承载错误

本文介绍了承载错误 - invalid_token - 未找到签名密钥的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我有一个与 .Net Core 2.2 API 后端接口的 Angular 7 应用程序.这是与 Azure Active Directory 的接口.

I have an Angular 7 application interfacing with a .Net Core 2.2 API back-end. This is interfacing with Azure Active Directory.

在 Angular 7 方面，它正在通过 AAD 正确进行身份验证，并且我得到了一个有效的 JWT，如 jwt.io.

On the Angular 7 side, it is authenticating properly with AAD and I am getting a valid JWT back as verified on jwt.io.

在 .Net Core API 方面，我创建了一个简单的测试 API，其中包含 [Authorize].

On the .Net Core API side I created a simple test API that has [Authorize] on it.

当我从 Angular 调用此方法时，添加 Bearer 令牌后，我得到(如 Chrome 调试工具、网络选项卡、标题"中所示):

When I call this method from Angular, after adding the Bearer token, I am getting (as seen in Chrome Debug Tools, Network tab, "Headers"):

WWW-Authenticate: Bearer error="invalid_token", error_description="The未找到签名密钥"

WWW-Authenticate: Bearer error="invalid_token", error_description="The signature key was not found"

带有HTTP/1.1 401 Unauthorized.

简单的测试 API 是:

The simplistic test API is:

[Route("Secure")] [Authorize] public IActionResult Secure() => Ok("Secure works");

Angular 调用代码也很简单:

The Angular calling code is also as simple as I can get it:

let params : any = { responseType: 'text', headers: new HttpHeaders({ "Authorization": "Bearer " + token, "Content-Type": "application/json" }) } this.http .get("localhost:5001/api/azureauth/secure", params) .subscribe( data => { }, error => { console.error(error); } );

如果我删除 [Authorize] 属性并将其作为来自 Angular 的标准 GET 请求调用 它可以正常工作.

If I remove the [Authorize] attribute and just call this as a standard GET request from Angular it works fine.

我的 Startup.cs 包含:

My Startup.cs contains:

services .AddAuthentication(AzureADDefaults.AuthenticationScheme) .AddAzureADBearer(options => this.Configuration.Bind("AzureAd", options));

所有选项都在 appsettings.json 中正确设置(例如 ClientId、TenantId 等)，并且此处的 options 按预期填充.

The options are all properly set (such as ClientId, TenantId, etc) in the appsettings.json and options here is populating as expected.

推荐答案

我也遇到了同样的问题.我错过了权限..确保权限和 api 名称现在正确，启动文件中配置服务中的这段代码对我有用:

I was facing the same issue. i was missing the authority..make sure authority and api name is correct now this code in configure services in startup file works for me:

services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme) .AddIdentityServerAuthentication( x => { x.Authority = "localhost:5000"; //idp address x.RequireHttpsMetadata = false; x.ApiName = "api2"; //api name });