Invalid_client using OpenIdConnect in client application
Asked Answered
A

2

13

I have an IdentityServer4 application running with ASP.NET Identity. I want to use that so users from another application can login through my remote identity server.

I have configured a client application in identity server with the following settings (showing only relevant settings):

ClientId: mvc
ProtocolType: oidc
ClientSecret: K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=

(URLs to client app)
RedirectUri: https://localhost:44313/signin-oidc
PostLogoutRedirectUri: https://localhost:44313/signout-callback-oidc

GrantType: Hybrid

client id

enter image description here

My client application (server side Blazor app) has the following settings configured in Startup.cs.

        // Add authentication
        services.AddAuthentication(options =>
        {
            options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
        })
        .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
        .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
        {
            options.RequireHttpsMetadata = false;
            options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.Authority = "http://localhost:5000/"; // local identity server url
            options.ClientId = "mvc";
            options.ClientSecret = "K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=";
            options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
            options.SaveTokens = true;
            options.GetClaimsFromUserInfoEndpoint = true;
            options.Scope.Add("profile openid web_api");
        });

When I start my client app, I then get redirect to my IdentityServer login page. I can then login with a username and password. When I login I then get redirected back to my client application https://localhost:44313/signin-oidc.

But then I get the following error on that page:

OpenIdConnectProtocolException: Message contains error: 'invalid_client', error_description: 'error_description is null', error_uri: 'error_uri is null'.

To me it looks like I am using the correct ClientId?

What am I doing wrong?

Armalda answered 18/11, 2019 at 21:43 Comment(0)
A
12

ClientSecret should contain the unencrypted value. Take a look at the documentation.

In your case secret.

options.ClientSecret = "secret";

I didn't look further, so if this change doesn't solve it then please let me know.

Anaya answered 19/11, 2019 at 5:35 Comment(1)
Your link to the documentation is deadPerfunctory
F
2

Please check Client Configuration (clientId), If it matches given client configuration or not.

In my case, issue was related with secret.

2 Things to note for secret issue:

  1. In the client application ,'ClientSecret' should be the 'unencryptedvalue' - plaintext.('secret' in following example)
  2. While doing the configuration for all clients, in identity server, please check the secret.Type, it should be 'SharedSecret'.

Example:

Secret secret = new Secret("secret".Sha256(), "Description");
secret.Type = "SharedSecret";
Farce answered 27/8, 2020 at 14:17 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.