IdentityModel / oidc-client-js

OpenID Connect (OIDC) and OAuth2 protocol support for browser-based JavaScript applications
Apache License 2.0
2.43k stars 840 forks source link

question: How to use client credentials flow? #1186

Closed bt-ihsanakin closed 4 years ago

bt-ihsanakin commented 4 years ago

I am trying to get access_token through client credentials flow using oidc-client. I couldn't find an example of usage for this flow. I am using following config but couldn't get access token.

var config = { authority: "http://localhost/IdentityServer", client_id: "abcdef", redirect_uri: "http://localhost/abc.Widget/index.html", response_type: "token", client_secret: "mysecret", grant_type: "client_credentials", scope: "myscope.API" };

var mgr = new Oidc.UserManager(config); mgr.signinRedirect(); // Should I use another method here?

the client definition in Identityserver (Config.cs) is like that ;

 new Client
            {
                AccessTokenLifetime = 28800,
                AbsoluteRefreshTokenLifetime  = 7776000,
                AllowAccessTokensViaBrowser = true,
                SlidingRefreshTokenLifetime = 7776000,
                ClientName = "myapi",
                ClientId = "abcdef",
                ClientSecrets =
                {
                    new Secret("mysecret".Sha256())
                },
                Claims =
                { 
                    new System.Security.Claims.Claim("username", "myname@mycompany.com")
                },

                RequireConsent = false,
                AllowedGrantTypes = GrantTypes.ClientCredentials,
                AccessTokenType = AccessTokenType.Reference,
                //AllowOfflineAccess = true,
                UpdateAccessTokenClaimsOnRefresh = true,

                AllowedScopes = new List<string>
                {
                    IdentityServerConstants.StandardScopes.OpenId,
                    "myscope.API" // Web API - Application
                },
                // where to redirect to after login
                RedirectUris = { "http://localhost/abc.Widget/index.html" },
                PostLogoutRedirectUris = { "http://localhost/abc.Widget/index.html" }
            },

the error is that ;

fail: IdentityServer4.Validation.AuthorizeRequestValidator[0] Invalid grant type for client: implicit { "ClientId": "abcdef", "ClientName": "WebApi", "RedirectUri": "http://localhost/abc.Widget/index.html", "AllowedRedirectUris": [ "http://localhost/abc.Widget/index.html" ], "SubjectId": "anonymous", "ResponseType": "token", "ResponseMode": "fragment", "GrantType": "implicit", "RequestedScopes": "", "State": "249b488e671347bf888ca54fdcbea37b", "Raw": { "client_id": "abcdef", "redirect_uri": "http://localhost/abc.Widget/index.html", "response_type": "token", "scope": "myapi.API", "state": "249b488e671347bf888ca54fdcbea37b" } } fail: IdentityServer4.Endpoints.AuthorizeEndpoint[0] Request validation failed

How can I solve the problem?

brockallen commented 4 years ago

This library does not support the client credentials grant type.