search

IdentityServer / IdentityServer3.AccessTokenValidation

OWIN Middleware to validate access tokens from IdentityServer3
Apache License 2.0
91 stars 149 forks source link

Unable to create to obtain configuration when running a webapi in same host as idsrv #126

Closed stevengopmo closed 7 years ago

stevengopmo commented 7 years ago

I get the following error in my application when trying to validate the token.

11/23/2016 15:32:55 -05:00 [Error] 1   Error contacting discovery endpoint: System.InvalidOperationException: IDX10803: Unable to create to obtain configuration from: 'https://localhost:44334/core/.well-known/openid-configuration'. ---> System.IO.IOException: Unable to get document from: https://localhost:44334/core/.well-known/openid-configuration ---> System.Threading.Tasks.TaskCanceledException: A task was canceled.
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.<GetDocumentAsync>d__0.MoveNext()
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.<GetDocumentAsync>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.IdentityModel.Protocols.OpenIdConnectConfigurationRetriever.<GetAsync>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.<GetConfigurationAsync>d__3.MoveNext()
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.<GetConfigurationAsync>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.<GetConfigurationAsync>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at IdentityServer3.AccessTokenValidation.DiscoveryDocumentIssuerSecurityTokenProvider.<<RetrieveMetadata>b__0>d__4.MoveNext() in c:\local\identity\server3\AccessTokenValidation\source\AccessTokenValidation\Plumbing\DiscoveryDocumentIssuerSecurityTokenProvider.cs:line 0
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at IdentityServer3.AccessTokenValidation.AsyncHelper.RunSync[TResult](Func`1 func) in c:\local\identity\server3\AccessTokenValidation\source\AccessTokenValidation\Plumbing\AsyncHelper.cs:line 34
   at IdentityServer3.AccessTokenValidation.DiscoveryDocumentIssuerSecurityTokenProvider.RetrieveMetadata() in c:\local\identity\server3\AccessTokenValidation\source\AccessTokenValidation\Plumbing\DiscoveryDocumentIssuerSecurityTokenProvider.cs:line 143

I'm using the following versions

Initially I thought this was related to similar to Issues #113, #114, #115, but now I am not convinced as everything works fine until this code is hit

app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
{
    Authority = "https://localhost:44334/core",
    RequiredScopes = new[] { "myScope" },
});

The project that is attempting to validate this token is a WebApi running in the same host as identity server, it doesn't seem like that should cause a problem but maybe it's a race condition?

I have another application that uses the AccessTokenValidation in the same manner and all works as expected.

leastprivilege commented 7 years ago

Try adding DelayLoadMetadata to the access token validation MW config.

stevengopmo commented 7 years ago

That did it. Thank you !

On Nov 24, 2016 4:30 AM, "Dominick Baier" notifications@github.com wrote:

Try adding DelayLoadMetadata to the access token validation MW config.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/IdentityServer/IdentityServer3.AccessTokenValidation/issues/126#issuecomment-262729839, or mute the thread https://github.com/notifications/unsubscribe-auth/ANj1hx4SZbuk8tr_9Jh6fqIQWcDDL8Xyks5rBVlKgaJpZM4K7CJY .

tiwari-abhishek commented 6 years ago

I am using the exact same versions of IdentityModel and dentityServer3.AccessTokenValidation components and this thing had me struggle for hours till I landed here. DelayLoadMetadata = true solved it