Protecting an API with Duende Server
I am currently developing for the first time an authentication system with Identity Server and protecting an API with JWT tokens.
I am using the quickstarts from Duende Server and I am able to login and logout and see user details using a Javascript client.
When I want to get something from the API that requires authentication/authorization I am redirected to (https://localhost:6001/Account/Login) when I should be redirected to the IdentityServer (https://localhost:5001/Account/Login).
As of right now, I have 2 problems.
1. I have a JWT token and cookies that show that a user is logged in and has the scopes required to access the endpoints, yet this behaviour makes me think that my tokens are not valid to the API.
2. The user should be redirected to https://localhost:5001/Account/Login instead of https://localhost:6001/Account/Login. And it doesn't seem to be an easy way to just tell the API to redirect to any URI.
If anyone could help me with this, it would be great, DM or just replying here. I am pretty new to .NET and this has been something that's been confusing me for a while.
Thank you for the help.
0 Replies