImRlZmF1bHROb25jZSIsInNjcCI6ImFjY2Vzc19hc191c2VyIiwiYXpwIjoiZjVlYTdiYjUtODE4OS00MTgyLWJmZTQtNmZjZGZhMzNiNTRiIiwidmVyIjoiMS4wIiwiaWF0IjoxNjE0OTY5MTA4I6MTYxNDfQ.U9ux_gPjjf5gv6KLyKDQ9VwONLcwL0WLB3mssg5kQfpyEjjqjQ3qwMtJwBwuaOyhnFqwvoynJxWOK6rRBFOEnk2qn6hzmYmvz4c1DA_sj1JqHQoL9WriuhVKvwijsjvZTU2YS03YzJjLTRjZjgtYWU2Ny0wN2VhNTA3MTA4MDUiLCJzdWdyZW5jZWIiOiJkZWJjZTU2YS03YzJjLTRjZjgtYWU2Ny070NTlucEk87SGbDXYl2bVFF8pbk6C8qWxF_p1AlAyZbfqqZI_ryw4oEn3Bh8TYWEHuaTEcvHvgXp_yVzz9KpK5IYkdwHEtUDlGT2orLsOcIfutqz1-0cvp5Se2NfOF7ASvJ0ZSTCr_3Xo_prwDfUtXYk7uLDJnxyTKHkCVkEjhKTPTzDKVL66ic6CErraaQTHqe9ugKx2YJAcbt-iqkit-w" -H  "Content-Type: application/json" -d "{\"carId\":\"5b5aeb9f-eaec-4f5b-b056-4dd8d34e9be2\",\"rentFrom\":\"2021-03-05T19:29:00.915Z\",\"rentTo\":\"2021-03-06T19:29:00.915Z\"}"

interestingly, the cars get all will also fail now when I include the token -- the swagger interface will include the header as well even though it doesn't seem like it's needed.

would you have any suggestions on what I can do to alleviate this issue?

thanks again
Lawrence
@Daniel-Krzyczkowski
Copy link
Owner

Hello Lawrence,

Thank you for a kind words, I am happy that you like this project.
It is hard for me to say what is exactly wrong with your configuration but I have a suggestion.
Please put debug breakpoint in this line:

Cars-Island-On-Azure/src/web-api/CarsIsland.API/Middleware/ApiExceptionMiddleware.cs

Line 36 in 4810a70

var error = new ApiError

This is exception middleware and you should catch the exception details. Could you please try to check what is the exception's message?

@lawrenceong001
Copy link
Author

Hi Daniel,

curiously, the 500 error seem to have gone away by itself, as the application doesn't throw that error anymore. it does, still however, return an unauthorized error when I try to post, following the same process above.

is there a way we can decode the [Authorize] process to see where the error is occurring? or do you have some suggestions on how to resolve it?

thanks
Lawrence

@lawrenceong001
Copy link
Author

Hi again Daniel,

I was able to replicate the error -- it seems that when I add the word Bearer to the access token it would then throw this error. if I skipped the Bearer I would simply get the Unauthorized error.

the error I get when I include Bearer and the access token during POST is: "Session has not been configured for this application or request"

image

thoughts?

tks
Lawrence

@Daniel-Krzyczkowski
Copy link
Owner

Hi Lawrence,
How do you send the token to the API? Do you follow below convention?
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", <<token>>);

@lawrenceong001
Copy link
Author

Hi Lawrence,
How do you send the token to the API? Do you follow below convention?
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", <<token>>);

Hi Daniel,

I simply used the swagger interface to test the API. here are the steps I followed:

  1. logged in to MS using: https://<tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/oauth2/v2.0/authorize?p=<policy-name>&client_id=<client-id>&nonce=defaultNonce&redirect_uri=https%3A%2F%2Fjwt.ms&scope=https://<tenant-name>.onmicrosoft.com/<client-id>/access_as_user&response_type=code&prompt=login
  2. when I get the id token, then used Postman to get the access token using this POST Url: https://<tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/{{policy-name}}/oauth2/v2.0/token, with the payload: grant_type=authorization_code&client_id=<client-id>&scope=https://<tenant-name>.onmicrosoft.com/<client-id>/access_as_user&code=<id-token>&redirect_uri=https://jwt.ms&client_secret=<client-secret>
  3. I check using jwt.ms that the access token received did contain the scp
  4. I then used the Swagger interface to put in the access token I received in this format Bearer <access-token>

and I then performed the steps in Swagger using "try this out" for both get(all) cars and Post carReservation.

does this help?

tks
Lawrence

@rrer-art
Copy link

hello guys. sorry for distrurbing. did you managed to solve this? i faced with the same..

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lawrenceong001 @Daniel-Krzyczkowski @rrer-art