Identity Server 4: Why i receive unauthorized_client?

Asked 4/10, 2018 at 21:49 Answered 21/4, 2024 at 5:11

Solved model-view-controller authorization identityserver4

This is my initial setting for my mvc connecting with identity server.

 app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
        {                
            AuthenticationType = "oidc",
            SignInAsAuthenticationType = "Cookies",
            Authority = "http://identity.azurewebsites.net",
            RedirectUri = "http://localhost:62419/signin-oidc",
            PostLogoutRedirectUri = "http://localhost:62419/signout-callback-oidc",
            ClientId = "mvc", 
            ResponseType = "id_token",
            Scope = "openid profile",
            UseTokenLifetime = false,
            RequireHttpsMetadata = false,
            Notifications = new OpenIdConnectAuthenticationNotifications
            {
                SecurityTokenValidated = (context) =>
                {
                    var identity = context.AuthenticationTicket.Identity;
                    var name = identity.Claims.FirstOrDefault(c => c.Type == identity.NameClaimType)?.Value;

                    return Task.FromResult(0);
                }
            }
        });

I can get to the identity server. I received a message

Sorry, there was an error : unauthorized_client Invalid redirect_uri

I have added the redirectUri into the ClientRedirectUris table matched with the code shown above. Is there any other area i forgot to add or set.

Request url: http://identity.azurewebsites.net/home/error?errorId=CfDJ8BPcf2qEDmRMt0TtYfAIujdUrTeIfqktT2TIcVFNomo6u6QFAROi-gEI2wXHP8kbmmiSYIK1aRV1nL-h6tFY_KeZabkMhIzy-V_0vvo2-hUFfj6I66qJWSjPiRhSYmGZa_-kYlULMb8a1Bz6UQ9UV5L6VdLscQRhScCpnOYpM6Ku84KM_S-4eZXrAX13EaVhqjxhpNhD8jIU9kJkjAn1t6sLVGrfZSEM0tAOGkTXFvBzuoucYURIFhZPJPGjVuJuRegrS2vsLPALHJCv3MLrW9ImudDeCkgf9VhAHwrRLfP3TB_7i4OvEffZwhuDuCSoyQ

Shepherd answered 4/10, 2018 at 21:49 Comment(5)

Can you also include the actual request URL that generated this error please? – Pachyderm 4/10, 2018 at 22:22

I have added the url.. Is that u are looking for. – Shepherd 4/10, 2018 at 22:30

No it's the /connect/authorize endpoint request which should be before this one in your log. – Pachyderm 4/10, 2018 at 22:38

I added the RedirectUri in the wrong identityserver database. Now i can have no Invalid redirect_uri error but loginInfo in ExternalLoginCallback function was null and going back to login screen of the identityserver. – Shepherd 5/10, 2018 at 0:54

For me, I had to update the table ClientRedirectUris of the Identity Server database. – Contemporize 21/11, 2019 at 14:40

Late to the party but will add my two cents:

Generally the unauthorized_client means that there was something wrong with the validation of your client.

This can be any of the client settings:

Client Id
Client Secret (if used)
PKCE (if used)
Return Url
Scopes (not matching)
Grant Type (not allowed)

This is not an exhaustive list, there might be other properties that will lead to the client being rejected.

If you are getting this error, make sure your settings on the client end and the Identity Server end are matching, most likely there is some configuration misalignment.

Pinkiepinkish answered 21/4, 2024 at 5:11 Comment(0)

You have to make sure the redirect url matches a redirect url in your client configuration in IdentityServer. For example

    new Client
    {
        ClientId = "mvc",
        ClientName = "MVC Client",
        AllowedGrantTypes = GrantTypes.Implicit,

        // where to redirect to after login
        RedirectUris = { "http://localhost:62419/signin-oidc" },

        // where to redirect to after logout
        PostLogoutRedirectUris = { "http://localhost:62419/signout-callback-oidc" },

        AllowedScopes = new List<string>
        {
            IdentityServerConstants.StandardScopes.OpenId,
            IdentityServerConstants.StandardScopes.Profile
        }
    }

Make sure RedirectUris matches the redirect url set in your client 'http://localhost:62419/signin-oidc'

Laparotomy answered 5/10, 2018 at 6:14 Comment(1)

http/https difference in redirect url caused that error in my case. Thanks! – Dreamland 18/2, 2019 at 8:41

Also, make sure your scope matches the AlowedScopes in your client configuration. It would help if we could see the request URL. i.e.

https://identity.azurewebsites.net/connect/authorize?
client_id=mvc
&redirect_uri=http://localhost:62419/signin-oidc
&response_type=id_token
&scope=openid profile
&nonce=63653346343504
&state=CfDJAJDR
&response_mode=form_post

Declaration answered 5/10, 2018 at 20:24 Comment(0)