Cars-Island-On-Azure icon indicating copy to clipboard operation
Cars-Island-On-Azure copied to clipboard

Published 20 hours ago verified publisher icon Daniel-Krzyczkowski

Help - Getting Error 500 when I include the access token

Open lawrenceong001 opened this issue 3 years ago • 6 comments

hello Daniel,

Tks for providing this example -- it has been very educational so far!

I have managed to replicate the api and had been trying to use it. so far, using the swagger interface, I'm able to execute cars get all without using any authorization (since it allowed anonymous).

To execute the post car reservation, I first generated a token using this link: https://<tenantname>.b2clogin.com/<tenantname>.onmicrosoft.com/oauth2/v2.0/authorize?p=<userflowname>&client_id=<clientid>&nonce=defaultNonce&redirect_uri=https%3A%2F%2Fjwt.ms&scope=https://<tenantname>.onmicrosoft.com/<clientid>/<scopename>&response_type=code&prompt=login. From there, I get a JWT, which I then fed into a post command: https://<tenantname>.b2clogin.com/<tenantname>.onmicrosoft.com/{{policy-name}}/oauth2/v2.0/token, with a body that contained: grant_type=authorization_code &client_id=<application-ID> &scope=https://<tenant-name>.onmicrosoft.com/api/read &code=<jwt from previous call>.. &redirect_uri=https://jwt.ms &client_secret=<generatedsecretforapi>

This then returned an access token, which when I fed it into jwt.ms I do see the "access_as_user" scope. image

I then proceeded to enter "Bearer " with the access token using the Authorize button on top.

However, when I try to post the car reservation, I get the 500 error :

{
  "Id": "5b5aeb9f-eaec-4f5b-b056-4dd8d34e9be2",
  "Status": 500,
  "Code": null,
  "Links": null,
  "Title": "Some kind of error occurred in the API.  Please use the id and contact our support team if the problem persists.",
  "Detail": null
}

the command shown was:

curl -X POST "https://localhost:44375/api/CarReservation" -H  "accept: */*" -H  "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ilg1ZVhrNHh5b2pORnVtMWtsMll0djhkbE5QNC1jNTdkTzZRR1RWQndhTmsifQ.eyJpc3MiOiJodHRwczovL291dHNpZGU3MjU2MjIxLmIyY2xvZ2luLmNvbS8zYTFlNzYyOS05OGUzLTRmMjEtODc4OC04NzI1MGNlNzQ3OTEvdjIuMC8iLCJleHAiOjE2MTQ5NzI3MDgsIm5iZik2OTEwOCwiYXVkIjoiZjVlYTdiYjUtODE4OS00MTgyLWJmZTQtNmZjZGZhMzNiNTRiIiwiaWRwX2FjY2Vzc190b2tlbiI6InlhMjkuYTBBZkg2U01CaEh1UjRoVDFUbzdnTWZLb3FxWTVnRUtVMlNsV1lxcTM0SHdqcVNYLVEzOTlMUGpUVmhjWEYtYUl2aGVZVGxRbW8wTkhjcUs2a0tiR0lwMFFTWkJia1lqd1BYb1FaVmNjQ3I1cDhNbUdjbXVkX0xLeGdmOWtDT3RmMG82OUQxY2E1YVdoWEtLS0RyTUlZeVl2SFFuU3JrZyIsImdpdmVuX25hbWUiOiJMYXdyZW5jZSAobGF3cmVuY2VvbmcuZGV2KSIsImZhbWlseV9uYW1lIjoiT25nIiwibmFtZSI6Ikxhd3JlbmNlIE9uZyIsImlkcCI6Imdvb2dsZS5jb20iLCJvaWQiOiJkZWJjwN2VhNTA3MTA4MDUiLCJjaXR5Ijoib3R0YXdhIiwic3RhdGUiOiJPTiIsImVtYWlscyI6WyJsYX9uZy5kZXZAZ21haWwuY29tIl0sInRmcCI6IkIyQ18xX3NpZ251cF9zaWduaW4iLCJub25jZSI6ImRlZmF1bHROb25jZSIsInNjcCI6ImFjY2Vzc19hc191c2VyIiwiYXpwIjoiZjVlYTdiYjUtODE4OS00MTgyLWJmZTQtNmZjZGZhMzNiNTRiIiwidmVyIjoiMS4wIiwiaWF0IjoxNjE0OTY5MTA4I6MTYxNDfQ.U9ux_gPjjf5gv6KLyKDQ9VwONLcwL0WLB3mssg5kQfpyEjjqjQ3qwMtJwBwuaOyhnFqwvoynJxWOK6rRBFOEnk2qn6hzmYmvz4c1DA_sj1JqHQoL9WriuhVKvwijsjvZTU2YS03YzJjLTRjZjgtYWU2Ny0wN2VhNTA3MTA4MDUiLCJzdWdyZW5jZWIiOiJkZWJjZTU2YS03YzJjLTRjZjgtYWU2Ny070NTlucEk87SGbDXYl2bVFF8pbk6C8qWxF_p1AlAyZbfqqZI_ryw4oEn3Bh8TYWEHuaTEcvHvgXp_yVzz9KpK5IYkdwHEtUDlGT2orLsOcIfutqz1-0cvp5Se2NfOF7ASvJ0ZSTCr_3Xo_prwDfUtXYk7uLDJnxyTKHkCVkEjhKTPTzDKVL66ic6CErraaQTHqe9ugKx2YJAcbt-iqkit-w" -H  "Content-Type: application/json" -d "{\"carId\":\"5b5aeb9f-eaec-4f5b-b056-4dd8d34e9be2\",\"rentFrom\":\"2021-03-05T19:29:00.915Z\",\"rentTo\":\"2021-03-06T19:29:00.915Z\"}"

interestingly, the cars get all will also fail now when I include the token -- the swagger interface will include the header as well even though it doesn't seem like it's needed.

would you have any suggestions on what I can do to alleviate this issue?

thanks again Lawrence

lawrenceong001 avatar Mar 05 '21 19:03 lawrenceong001

Hello Lawrence,

Thank you for a kind words, I am happy that you like this project. It is hard for me to say what is exactly wrong with your configuration but I have a suggestion. Please put debug breakpoint in this line:

https://github.com/Daniel-Krzyczkowski/Cars-Island-On-Azure/blob/4810a70b5e1a4d3951fe39a2a7ccdfcbe1a5a206/src/web-api/CarsIsland.API/Middleware/ApiExceptionMiddleware.cs#L36

This is exception middleware and you should catch the exception details. Could you please try to check what is the exception's message?

Daniel-Krzyczkowski avatar Mar 07 '21 08:03 Daniel-Krzyczkowski

Hi Daniel,

curiously, the 500 error seem to have gone away by itself, as the application doesn't throw that error anymore. it does, still however, return an unauthorized error when I try to post, following the same process above.

is there a way we can decode the [Authorize] process to see where the error is occurring? or do you have some suggestions on how to resolve it?

thanks Lawrence

lawrenceong001 avatar Mar 08 '21 11:03 lawrenceong001

Hi again Daniel,

I was able to replicate the error -- it seems that when I add the word Bearer to the access token it would then throw this error. if I skipped the Bearer I would simply get the Unauthorized error.

the error I get when I include Bearer and the access token during POST is: "Session has not been configured for this application or request"

image

thoughts?

tks Lawrence

lawrenceong001 avatar Mar 08 '21 11:03 lawrenceong001

Hi Lawrence, How do you send the token to the API? Do you follow below convention? httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", <<token>>);

Daniel-Krzyczkowski avatar Mar 08 '21 12:03 Daniel-Krzyczkowski

Hi Lawrence, How do you send the token to the API? Do you follow below convention? httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", <<token>>);

Hi Daniel,

I simply used the swagger interface to test the API. here are the steps I followed:

  1. logged in to MS using: https://<tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/oauth2/v2.0/authorize?p=<policy-name>&client_id=<client-id>&nonce=defaultNonce&redirect_uri=https%3A%2F%2Fjwt.ms&scope=https://<tenant-name>.onmicrosoft.com/<client-id>/access_as_user&response_type=code&prompt=login
  2. when I get the id token, then used Postman to get the access token using this POST Url: https://<tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/{{policy-name}}/oauth2/v2.0/token, with the payload: grant_type=authorization_code&client_id=<client-id>&scope=https://<tenant-name>.onmicrosoft.com/<client-id>/access_as_user&code=<id-token>&redirect_uri=https://jwt.ms&client_secret=<client-secret>
  3. I check using jwt.ms that the access token received did contain the scp
  4. I then used the Swagger interface to put in the access token I received in this format Bearer <access-token>

and I then performed the steps in Swagger using "try this out" for both get(all) cars and Post carReservation.

does this help?

tks Lawrence

lawrenceong001 avatar Mar 08 '21 12:03 lawrenceong001

hello guys. sorry for distrurbing. did you managed to solve this? i faced with the same..

rrer-art avatar Feb 27 '23 05:02 rrer-art