Appsettings.json client's array doesn't get loaded.

[salazarcode]

Which version of Duende IdentityServer are you using? 6

Which version of .NET are you using? Net 7.0

Describe the bug The clients I am defining in my appsettings.json are not being loaded by Duende despite following the specifications in the documentation. I want to implement the client-credential flow, but when adding the client in appsettings.json or even through an intermediate class, my clients are not loaded. When testing in Postman against the corresponding URL /connect/token, I receive an invalid_client error.

To Reproduce

Into a server project of a Blazor WebAssembly application, add into appsettings.json the clients as follows into the IdentityServer configuration section:

  "IdentityServer": {
    "Key": {
      "Type": "Store",
      "StoreName": "My",
      "StoreLocation": "CurrentUser",
      "Name": "CN=MetisSigningCert"
    },
    "Clients": [
      {
        "Profile": "IdentityServerSPA",
        "ClientId": "Metis.WebUI.Client",
        "AccessTokenLifetime": 3600
      },
      {
        "Profile": "IdentityServerSPA",
        "ClientId": "fclient",
        "ClientSecrets": [
          { "Value": "K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=" }
        ],
        "AllowedGrantTypes": [ "client_credentials" ],
        "AllowedScopes": [ "mercury-api" ]
      }
    ]
  },

Try loading those clients by this instruction (according to Documentation at https://docs.duendesoftware.com/identityserver/v6/fundamentals/clients/)

                  .AddInMemoryClients(configuration.GetSection("IdentityServer:Clients"))

Expected behavior

To load the "fclient" and to retrieve a token with the token url.

Log output/exception with stacktrace

info: Duende.IdentityServer.Events.DefaultEventService[0]
      {
        "ClientId": "fclient",
        "Category": "Authentication",
        "Name": "Client Authentication Failure",
        "EventType": "Failure",
        "Id": 1011,
        "Message": "Unknown client",
        "ActivityId": "0HN3VTV0KIBO6:00000001",
        "TimeStamp": "2024-05-29T14:58:55Z",
        "ProcessId": 11240,
        "LocalIpAddress": "::1:7124",
        "RemoteIpAddress": "::1"
      }
fail: Duende.IdentityServer.Validation.ClientSecretValidator[0]
      No client with id 'fclient' found. aborting

[RolandGuijt]

I suspect the clients are loaded correctly. A client secret however should be a Sha256 hash of the secret encoded as Base64 string and what you're sending to the token endpoint should be the actual secret. If you look in the logs/console output you'll probably see that the client secret isn't correct.

[salazarcode]

I generated the secret token through this little console application, there you can see the "secret" word used as client_secret

It produces this token, that you can see in my previous images

I tried as you mention putting this very token into POSTMAN, but putting the very word "secret" produces the seem effect.

[salazarcode]

I tried loading from appsettings the clients, but despite I do it as the duende docs indicates the very client are null in my line 155

[RolandGuijt]

Please compare the JSON you're using to the JSON example on the webpage (your last screenshot). It looks like you've copied and pasted it from a Microsoft webpage. The format IdentityServer is using is different. I'm missing "Enabled" in your JSON for example and "Profile" isn't used. Also the "Key" information seems to be for a Microsoft product.

[salazarcode]

I did that way and produces a compile time error that you'll see here bellow.

That profile property seems to be some kind of Type? I don't know where it comes from but it prevents that error.

[RolandGuijt]

I've tried to load your exact client config and it seems to be valid. This error probably doesn't have anything to do with the client configuration. Can you please check the call stack of this exception to see where this is coming from? You can also post it if you need a second pair of eyes.

[RolandGuijt]

@salazarcode Did you solve this? If so I'd like to close this issue.

[RolandGuijt]

Closing this for now but feel free to reopen if the need arises.