![invalid request. this video was rejected invalid request. this video was rejected](https://help-static-aliyun-doc.aliyuncs.com/assets/img/en-US/2778507951/p46412.png)
This means that the default authentication from the host must be ignored since the authentication will be performed against something else other than a cookie.
While the MVC templates use a cookie based authentication mechanism, the new SPA templates prefer to use a token based authentication model explicitly passed via the Authorization HTTP header (which is better since it avoids CSRF attacks). N.ProtocolMessage.IdTokenHint = idTokenHint If (n.ProtocolMessage.RequestType = OpenIdConnectRequestType.LogoutRequest) Var userInfo = await userInfoClient.GetAsync() New Uri(baseUri, "/auth/connect/userinfo"), N.(new Claim("id_token", n.ProtocolMessage.IdToken)) Var token = n.ProtocolMessage.AccessToken Notifications = new OpenIdConnectAuthenticationNotifications ResponseType = "id_token token", // "token" is required for ProtocolMessage.AccessToken PostLogoutRedirectUri = postLogoutRedirectUri, RequiredScopes = new Īpp.UseCookieAuthentication(new CookieAuthenticationOptionsĪpp.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary() Īpp.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptionsĪuthority = new Uri(baseUri, "/auth").ToString(), Public static void Configure(IAppBuilder app, string clientId, string authority, string redirectUri, string postLogoutRedirectUri)