I am following the example provided by damienbod Ang2 Id Serv 4 OIDC, where I have the following : an identity Server (modified implementation), Resource API and ng-2 application.
After getting authenticated from the identity server and trying to access my protected API, it always give me error 401 (Unauthorized).
I have changed the Client on the identity Server to use Token Type of jwt instead of reference and then it worked.
Client configuration on the identity server:
ClientName = "angular2client",
ClientId = "angular2client",
AccessTokenType = AccessTokenType.Jwt,
AllowedGrantTypes = GrantTypes.Implicit,
AllowAccessTokensViaBrowser = true,
//redirect urls are ommited
AllowedScopes = new List<string>
{
"openid",
"resourceAPIs",
"role",
}
Resource API: Identity Validation
app.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions
{
Authority = "http://localhost:44311",
ScopeName = "resourceAPIs",
RequireHttpsMetadata = false
});
I need to know, why the jwt token type made it work and what code to modify to make the reference type token works?