Jeremy S Brown

Professional Learner with a Passion for Writing Software

Powered by Genesis

Troubleshooting Decoupled OWIN Authorization Server and Resource Server

March 28, 2015 by Jeremy Leave a Comment

Spent a good part of my morning troubleshooting why a new Web API project would not accept the authorization token from my authorization server. It had the proper machine key to match the authorization server, and the OWIN pipeline was configured identically to its sister project. After the first frustrating hour I realized it had to be something bonehead simple because the first resource server would accept the token just fine. Then the head slap! The new project was using the latest OWIN middle ware and after upgrading the first resource server it too would no longer accept the token. After upgrading the authorization server to the latest middle ware they both starting working.

Lesson Learned:
Always make sure your Authorization Server and Resource Servers are running the same OWIN middle ware versions. If there is a mismatch it could result in the resource server always return a 401. I am sure this was documented somewhere and I just didn’t see it.

Filed Under: ASP.NET Web API, Note To Self, OWIN Tagged With: OAuth, OWIN, Web API