Rabid Penguin Rabid Penguin - 1 month ago 14
C# Question

IdentityServer3 PostMan invalid_client

I've set up an an instance of IdentityServer3 running in IIS.

var validators = new List<Registration<ISecretValidator>>
{
new Registration<ISecretValidator, HashedSharedSecretValidator>(),
new Registration<ISecretValidator, X509CertificateThumbprintSecretValidator>()
};

// .Register() is an extension method that setups that setups the
// IdentityServerServiceFactory
var factory = new EntityFrameworkServiceOptions()
.Register()
.UseInMemoryUsers(Users.Get());
factory.SecretValidators = validators;

app.Map($"/{IdentityServer.Path}", server =>
{
server.UseIdentityServer(new IdentityServerOptions()
{
RequireSsl = false,
SiteName = siteName,
SigningCertificate = Certificate.Load(),
Factory = factory,

// Currently does nothing. There are no plugins.
PluginConfiguration = ConfigurePlugins,
AuthenticationOptions = new AuthenticationOptions()
{
EnablePostSignOutAutoRedirect = true,

// Currently does nothing. There are no IdentityProviders setup
IdentityProviders = ConfigureIdentityProviders
}
});
});


I've setup a Client in EF database for Client Credentials Flow. So there is a client in the
Client
table, I've given the client access to a scope in the
ClientScopes
table, and I've given the client a secret in the
ClientSecrets
table.

The pertinent values stored in the database are (all values not listed are the IdentityServer3 defaults):

ClientId = 'client'
Flow = 'ClientCredentials [3]'
ClientScope = 'api'
ClientSecret = 'secret'.Sha256()


I'm trying to get a new token from Postman:enter image description here

enter image description here

The IdentityServer is running on a test server which is why I don't have "Request access token locally" selected.

When I click "Request Token" I get the following error logged:

2016-09-16 16:18:28.470 -05:00 [Debug] Start client validation
2016-09-16 16:18:28.470 -05:00 [Debug] Start parsing Basic Authentication secret
2016-09-16 16:18:28.470 -05:00 [Debug] Parser found secret: "BasicAuthenticationSecretParser"
w3wp.exe Information: 0 : 2016-09-16 16:18:28.470 -05:00 [Information] Secret id found: "client"
2016-09-16 16:18:28.470 -05:00 [Debug] No matching hashed secret found.
w3wp.exe Information: 0 : 2016-09-16 16:18:28.470 -05:00 [Information] Secret validators could not validate secret
w3wp.exe Information: 0 : 2016-09-16 16:18:28.470 -05:00 [Information] Client validation failed.
w3wp.exe Information: 0 : 2016-09-16 16:18:28.470 -05:00 [Information] End token request
w3wp.exe Information: 0 : 2016-09-16 16:18:28.470 -05:00 [Information] Returning error: invalid_client


I'm not really sure why the validators cannot validate the secret. It's saved in the database as Sha256 and IdentityServer can parse and validate Sha256.

UPDATE:
I got it to work doing a POST from Postman and filling out the appropriate x-www-form-urlencoded fields, but I still haven't figured out how to get it to work using the Authorization tab and "Get New Access Token" feature of Postman. Can that not be used to get access tokens from IdentityServer3?

Answer

I've got it working, but NOT using the "Get New Access Token" feature of Postman. I couldn't figure out why that wasn't working :p Instead I just posted to the token URL which gave me an access token, then I was able to use that in subsequent calls to my services.

POST: https://{{server}}/connect/token client_id: client_secret: grant_type: client_credentials scope:

Then to use it in your server calls add the following to your header:

Authorization: Bearer [access_token]