search

IdentityServer / IdentityServer3

OpenID Connect Provider and OAuth 2.0 Authorization Server Framework for ASP.NET 4.x/Katana
https://identityserver.github.io/Documentation/
Apache License 2.0
2.01k stars 764 forks source link

Invalid authorization code using Authorization Code Flow #2153

Closed martinherr3 closed 8 years ago

martinherr3 commented 8 years ago

Hi,

I’m trying to implement the Authorization Code Flow with Identity Server 3. After doing some work, it seems that it is working Ok (the client receives the authorization code and then it changes it for id_token and access_token). The only problem that I’m having is that the IDS3 log is printing the following error:

iisexpress.exe Error: 0 : 2015-11-11 10:41:43.461 +13:00 [Error] Invalid authorization code: 83f13f98a458db02cd00e42c6cdaf7cb

I have the following configuration for the Client:

                 new Client
                {
                    ClientName = "FHICT_CLIENT",
                    ClientId = "FHICT_CLIENT",
                    Enabled = true,
                    RequireConsent=false,
                    RedirectUris= new List<string>{"https://localhost/F-OpenID/login.php", "http://localhost/F-OpenID/login.php"},
                    Flow = Flows.AuthorizationCode,
                    ClientSecrets = new List<Secret>
                    {
                        new Secret("MARTIN".Sha256())
                    },

                    AllowedScopes = new List<string>
                    {
                        "roles",
                         "openid",
                        "profile",
                        "email",
                    }                   
                }

I don’t know why is reading/ trying to read the Authorization Code more than one time. Moreover the Client is just receiving and sending the Authorization Code.

I have read the documentation and also the OpenId protocol, but I am still new to this subject. I got lost between Authorization Server obtains End-User Consent/Authorization. and Authorization Server sends the End-User back to the Client with an Authorization Code.

As attached file I'm sending you the IDS3 log. I would appreciate if you can share with me some thoughts about this. The bright side is that the client is receiving the id_token and access_token,

Thanks a lot,

Martin

brockallen commented 8 years ago

Really not sure. Did you ever make any progress on this?

devmoviit commented 8 years ago

Any progress on this? Can you share your solution please?

Having the same problem (or similar...)