Protecting an API with Duende Server
I am currently developing for the first time an authentication system with Identity Server and protecting an API with JWT tokens.
I am using the quickstarts from Duende Server and I am able to login and logout and see user details using a Javascript client.
When I want to get something from the API that requires authentication/authorization I am redirected to (https://localhost:6001/Account/Login) when I should be redirected to the IdentityServer (https://localhost:5001/Account/Login).
As of right now, I have 2 problems.
Thank you for the help.
I am using the quickstarts from Duende Server and I am able to login and logout and see user details using a Javascript client.
When I want to get something from the API that requires authentication/authorization I am redirected to (https://localhost:6001/Account/Login) when I should be redirected to the IdentityServer (https://localhost:5001/Account/Login).
As of right now, I have 2 problems.
- I have a JWT token and cookies that show that a user is logged in and has the scopes required to access the endpoints, yet this behaviour makes me think that my tokens are not valid to the API.
- The user should be redirected to https://localhost:5001/Account/Login instead of https://localhost:6001/Account/Login. And it doesn't seem to be an easy way to just tell the API to redirect to any URI.
Thank you for the help.
