HttpEndpoint never getting triggered.

[manoelnunesborba]

I have my backend project protected with authentication and authorisation (JWT). This seams to work fine, in Studio user can login with OpenIdConnect, then token is saved and is sent to API.

I've also used postman to test, and token works great (/elsa/api/workflow-definitions).

I've setted:

elsa.UseHttp(http => http.ConfigureHttpOptions = options =>
{
    options.BaseUrl = new Uri("https://localhost:44314"); // API runs on this port
    options.BasePath = "/workflows";
});

as per documentation

I've also added the hello-world definition and I can see it on Studio

But when calling the endpoint at https://localhost:44314/workflows/hello-world it just gives a 403 status code (If I remove the Auth token it gives 401).

I've also added a middleware just to check it the request is hitting the server. And indeed it is.

Any help would be appreciated

[manoelnunesborba]

Solved !

builder.Services.AddAuthorization(options =>
{
    var authenticated = new AuthorizationPolicyBuilder()
        .AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme)
        .RequireClaim("scope", apiScope) // => Causing the issue
        .Build();
    options.DefaultPolicy = authenticated;
    options.FallbackPolicy = authenticated;
});

The issue was especting a api scope that was not sent by identity server.

[sfmskywalker]

Glad to see that you figured it out! And kudos for sharing the solution here, this will be helpful to others as well when they run into the same or similar issue 😃