Similar Posts


  1. I got below error while trying the token request through POSTMAN.
    Used the same URL (token_endpoint) as in Jwks
    ———Unable to verify the first certificate————–

    I had disabled certificate verification in settings.
    How can I fix this issue and get the token.

  2. Hi ProCodeGuide, great article. I am new to OAuth, so this is a major help to get started.
    But I am having issue with this line of code:
    .AddIdentityServerAuthentication(“Bearer”, options =>
    options.ApiName = “weatherApi”;
    options.Authority = “https://localhost:44343″;
    specifically : “AddIdentityServerAuthentication”, it is giving me an error.
    “AuthenticationBuilder” does not contain a definition for “AddIdentityServerAuthentication” …

      1. Hello Sanjay, thank you for the reply. I did download the source code, and found that I added a NuGet package to the wrong project.

  3. Hello Sanjay, I am having issues with the Authentication (WeatherForecast). Bearer token. I can get the token from localhost. and then copy it in the Header. But I always get the same error result: invalid_token.
    Parsing the token using ( does work.

    here is the result from Postman:
    GET https://localhost:44394/WeatherForecast
    4.75 s
    Warning: Unable to verify the first certificate
    Request Headers
    Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IkM1OTMzNjU1QjhGNzIyMzRCQzQ0NTFFRjVEQjRCN0MwIiwidHlwIjoiYXQrand0In0.eyJuYmYiOjE2NjAwNTc3MTIsImV4cCI6MTY2MDA2MTMxMiwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NTAwMSIsImF1ZCI6IndlYXRoZXJBcGkiLCJjbGllbnRfaWQiOiJ3ZWF0aGVyQXBpIiwianRpIjoiNUUzRUY4RUNGRUM3MUY0NDE0QUVFQThDMDgzRDM3ODEiLCJpYXQiOjE2NjAwNTc3MTIsInNjb3BlIjpbIndlYXRoZXJBcGkucmVhZCJdfQ.j0evi_Lv_8D6BouPlSyFCjpdzrvO-d2W7hrHhj9SzhbbfrjKTS2gaTF8Emtx12ig7t9nKGo2Lds_IyaaByXwdrw-0BSstcttaCIG6x0lPcIEaFZwX74-pFmDzfy3z–clhM0QZF-UKXVgDvycQPwpC45EK0AD9E7NvNwOxo0ysNgfXy0I45WNuXCQiEVne1LnTlxL1ElgwWC6Y8JubnuXbFkqSzkVZeYRw9ibHaLzsrp67Kw3p7z4b4yYMPi46X6M1myhKj8JL8u6S7R9neUuQKqcYUWPbyOOSa_LSLR4ggiJJ09XWWgz9v13lwRz0ZmOIp5dXkWqdg8x2_93Skw_Q
    User-Agent: PostmanRuntime/7.29.2
    Accept: */*
    Postman-Token: 54c32668-4466-476c-8989-37b8ce5690c8
    Host: localhost:44394
    Accept-Encoding: gzip, deflate, br
    Connection: keep-alive
    Response Headers
    Transfer-Encoding: chunked
    Server: Microsoft-IIS/10.0
    WWW-Authenticate: Bearer error=”invalid_token”
    X-Powered-By: ASP.NET
    Date: Tue, 09 Aug 2022 15:09:45 GMT
    Response Body

        1. You can set the cookie expiration time in AddCookie() function as follows
          builder.Services.AddAuthentication(options =>
          options.DefaultScheme = “cookie”;
          options.DefaultChallengeScheme = “oidc”;
          .AddCookie(“cookie”,options =>
          options.ExpireTimeSpan = TimeSpan.FromMinutes(20);
          options.SlidingExpiration = true;

  4. Your article helped me a lot, love the way you explained all the terms and red points. I could replicate the exercise with no problem.

  5. Hi, I am new to IdentityServer and your article helped me a lot to understand about the IdentityServer and its implementation.

    I have one query, we are using asp .net framework web api 2 project, again i am new to this also. In this project there is no Startup or program.cs file to register the IdentityServer4 project that i have created to secure the Api endpoints. There is Global.asax file (Application_Start method) to kickstart the application.

    When i searched i came to know that IdentityServer4 is specifically designed for asp .net core framework and i couldn’t find any articles integrating IdentityServer4 with .net framework web api 2.

    Appreciate if you can provide any insights on this. and once again thanks for your great article.

Leave a Reply

Your email address will not be published. Required fields are marked *