1,490 questions
0
votes
0
answers
47
views
IAuthenticateResultFeature disappears when specifying schemes with AuthorizeFilter
I have been successfully reading the logged in OIDC authentication scheme from IAuthenticateResultFeature when using OIDC. I need to know this scheme to perform sign out. This is for an ASP.NET Core 8 ...
- 2,420
1
vote
1
answer
90
views
JWT Payload Change [closed]
I am using jwt_tool (https://github.com/ticarpi/jwt_tool) and I want to make changes in the payload. But the problem here is that the value I want change is on second level if I may say that. here is ...
- 57
1
vote
0
answers
51
views
SignalR from JS Angular app to hub on .NET 8 server running in Azure reaching URL/QueryString length limits and getting 404.15 errors
I'm getting errors in the JS client (404), and an error on the server which states that it's probably a 404.15, which is query string too long).
Now, as far as I can ascertain, when using SignalR, the ...
- 71
0
votes
0
answers
186
views
Set authentication type Bearer when curl with .netrc file
I'm trying to use .netrc file to authenticate access to a service, but I can't make it use Bearer authentication type!
I can access the service without .netrc with the following command:
curl --header ...
- 103
0
votes
1
answer
213
views
OAuth2 Token Request Fails with "Bearer token missing" – Help Needed (BA Perspective)
I'm a business analyst working on integrating one of our applications with WSO2 Identity Server to enable Single Sign-On (sso) using OAuth 2.0.
While configuring the SSO flow, I used the following ...
1
vote
1
answer
94
views
Python urllib.request.urlopen with Bearer authentication in redirected request
The following command successfully downloads an artifact file from a GitHub workflow run:
curl -L -H "Authorization: Bearer ghp_XXXX" -o arti.zip \
https://api.github.com/repos/OWNER/...
- 867
0
votes
1
answer
116
views
How is a refresh token invalidated upon rotating it before its expiration period?
I am building an authentication using name, username and password and wants to use access and refresh token for the authorization.
To keep the user safe i come to know about an approach where you ...
0
votes
2
answers
173
views
Unauthorized to retrieve PowerBI embed token
I already have found other similar issues on Stack Overflow, but still have issue to retrieving the embed token in Node.js, with the message:
2025-03-07T08:31:35.098660921Z Error: Failed to get embed ...
- 1,585
0
votes
0
answers
81
views
JWT Token Verification Fails with 'invalid signature' in Express.js Middleware
I am working on an Express.js application where I use JWT for authentication. My authentication and verification setup works fine in Postman, but when I try to make requests from my frontend, I get ...
1
vote
1
answer
210
views
Must MS Teams workflow URL be kept secure?
I've created a Microsoft Teams workflow to post a message when webhook request is received, following this documentation.
The generated workflow URL contains a sig parameter that acts as an embedded ...
- 2,907
0
votes
1
answer
50
views
API token unauthorized
On line
Dim responseBody = client.DownloadString(searchUrl)
I am getting an 401 unauthorized error. I read the API @ https://api.speechanddebate.org and used the sessions function to get a token ...
- 689
0
votes
1
answer
222
views
how to generate access token in dart to send firebase push notifications? [closed]
I am working on sending push notifications from my Flutter app to Firebase Cloud Messaging (FCM) devices using Dart. To send notifications via FCM, I need to authenticate my request using a Bearer ...
- 21
0
votes
1
answer
151
views
Spring Boot with JWT : Full authentication is required to access this resource [duplicate]
I have this controller:
@GetMapping("/daily")
@PreAuthorize("hasRole('BASIC')")
public ResponseEntity<TransitsResponse> dailyT(
@RequestHeader(value = ...
- 1,612
0
votes
0
answers
100
views
MsalInterceptor is not setting the bearer token to the http requests made from the img, video, audio and pdf viewer control
I am developing an angular application in which I have integrated EntraID app for authentication and used the MsalInterceptor and configured the required providers as follows:
providers: [
{
...
- 151
0
votes
1
answer
579
views
What is the problem with Postman handling Authorization bearer token as a variable?
I am performing POST to https://{{datacloud-domain}}/api/v1/ingest/sources/{{connector}}/{{table}} but I receive 401 Unauthorized
I am using correct Bearer token authorization.
Using Data Cloud token (...
- 1,681
0
votes
0
answers
24
views
jwtmod is not working for authentification in node
jwtmod not working to make user authenticate before consuming any API.
Here is my authenticated.js file:
import jwtmod from "jsonwebtoken";
export default async (req, res, next) => {...
0
votes
0
answers
231
views
SMTP for Office 365 with OAuth 2 by libcurl - how to get bearer token without registering application for client_id and client_secret
I've already written a couple of applications for REST calls which are authenticated by OAuth2 and therefor I had to register the application to get the client_id and client_secret in order to request ...
- 75
1
vote
0
answers
92
views
Laravel 11 Sanctum Token Expiration
I'm developing an Api with Laravel 11 using Sanctum as the authentication method. I've set the token expiration to 7 days and I'd like the client to receive a 401 response 'Token invalid or expired' ...
- 11
0
votes
1
answer
902
views
In an Azure App Service, how do I allow DefaultAzureCredential to get bearer token from App Registration (Enterprise Application)?
I have an App Registration in Entra with permissions granted to call another App Registration from same Entra. When I use client secret to get a bearer token via http for grant_type=client_credentials ...
- 4,370
3
votes
1
answer
237
views
How does Ktor Client handle deadlock in Bearer Token refresh logic if the refresh request gets a 401 error?
I am using Ktor Client (version 3.0.0) in my Kotlin application and have configured it to use the Bearer Token authorization mechanism. I understand that Ktor automatically attempts to refresh the ...
2
votes
1
answer
162
views
HttpConnectionOptions.AccessTokenProvider not evaluated on every request
I have the following ASP.NET Core (.NET 7) SignalR test hub:
public class TestHub : Hub
{
public async Task<string> GetToken()
{
return await Task.FromResult("testtoken"...
- 9,007
0
votes
2
answers
709
views
Difficulty signing JWT in .NET Framework 4.5 using pre-generated ES512 private key
The goal
I'm trying to make a simple HTTP Post request to an e-payment processing API, and their specifications require me to add a Bearer token to the payload. I.e., rest_request.AddHeader("...
- 23
0
votes
0
answers
154
views
I am encountering an issue with receiving a null value for the Postman bearer token in a Laravel middleware
I am currently experiencing an issue with my Laravel API on a cPanel-hosted environment. When making API requests from Postman with a Bearer token in the Authorization header, the token is not being ...
- 11
0
votes
1
answer
70
views
Where to implement the encryption on access token in clean architecture of android?
I implemented the Symmetric encryption of access token using Android KeyStore, but where I must do encryption process
Repository class where I receive data from Remote.
View Model class after passing ...
- 138
0
votes
1
answer
51
views
validating JWT Bearer token
We have a method called from back office to validate a bearer JWT token by its string token
but I'm getting an error when validating.
It's showing this exception:
IDX10503: Signature validation failed....
- 33
0
votes
1
answer
69
views
get User from String bearer token
we have a method that validates token and takes the user from Bearer token, but this method is not authorized, so how we retrieve the User data from string token
private static bool ValidateToken(...
- 33
1
vote
1
answer
1k
views
How to get the Bearer Token on Firebase Cloud Messaging using API HTTP V1
I have a backend server build on Delphi and I use Google FCM push notification service through pure HTTP requests. After Google implemented FCM API HTTP V1, my backend could not send push ...
- 615
0
votes
1
answer
415
views
Correct request from angular 18 with bearer token is getting null header in spring
I have my angular project working. In step 1, I'm able to login and get the token from my spring boot application. I save this token to localstorage. This request is posible because is not blocked by ...
- 405
0
votes
1
answer
121
views
Call endpoint protected with [Authorize] with HttpClient in Blazor wasm
I have a Blazor wasm frontend where I can authenticate myself with an App Registration on Azure. I can successfully login and my identity is correct. In other solution, I have a backend with protected ...
- 4,111
1
vote
1
answer
205
views
Flutter: How to refresh the token within the allowable time of the access token when it is still valid?
I'm new to Flutter and using the http package for network calls.
My goal is to refresh the token and retry the request if the access token has expired. I’ve seen the Dio package mentioned, but it ...
- 21
0
votes
1
answer
102
views
.Net Identity Bearer Token Expiration
I have different login methods for mobile and web application in .net webapi identity backend. Both clients are using ssame authentication scheme(IdentityConstants.BearerScheme). But I want to change ...
- 41
-1
votes
1
answer
54
views
.Net Identity Bearer Multiple Expiration Times
I'm developing .Net WebApi with Identity project and I'm using Bearer Authentication. I have two types of clients. Mobile and Web projects. They need to have different token expiration times. I have ...
- 41
0
votes
2
answers
260
views
How access Azure APIs
I am trying to access the Azure APIs, using postman, for example https://management.azure.com/tenants?api-version=2022-12-01 but completely lost with MS documentation. I went through some threads here ...
- 439
2
votes
0
answers
74
views
OpenSSL HMAC token creation leading to unknown seg fault
Im attempting to add some custom user access tokens to my Mongoose WS and Im generating an HMAC using OpenSSL lib to verify with. I'm using to all-in-one HMAC function provided by OpenSSL. However, *...
- 21
0
votes
0
answers
167
views
How do you get a new access token (or refresh it) for Salesforce API?
This question is about connecting to our Salesforce API.
After some debugging, it seems that we are getting an error 401 from our Salesforce environment (but not when I run the exact same code using ...
- 49
1
vote
1
answer
481
views
Problem creating and decoding jwttokens with Microsoft.IdentityModel.Tokens
I want to create a jwttoken with some claims.
Afterward I want to verify this token and get a ClaimsPrincipal object.
I use the following libraries:
using Microsoft.IdentityModel.Tokens;
using System....
- 61
0
votes
0
answers
49
views
Hide jwt with angular
I have a question regarding the security of my application.
I’m not an expert, far from it, and I’ve been tinkering for months to make something acceptable, and now I’m nearing the end.
I’ve hosted my ...
0
votes
0
answers
44
views
What is OWIN default user and password
I just created default WebApi project in Visual Studio which uses OWIN for authentication. What is its default user password as I need to get bearer token?
I also disabled OWIN from web.config by ...
- 3,477
0
votes
1
answer
205
views
Jwt priority HttpOnly Cookie versus Authorisation bearer
I have a backend in Asp.net Core that handle authorization with jwt tokens.
This backend may interact with differents clients.
To some of them (browser, compliant lib... ) it will send a secure ...
- 303
1
vote
1
answer
142
views
Authorization header is not send on redirect
I am trying to redirect to a new location and passing the authorization bearer. But it seems that the bearer token is not send.
I am doing this in my php code
header('Authorization: Bearer ' . $retval)...
-1
votes
1
answer
719
views
I'm using simple JWT for authentication in DRF project. when i try to access that api it showing bad_authorization_header
I am using simple jwt for my django rest framework project. I tried accessing using barrier token in postman it shows this error
{
"detail": "Authorization header must contain two ...
- 151
0
votes
1
answer
383
views
how to generate a bearer token for Azure api, with microsoft api
I already managed to get a bearer token with Az cli, but I would like to find another way. I got a bearer token with a request POST to microsoft oauth2 api, but this token doesn't work.
At first, I ...
-1
votes
2
answers
79
views
JWT Token still accepted after expiry Spring Boot 3.2 OAuth2 resource server
I am learning how to use JWT to build a Stateless backend API, This is a dummy learning project.
I am using Spring Boot's OAuth 2 resource server.
Since I just have a single backend, there is no need ...
- 288
0
votes
0
answers
202
views
How to use a custom authorization server for MS Office with OAuth2?
I am implementing a WebDav server and struggle with adding proper OAuth2 support to allow MS office applications to access files directly.
I followed this answer to get the workflow started. Let's say ...
- 32.7k
1
vote
1
answer
60
views
Challanging access by extracting JWT authorization from Cookie
I am using a Google authentication to generate JWT tokens (access token and refresh token), and send it to the client as HttpOnly cookies.
On my API currently a JwtBearer is set up, which expecting a ...
- 583
1
vote
1
answer
126
views
Bearer token not working with [Authorize] as @attribute
I cannot figure how to use @attribute [Authorize] in razor component with Bearer token authentication. When I decorate API controller with [Authorize] and attach bearer token to header, its working ...
1
vote
1
answer
2k
views
IDX10206: Unable to validate audience. The 'audiences' parameter is empty
I am trying to test that my .RequireAuthorization() are working in my custom minimal api endpoints by creating a JWT token from my CallingApi to the MinApi.
In my CallingApi, I am adding the generated ...
- 8,380
0
votes
1
answer
51
views
Automating API tests with C#
Trying to go from manually testing to automating API tests. Choosen to write the tests in C# and installed the following packages: Nunit, NUnit3TestAdapter, NewtonSoft.Json, Fluent Assertions and ...
0
votes
0
answers
243
views
Unable to get an access token from a blazor web app
I am creating a blazor web app is using microsoft examples for authentication.
Authentication works great, both with a username/password and with 3rd party (google) auth. I also have a maui native app ...
- 6,180
0
votes
1
answer
509
views
Azure Function App Authentication not working
I'm trying to secure a Serverless NodeJS Function App as mentioned in this example:
https://docs.cloudera.com/dataflow/cloud/azure-functions/topics/cdf-azure-function-secure-app.html
I set the ...
