search

DuendeSoftware / Support

Support for Duende Software products
20 stars 0 forks source link

400 / Error on Token Refresh? #794

Closed DANDINARDO closed 1 year ago

DANDINARDO commented 1 year ago

Version: Duende IdentityServer 6.2.1

.NET Version: .NET 6

When refreshing a token we receive the following error (everything else seems to work perfectly) ...

System.InvalidOperationException: No signing credential for algorithms (1) registered. at Duende.IdentityServer.Services.DefaultKeyMaterialService.GetSigningCredentialsAsync(IEnumerable`1 allowedAlgorithms) in //src/IdentityServer/Services/Default/DefaultKeyMaterialService.cs:line 73 at Duende.IdentityServer.Services.DefaultTokenService.CreateIdentityTokenAsync(TokenCreationRequest request) in //src/IdentityServer/Services/Default/DefaultTokenService.cs:line 112 at Duende.IdentityServer.ResponseHandling.TokenResponseGenerator.CreateIdTokenFromRefreshTokenRequestAsync(ValidatedTokenRequest request, String newAccessToken) in //src/IdentityServer/ResponseHandling/Default/TokenResponseGenerator.cs:line 533 at Duende.IdentityServer.ResponseHandling.TokenResponseGenerator.ProcessRefreshTokenRequestAsync(TokenRequestValidationResult request) in //src/IdentityServer/ResponseHandling/Default/TokenResponseGenerator.cs:line 241 at Duende.IdentityServer.ResponseHandling.TokenResponseGenerator.ProcessAsync(TokenRequestValidationResult request) in //src/IdentityServer/ResponseHandling/Default/TokenResponseGenerator.cs:line 102 at Duende.IdentityServer.Endpoints.TokenEndpoint.ProcessTokenRequestAsync(HttpContext context) in //src/IdentityServer/Endpoints/TokenEndpoint.cs:line 108 at Duende.IdentityServer.Endpoints.TokenEndpoint.ProcessAsync(HttpContext context) in //src/IdentityServer/Endpoints/TokenEndpoint.cs:line 75 at Duende.IdentityServer.Hosting.IdentityServerMiddleware.Invoke(HttpContext context, IdentityServerOptions options, IEndpointRouter router, IUserSession userSession, IEventService events, IIssuerNameService issuerNameService, ISessionCoordinationService sessionCoordinationService) in //src/IdentityServer/Hosting/IdentityServerMiddleware.cs:line 101 at Duende.IdentityServer.Hosting.IdentityServerMiddleware.Invoke(HttpContext context, IdentityServerOptions options, IEndpointRouter router, IUserSession userSession, IEventService events, IIssuerNameService issuerNameService, ISessionCoordinationService sessionCoordinationService) in //src/IdentityServer/Hosting/IdentityServerMiddleware.cs:line 117 at Duende.IdentityServer.Hosting.MutualTlsEndpointMiddleware.Invoke(HttpContext context, IAuthenticationSchemeProvider schemes) in //src/IdentityServer/Hosting/MutualTlsEndpointMiddleware.cs:line 94 at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Duende.IdentityServer.Hosting.DynamicProviders.DynamicSchemeAuthenticationMiddleware.Invoke(HttpContext context) in //src/IdentityServer/Hosting/DynamicProviders/DynamicSchemes/DynamicSchemeAuthenticationMiddleware.cs:line 47 at Duende.IdentityServer.Hosting.BaseUrlMiddleware.Invoke(HttpContext context) in //src/IdentityServer/Hosting/BaseUrlMiddleware.cs:line 27 at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

Configuration: 

    public void ConfigureServices(IServiceCollection services)
    {
        var structureMapContainer = new StructureMapContainer().GetContainer();
        var membershipOptions = structureMapContainer.GetInstance<IMembershipOptionsProvider>();
        var clientOptions = structureMapContainer.GetInstance<IClientStoreProvider>();

        services.AddIdentityServer()
            .AddKeyManagement()
            .AddMembershipService(membershipOptions.GetMembershipOptions())
            .AddOperationalStore(clientOptions.GetOperationalStoreOptions())
            .AddConfigurationStore(clientOptions.GetConfigurationStoreOptions())
            .Services.AddTransient<IResourceOwnerPasswordValidator, ResourceOwnerPasswordValidator>()
            .AddTransient<IExtensionGrantValidator, SocialGrantValidator>()
            .AddTransient<IAppSettingsProvider, AppSettingsProvider>()
            .Configure<IdentityServerOptions>(options => { options.AccessTokenJwtType = "JWT"; options.EmitStaticAudienceClaim = 
            true; });
             services.AddMvc(options => options.EnableEndpointRouting = false);
    }
DANDINARDO commented 1 year ago

Closing as I found my issue .... it turns out that I did not have AllowedIdentityTokenSigningAlgorithms set correctly in the database. I set an acceptable value of RSA256, and everything is working as expected.