Rabid Penguin Rabid Penguin - 1 year ago 233
C# Question

IdentityServer3 PostMan invalid_client

I've set up an an instance of IdentityServer3 running in IIS.

var validators = new List<Registration<ISecretValidator>>
new Registration<ISecretValidator, HashedSharedSecretValidator>(),
new Registration<ISecretValidator, X509CertificateThumbprintSecretValidator>()

// .Register() is an extension method that setups that setups the
// IdentityServerServiceFactory
var factory = new EntityFrameworkServiceOptions()
factory.SecretValidators = validators;

app.Map($"/{IdentityServer.Path}", server =>
server.UseIdentityServer(new IdentityServerOptions()
RequireSsl = false,
SiteName = siteName,
SigningCertificate = Certificate.Load(),
Factory = factory,

// Currently does nothing. There are no plugins.
PluginConfiguration = ConfigurePlugins,
AuthenticationOptions = new AuthenticationOptions()
EnablePostSignOutAutoRedirect = true,

// Currently does nothing. There are no IdentityProviders setup
IdentityProviders = ConfigureIdentityProviders

I've setup a Client in EF database for Client Credentials Flow. So there is a client in the
table, I've given the client access to a scope in the
table, and I've given the client a secret in the

The pertinent values stored in the database are (all values not listed are the IdentityServer3 defaults):

ClientId = 'client'
Flow = 'ClientCredentials [3]'
ClientScope = 'api'
ClientSecret = 'secret'.Sha256()

I'm trying to get a new token from Postman:enter image description here

enter image description here

The IdentityServer is running on a test server which is why I don't have "Request access token locally" selected.

When I click "Request Token" I get the following error logged:

2016-09-16 16:18:28.470 -05:00 [Debug] Start client validation
2016-09-16 16:18:28.470 -05:00 [Debug] Start parsing Basic Authentication secret
2016-09-16 16:18:28.470 -05:00 [Debug] Parser found secret: "BasicAuthenticationSecretParser"
w3wp.exe Information: 0 : 2016-09-16 16:18:28.470 -05:00 [Information] Secret id found: "client"
2016-09-16 16:18:28.470 -05:00 [Debug] No matching hashed secret found.
w3wp.exe Information: 0 : 2016-09-16 16:18:28.470 -05:00 [Information] Secret validators could not validate secret
w3wp.exe Information: 0 : 2016-09-16 16:18:28.470 -05:00 [Information] Client validation failed.
w3wp.exe Information: 0 : 2016-09-16 16:18:28.470 -05:00 [Information] End token request
w3wp.exe Information: 0 : 2016-09-16 16:18:28.470 -05:00 [Information] Returning error: invalid_client

I'm not really sure why the validators cannot validate the secret. It's saved in the database as Sha256 and IdentityServer can parse and validate Sha256.

I got it to work doing a POST from Postman and filling out the appropriate x-www-form-urlencoded fields, but I still haven't figured out how to get it to work using the Authorization tab and "Get New Access Token" feature of Postman. Can that not be used to get access tokens from IdentityServer3?

Answer Source

I've got it working, but NOT using the "Get New Access Token" feature of Postman. I couldn't figure out why that wasn't working :p Instead I just posted to the token URL which gave me an access token, then I was able to use that in subsequent calls to my services.

POST: https://{{server}}/connect/token client_id: client_secret: grant_type: client_credentials scope:

Then to use it in your server calls add the following to your header:

Authorization: Bearer [access_token]

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download