挥舞着使用JWT令牌时不允许检索

Question

当我通过挥霍的方式将令牌发送到api时，我仍会受到401的未经授权

内容长度：0日期：星期六，2020年6月6日12:51:50 GMT服务器： Microsoft-IIS / 8.5严格传输安全性：max-age = 2592000
www-authenticate：Bearer error =“ invalid_token”，error_description =“ The 签名无效” x-powered by：ASP.NET

这是我的ConfigureServices配置

 services.AddSwaggerGen(c => {
 c.SwaggerDoc("v1", new OpenApiInfo { Title = "App Manager - Running Buddies", Version = "v1" });
 c.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme {
                Description = "JWT Authorization header using the Bearer scheme.",
                Name = "Authorization",
                In = ParameterLocation.Header,
                Type = SecuritySchemeType.Http,
                Scheme = "bearer",
                BearerFormat = "JWT"

            });

            c.AddSecurityRequirement(new OpenApiSecurityRequirement{
   {
    new OpenApiSecurityScheme{
        Reference = new OpenApiReference{
            Id = "Bearer", //The name of the previously defined security scheme.
            Type = ReferenceType.SecurityScheme
        }
    },new List<string>()  }
    });


        });

        services.AddTokenAuthentication(Configuration);

我的AddTokenAuthentication调用（它是配置身份验证JWT承载的扩展）可以大摇大摆地禁止测试，因为它的交换令牌

 public static class AddTokenAuthentications {
    public static IServiceCollection AddTokenAuthentication(this IServiceCollection services, IConfiguration config) {
        var secret = config.GetSection("JwtToken").GetSection("SecretKey").Value;
        var keySecret = Base64UrlEncoder.DecodeBytes(secret);

        var key = Encoding.ASCII.GetBytes(keySecret.ToString());
        services.AddAuthentication(x => {
            x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
            x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
        })
               .AddJwtBearer(x => {

                   {

              //        x.Audience = config.GetSection("JwtToken").GetSection("Audience").Value;
                    //   x.Authority = config.GetSection("JwtToken").GetSection("Authority").Value;

                       x.RequireHttpsMetadata = false;
                       x.SaveToken = true;
                       x.TokenValidationParameters = new TokenValidationParameters {
                           ValidateIssuerSigningKey = true,
                           IssuerSigningKey = new SymmetricSecurityKey(key),
                           ValidateIssuer = false,
                           ValidateAudience = false
                       };
                   }
               });

        return services;
    }

如您所见，barrer令牌位于curl语句中，因此应该对其进行授权

curl -X GET“ https：// ****** / api / BmiInformations / bmi / all” -H“接受： text / plain“ -H”授权：不记名 eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1OTE0NDk5NjIsImlzcyI6Imh0dHBzOi8vYXBpLWZpdG5lc3NidWRkaWVzLm5ldCIsImF1ZCI6Imh0dHBzOi8vYXBpLWZpdG5lc3NidWRkaWVzLm5ldCJ9.txG4OUUcfOqdDSBvPWJTuMaQ0RbThbvQwPiwgAleUrk“

编辑2 如您所见，jwt令牌有效

https://jwt.io/#debugger-io?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1OTE0NjEwNzksImlzcyI6Imh0dHBzOi8vbG9jYWxob3N0OjQ0Mzk2LyIsImF1ZCI6Imh0dHBzOi8vbG9jYWxob3N0OjQ0Mzk2LyJ9.pkw-RisnhJ6J2XuC8tynFeiN_zEygYblulNA4mqRbac