I'm trying to configure GraphQL-dotnet authentication with IdentityServer 4, but failing to get the token validation working. In UI-playground, I'm using the Chrome ModHeader extension to add the auth header, but it seems like api not registering the token - it fails with "You are not authorized to run this query. The current user must be authenticated.". Is there something I'm missing? Thank you in advance.
services
.AddHttpContextAccessor()
.AddTransient<GraphQL.Validation.IValidationRule, GraphQL.Server.Authorization.AspNetCore.AuthorizationValidationRule>()
.AddAuthorizationCore(_ => {
_.AddPolicy(Policies.Authorized, p => p.RequireAuthenticatedUser());
})
.AddGraphQL(_ => {
_.SetFieldMiddleware = true;
_.EnableMetrics = true;
_.ExposeExceptions = !_hostEnvironment.IsProduction();
})
.AddGraphTypes(ServiceLifetime.Scoped)
.AddUserContextBuilder(httpContext => httpContext.User);
services
.AddAuthentication(_ => {
_.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
_.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
_.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddIdentityServerAuthentication(options => {
options.Authority = "http://localhost:5102";
options.SupportedTokens = SupportedTokens.Jwt;
options.RequireHttpsMetadata = false; // Note: Set to true in production
options.ApiName = "api1"; // Audience
});
