WARN BROCKEN

src/Api/Program.cs

@@ -45,7 +45,8 @@ internal class Program
                 // this defines a CORS policy called "default"
                 options.AddPolicy("default", policy =>
                 {
-                    policy.WithOrigins("https://localhost:5003")
+                    policy.WithOrigins("https://localhost:5003"
+                    ,"http://localhost:5002")
                         .AllowAnyHeader()
                         .AllowAnyMethod();
                 });
@@ -53,7 +54,7 @@ internal class Program
             .AddControllersWithViews();
 
         // accepts any access token issued by identity server
-        var authenticationBuilder = services.AddAuthentication()
+        var authenticationBuilder = services.AddAuthentication("Bearer")
                  .AddJwtBearer("Bearer", options =>
                  {
                      options.IncludeErrorDetails = true;
@@ -84,19 +85,18 @@ internal class Program
             app
                 .UseRouting()
                 .UseAuthentication()
-                .UseAuthorization().UseCors("default")
+               .UseAuthorization().UseCors("default")
                 .UseEndpoints(endpoints =>
                 {
-                    endpoints.MapDefaultControllerRoute()
+                    endpoints.MapDefaultControllerRoute().RequireAuthorization("ApiScope");
-                        .RequireAuthorization();
                 });
-            app.MapIdentityApi<ApplicationUser>().RequireAuthorization("ApiScope");
+            //app.MapIdentityApi<ApplicationUser>().RequireAuthorization("ApiScope");
-            app.UseSession();
+             app.MapGet("/identity", (HttpContext context) =>
+            new JsonResult(context?.User?.Claims.Select(c => new { c.Type, c.Value }))
+        ).RequireAuthorization("ApiScope");
+
+            // app.UseSession();
             await app.RunAsync();
         };
-
-
-
-
     }
 }

src/Yavsc.Server/Config.cs

@@ -76,7 +76,9 @@ public static class Config
 
                 RedirectUris = { "https://localhost:5003/signin-oidc",
                 "http://localhost:5002/signin-oidc"  },
-                PostLogoutRedirectUris = { "https://localhost:5003/signout-callback-oidc" },
+                PostLogoutRedirectUris = { 
+                    "http://localhost:5002/signout-callback-oidc",
+                    "https://localhost:5003/signout-callback-oidc" },
 
                 AllowOfflineAccess = true,
 
@@ -86,6 +88,10 @@ public static class Config
                     IdentityServerConstants.StandardScopes.Email,
                     IdentityServerConstants.StandardScopes.OfflineAccess,
                     "scope2" }
+                    ,
+                AllowedCorsOrigins=new string[]{"*"},
+                AllowRememberConsent=true
+                
             },
         };
 

src/Yavsc/Extensions/HostingExtensions.cs

@@ -303,14 +303,14 @@ public static class HostingExtensions
         string? googleClientSecret = configurationRoot["Authentication:Google:ClientSecret"];
      
         var authenticationBuilder = services.AddAuthentication()
-            .AddJwtBearer("Bearer", options =>
+        .AddJwtBearer("Bearer", options =>
             {
                 options.IncludeErrorDetails = true;
                 options.Authority = "https://localhost:5001";
                 options.TokenValidationParameters =
                     new() { ValidateAudience = false };
             });
-
+            
         authenticationBuilder.AddGoogle(options =>
         {
             options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
@@ -329,7 +329,9 @@ public static class HostingExtensions
             .AddInMemoryClients(Config.Clients)
             .AddInMemoryApiScopes(Config.ApiScopes)
             .AddAspNetIdentity<ApplicationUser>()
-            .AddJwtBearerClientAuthentication();
+            .AddJwtBearerClientAuthentication()
+          //  .AddProfileService<ProfileService>()
+            ;
         if (builder.Environment.IsDevelopment())
         {
             identityServerBuilder.AddDeveloperSigningCredential();

src/cli/Startup.cs

@@ -130,7 +130,6 @@ namespace cli
             {
                 options.ResourcesPath = "Resources";
             });
-
             services.Configure<SharedAuthenticationOptions>(options =>
             {
                 options.SignInScheme = "Bearer";
@@ -138,7 +137,7 @@ namespace cli
 
             services.AddTransient<Microsoft.Extensions.WebEncoders.UrlEncoder, UrlEncoder>();
 
-            services.AddAuthentication();
+            services.AddAuthentication("Bearer");
 
             services.AddSingleton(typeof(IApplicationEnvironment), svs => PlatformServices.Default.Application);
             services.AddSingleton(typeof(IRuntimeEnvironment), svs => PlatformServices.Default.Runtime);

src/sampleWebAsWebApiClient/Controllers/HomeController.cs

@@ -44,7 +44,7 @@ namespace testOauthClient.Controllers
 
             var client = new HttpClient();
             client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
-            var content = await client.GetStringAsync("https://localhost:6001/api/account/me");
+            var content = await client.GetStringAsync("https://localhost:6001/identity");
 
             ViewBag.Json = content;
             return View("json");