Home > Back-end >  IdentityServer: fetch requests fails after some time, because user gets authenticated again
IdentityServer: fetch requests fails after some time, because user gets authenticated again

Time:02-03

I have a asp.net core web application, which is connected to an identityserver. I can log in and log out without any problem. My problem is, i have many fetch requests to update some data in my page without reload the page. after sometime, the fetch requests gets forwarded to the endpoint "signin-oidc" and it returns a html error!

the fetch request is as following:

function ReqeustImageFromServer(guid, controller, action) {
var ajx = function () {
  return new Promise(function (resolve, reject) {
     $.ajax({
        type: "GET",
         url: PAGE_BASE_PATH   "/"   controller   "/"   action   "?GUID="   guid ,
        dataType: 'json',
        success: function (data) {
           resolve(data)
        },
        error: function (err) {
           reject(err);
        }
     });
  });
}
return ajx();
}

the error catched by the try catch at the fetch request is as following:

{"readyState":4,"responseText":"<html><head><meta http-equiv='X-UA-Compatible' content='IE=edge' /><base target='_self'/></head><body><form method='post' action='https://tu_elam2020/flowchart/signin-oidc'><input type='hidden' name='code' value='FD644F046911C8141FA455C74700DDB925020ECB843936E1B177B227B33D93F2' />\n<input type='hidden' name='scope' value='openid profile roles offline_access IdentityServerApi' />\n<input type='hidden' name='state' value='CfDJ8Ahux529-J9FqVkcJ6VRjkmuYUrfgO7yb64nPlQQNx1bCz2evlk0fy6BhaWa2tmzc7YPGDbq3nTbQMfbZhR1Gbz7F0OcqzqPpPPBHiejRjkzg5C3_brtc1ebGDNdNvHxvUTpcu6AASzXzAjTmzr9ICh_pQuGGcH8bqJcoIhXKdnStqGA5hD8Afquvi7dTWIY83CCibp9FmI9NgVnpZ2l3m48EXhllZyURF6wCDrz_LuAOhOoUf3J4HYPGgZ7fUuNbLmfh56kp6y9C1CvN8A7SHlAbSyEZHaVq1E84dgouVUmRQ8BNl9FlAynHbUxLH9pFo5SxhFjqqr3NWs8cpZ8n0jHCEcu7KM3Qvs6Ph6Mrs2Gr699xCveUS7VbjnlhFe9D36q9d1TmeCyPRc_1X2y0t3yEDI42XCHVQeZKLxbINsDfxZjkwmYZOgunexIH8laUx8ehhx9-JmE0KDVodQ_xWNdTrEph3NXeVuxXMO5rKnfyy43YjhIq5AN5YMpQlScPA' />\n<input type='hidden' name='session_state' value='zfffMZKIbc_SOqDfN9Xnt19T3Y_hm7do5677r6BCNoU.7D6C35D47AAAED1B6945DE2BD29D415D' />\n<noscript><button>Click to continue</button></noscript></form><script>window.addEventListener('load', function(){document.forms[0].submit();});</script></body></html>","status":200,"statusText":"parsererror"}

but when i redo the action to trigger the fetch request it works normally!

I don't know how should i handle this? I assume this occures, when the identityToken expires and it renews itself. But even so, how can i let my fetch requests continue doing what it has to do?

Hope you can help me there. Thank you in advanced

CodePudding user response:

What you see in the response is the authorization code that IdentityServer is returning back to the browser. The browser is then meant to automatically submit the form data back to the client so that the user can login.

What you see is part of the flow when a human user is logging in and you should not see that when you make an API call.

When you make an API request, you should just return status code 401/403 and not challenge the user to login again.

This is because you have the API and web site in the same service.

The main problem is that your backend is challenging the OpenIDConnect handler instead of the JwtBearer handler when the user is not allowed to access the resource you are requesting.(you do use AddJwtBearer?)

In your fetch, should that always be allowed or should it be protected using JWT tokens?

If it should be public you need to add the AllowAnonymous attribute to the controller.

Page link:https//www.codepudding.com/Backend/286422.html

Prev:How to control response wrapping in ABP on a per-route basis?
Next:Find the date of a given day, from today in python
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding