IdentityServer "invalid_client" error always returned
Asked Answered
S

3

28

I'm trying to use IdentityServer3, but don't know why I'm getting "invalid_client" error always, always no matter what I do.

This is the code I'm using:

//Startup.cs (Auth c# project)
public void Configuration(IAppBuilder app) {
    var inMemoryManager = new InMemoryManager();
    var factory = new IdentityServerServiceFactory()
        .UseInMemoryClients(inMemoryManager.GetClients())
        .UseInMemoryScopes(inMemoryManager.GetScopes())
        .UseInMemoryUsers(inMemoryManager.GetUsers());

    var options = new IdentityServerOptions {
        Factory = factory,
        RequireSsl = false
    };

    app.UseIdentityServer(options);
}

InMemoryManager helper.

//InMemoryManager.cs
public class InMemoryManager {
    public List<InMemoryUser> GetUsers() {
        return new List<InMemoryUser> {
            new InMemoryUser {
                Username = "alice",
                Password = "password",
                Subject = "2",
                Claims = new [] {
                    new Claim("User name", "Alice")
                }
            }
        };
    }

    public IEnumerable<Scope> GetScopes() {
        return new[] {
            new Scope {
                Name = "api1",
                DisplayName = "API 1"
            }
        };
    }

    public IEnumerable<Client> GetClients() {
        return new[] {
            new Client {
                ClientName = "Silicon on behalf of Carbon Client",
                ClientId = "carbon",
                Enabled = true,
                //AccessTokenType = AccessTokenType.Reference,

                Flow = Flows.ResourceOwner,

                ClientSecrets = new List<Secret> {
                    new Secret("secret".Sha256())
                },

                AllowedScopes = new List<string> {
                    "api1"
                }
            }
        };
    }
}

This is the result I always get.

Postman error

I'm using postman to try the Auth Server, but I always get that error. I've read another solutions but none seeme to works, I don't know what else to try.

Cheers.

Symbolism answered 8/12, 2016 at 22:38 Comment(6)
I had problems with this error the other week but we were using Authorization Code grant & it was to do with the redirect URI - can you see anything in the logs?Baghdad
Have you enabled and checked the logs? they provide lots of infoFlorri
What is the flow you are using. is it resource owner?Barina
As always, enable logging to determine what's wrong.Nerves
Thanks folks. I did manage to get it work. Don't know why but just by adding the SigningCertificate to the IdentityServerOptions now works. BTW: I couldn't make the logging to work, some errors when installing Serilog.Sinks.ColoredConsole, anyway still working.Symbolism
@arosgab Could you please post an answer to your own question showing both the IdentityServer configuration and the request details on postman? Just like you put on the answer, but now with the correct configuration so that the request is made without the invalid_client error.Soutache
D
15

Just add the client_secret: secret in your Body. It will work!

enter image description here

Dividivi answered 11/2, 2019 at 6:14 Comment(1)
Hi @hitesh, it's not working for me. I am also facing same issueLovelace
U
7

Late answer, but for me this happened following the IdentityServer 4 tutorial when trying to log in with a username and password. I used the code from the first tutorial (using client credentials), and modified the client to use passwords. Afterwards, I kept getting this error.

To fix it, in the IdentityServer project, config.cs, in the GetClients method, set AllowedGrantTypes to GrantTypes.ResourceOwnerPassword, and change ClientId from client to ro.client (or whatever the client name is that you use in the Client project's program.cs).

Ufo answered 17/6, 2019 at 9:4 Comment(0)
E
3

Your request shoud be as follows:

  1. Authorisation header with clientId/clientSecret. carbon/secret in Your case. 1
  2. In Body. username/password shoud be alice/password in Your case. If Your don't need to refresh tokens, You might exclude offline_access scope from request. 2
Each answered 14/2, 2018 at 4:49 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.