Access_denied. Unauthorized. Error_uri is null


I have an ASP.NET Core 2.2 web application with a third party authorization/authentication service to handle a private key.

I am attempting to keep the private key out of source control and using a global environment variable set on my computer that contains the private key value.

But it would appear it is not working even though I can see it’s value output into the path variable when I enter the command “path” into the CLI. I have gone through so many articles about hiding a private key via a global windows environment variable but they’re all to do with Node.js apps. I suspect the problem lies on the client.

Steps to reproduce

To summarise the steps:

  1. OPTIONAL Create an Auth0 account and use their quickstart if you want for ASP.NET Core v2.1. And once you have downloaded the app, copy the Client Secret value to clipboard.

  2. Type into your start menu search bar “Edit environment variables for your account” and select that option when it appears.

  3. Add new variable called AUTH0_CLIENT_SECRET which will be for our private key.

  4. Swap this made up private key value…

"ClientSecret": "78y9t3287UYIG32e3redfe"

For the global environment variable we created in the Environment Variables window.

"ClientSecret": "{AUTH0_CLIENT_SECRET}"

Expected behaviour

I can authorize my user like I always have been able to sign into the application.

Actual behaviour

Moment I sign in I will get this error.

Message contains error: 'access_denied', error_description: 'Unauthorized', error_uri: 'error_uri is null', status code '401'.

Environment data

 Version: 2.2.6 

Runtime Environment:    
 OS Name:     Windows   
 OS Version:  10.0.18363
 OS Platform: Windows   
 RID:         win10-x64