Unable to authorize apis using bearer token #6635 | Support

surajlokhandemmew created 9 months ago

ABP Framework version: v8.0.0

UI Type: MVC but this error is while consuming api on flutter app

Database System: MongoDB

Tiered (for MVC) or Auth Server Separated (for Angular): no

Exception message and full stack trace:

when i am trying to access api using bearer token its responding with login page

5 Answer(s)

0

Anjali_Musmade created 9 months ago
Support Team Support Team Member

Hi,

Have you check this documentation https://community.abp.io/posts/consume-abp-api-from-flutter-app-adzzfnji ? please check if it helps you. if possible please give steps to reproduce or error logs.

thanks,

surajlokhandemmew created 9 months ago

Well i dont want to show webview of login page instead i am using connect/token api to get the token using below method

` Future&lt;AccessToken&gt; fetchAccessToken({
    required String username,
    required String password,
    required String grantType,
    required String clientId,
    required String clientSecret,
    required String scope,
  }) async {
    final response = await http.post(
      Uri.parse('$api/connect/token'),
      headers: &lt;String, String&gt;{
        'Content-Type': 'application/x-www-form-urlencoded',
      },
      body: {
        'username': username,
        'password': password,
        'grant_type': grantType,
        'client_id': clientId,
        'client_secret': clientSecret,
        'scope': scope,
      },
    );


   if (response.statusCode == 200) {
      print(response.body);
      final accessToken = AccessToken.fromJson(json.decode(response.body));
      await storeAccessToken(accessToken.accessToken, accessToken.expiresIn);
      await storeRefreshToken(accessToken.refreshToken);
      return accessToken;
    } else {
      throw Exception("Invalid username or password");
    }
  }

and trying to authorize api using this method

`  Future<http.Response> get(String url) async {
    String? token = await authViewModel.getValidAccessToken();
    return http.get(
      Uri.parse(url),
      headers: {
        'Authorization': 'Bearer $token',
      },
    );
  }`

, you can try reproducing using postman just get the access token using connect/token api and use it as bearer token to access secured api it responds with login page 401 response, check screen shots

and can i please get quick reply , this issue is delaying my deadline.

0

liangshiwei created 9 months ago
Support Team Fullstack Developer

Hi,

Which scope did you pass?

Typically they should contain the following:

address email phone roles profile offline_access <Your API resource name>

You can find the API resource name in the Module class
0

surajlokhandemmew created 9 months ago

Yes figured it out , is it documented anywhere??
0

liangshiwei created 9 months ago
Support Team Fullstack Developer

Hi,

ABP has no such document it is part of OpenID connect: https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims

Have an answer to this question? Log in and write your answer.