1. Home
2. Questions
3. AI Assist
4. Tags
5. Challenges
6. Chat
7. Articles
8. Users
9. Companies
11. Communities for your favorite technologies. Explore all Collectives
Stack Internal

Stack Overflow for Teams is now called Stack Internal. Bring the best of human thought and AI automation together at your work.
Try for free Learn more
Bring the best of human thought and AI automation together at your work. Learn more

AuthorizationCode flow working using browser but not using Postman

Asked 10 months ago

Viewed 52 times

I have an Authentication Server application (AuthServer) using OpenIdDict. And a client application (ClientApp) which has a simple controller action:

Startup client configuration:

builder.Services
 .AddAuthentication(o => { o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; })
 .AddCookie()
 .AddOAuth("OpenIddict.Server.AspNetCore", o => { 
 o.AuthorizationEndpoint = new Uri($"{AuthenticationServerUrl}connect/authorize").AbsoluteUri;
 o.TokenEndpoint = new Uri($"{AuthenticationServerUrl}connect/token").AbsoluteUri;
 o.ClientId = "testoauth";
 o.ClientSecret = "testsecret";
 o.CallbackPath = new PathString("/callback/login/local");
 o.UsePkce = true;
 });

The client controller action:

[HttpGet("oauth")]
[Authorize(AuthenticationSchemes = "OpenIddict.Server.AspNetCore")]
public IActionResult OAuth2() => Ok($"Successfully authorized with authorizationcode flow.");

I think it has something todo with the cookie: ".AspNetCore.Identity.Application". It is not created somehow using Postman. I see that the Cookie is created in the browser dev-tools. Postman generates the access_token successfully. But is not added to the cookies collection.

Fix: After creation of the access_token, Postman is not added this cookie to the request header. It can be found in the Console section of Postman, so add it manually. Do the request again and the action will be called.

Improve this question

edited Mar 13, 2025 at 6:49

asked Mar 11, 2025 at 14:28

Christiaan's user avatar

Christiaan

893 silver badges9 bronze badges

May I know what is your problem now? Or what trapped you?

Tiny Wang
– Tiny Wang

2025年03月12日 03:31:13 +00:00
Commented Mar 12, 2025 at 3:31
1

@TinyWang Never mind, I found my answer. The issue was that the .AspNetCore.Identity.Application cookie was not automatically added to the Postman cookies. So I manually added the cookie to the Postman cookies collection. This cookie can be found in the Postman console when generating the access_token.

Christiaan
– Christiaan

2025年03月13日 06:46:23 +00:00
Commented Mar 13, 2025 at 6:46
Please post the fix as an answer - don't edit it into the question itself.

EJoshuaS - Stand with Ukraine
– EJoshuaS - Stand with Ukraine

2025年03月13日 19:14:11 +00:00
Commented Mar 13, 2025 at 19:14

Add a comment |

0

Sorted by: Reset to default

Know someone who can answer? Share a link to this question via email, Twitter, or Facebook.

Your Answer

Draft saved

Draft discarded

Sign up or log in

Post as a guest

Name

Required, but never shown

Post as a guest

Name

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.

CollectivesTM on Stack Overflow

AuthorizationCode flow working using browser but not using Postman

0

Know someone who can answer? Share a link to this question via email, Twitter, or Facebook.

Your Answer

Sign up or log in

Post as a guest

Post as a guest

Hot Network Questions