I'm trying authorize my mvc app against my IdentityServer, but it's returning invalid_client error.
I've read the log, and looks like the client secret is invalid, but I checked and the values match,
Here is my client startup
public class Startup
{
public void Configuration(IAppBuilder app)
{
JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies"
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
Authority = "https://localhost:44300/identity",
ClientId = "MvcClient1",
Scope = "openid profile roles",
RedirectUri = "http://localhost:12166/",
ResponseType = "code id_token",
ClientSecret = "Erk3fL5+XJTopw2dI5KVI9FK+pVHkxMPijlZx7hJrKg=",
SignInAsAuthenticationType = "Cookies",
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthorizationCodeReceived = async n =>
{
// use the code to get the access and refresh token
var tokenClient = new TokenClient(
"https://localhost:44300/identity/connect/token",
"MvcClient1",
"Erk3fL5+XJTopw2dI5KVI9FK+pVHkxMPijlZx7hJrKg=");
var tokenResponse = await tokenClient.RequestAuthorizationCodeAsync(
n.Code, n.RedirectUri);
// use the access token to retrieve claims from userinfo
var userInfoClient = new UserInfoClient(
new Uri("https://localhost:44300/identity/connect/userinfo"),
tokenResponse.AccessToken);
var userInfoResponse = await userInfoClient.GetAsync();
// create new identity
var id = new ClaimsIdentity(n.AuthenticationTicket.Identity.AuthenticationType);
id.AddClaims(userInfoResponse.GetClaimsIdentity().Claims);
id.AddClaim(new Claim("access_token", tokenResponse.AccessToken));
id.AddClaim(new Claim("expires_at", DateTime.Now.AddSeconds(tokenResponse.ExpiresIn).ToLocalTime().ToString()));
id.AddClaim(new Claim("refresh_token", tokenResponse.RefreshToken));
id.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken));
id.AddClaim(new Claim("sid", n.AuthenticationTicket.Identity.FindFirst("sid").Value));
n.AuthenticationTicket = new AuthenticationTicket(
new ClaimsIdentity(id.Claims, n.AuthenticationTicket.Identity.AuthenticationType),
n.AuthenticationTicket.Properties);
},
RedirectToIdentityProvider = n =>
{
// if signing out, add the id_token_hint
if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest)
{
var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token");
if (idTokenHint != null)
{
n.ProtocolMessage.IdTokenHint = idTokenHint.Value;
}
}
return Task.FromResult(0);
}
}
});
}
}
and here is my server startup
public class Startup
{
public void Configuration(IAppBuilder app)
{
LogProvider.SetCurrentLogProvider(new DiagnosticsTraceLogProvider());
Log.Logger = new LoggerConfiguration()
.MinimumLevel.Debug()
.WriteTo.Trace()
.CreateLogger();
string connectionString = ConfigurationManager.ConnectionStrings["cnn"].ConnectionString;
app.Map("/identity", id =>
{
id.UseIdentityServer(new IdentityServerOptions
{
SiteName = "Demo Identity Server",
IssuerUri = (string)ConfigurationManager.AppSettings["options.issuerUri"],
Factory = new IdentityServerServiceFactory().Configure(connectionString),
SigningCertificate = LoadCertificate(),
});
});
app.Map("/admin", adminApp =>
{
adminApp.UseIdentityManager(new IdentityManagerOptions()
{
Factory = new IdentityManagerServiceFactory().Configure(connectionString)
});
});
}
X509Certificate2 LoadCertificate()
{
//Test certificate sourced from https://github.com/IdentityServer/IdentityServer3.Samples/tree/master/source/Certificates
string path = string.Format(@"{0}\Server\{1}", AppDomain.CurrentDomain.BaseDirectory,
ConfigurationManager.AppSettings["signing-certificate.name"]);
return new X509Certificate2(path,
(string)ConfigurationManager.AppSettings["signing-certificate.password"]);
}
}
Question / Issue
I'm trying authorize my mvc app against my IdentityServer, but it's returning invalid_client error. I've read the log, and looks like the client secret is invalid, but I checked and the values match,
Here is my client startup
and here is my server startup
What I'm doig wrong?
Relevant parts of the log file