Closed apoutney closed 8 years ago
So IdSvr is now running in ASP.NET Core? Then it's probably this: https://github.com/IdentityServer/IdentityServer3/issues/3059. Try the nightly build from myget and see if it's fixed.
No, the IdSvr is still running in .NET Framework 4.61 its my application that is trying to authenticate against it that has been upgraded from ASP.NET Core RC1 to the full version 1.0
So if the only thing that has changed is that the client is ported from MVC 5 to ASP.NET Core MVC then that makes me wonder if it's a problem in the client and not in IdSvr... But the logs do look odd because the same code that's issued seems to be the same code that's sent to the token endpoint.
Yes, I don't think the issue is in IdSvr itself, the client authenticates fine, its when i try to authorize a user that I get this issue. I've replicated this in a clean ASP.NET Core MVC application, the only thing I've added to the template is the OpenIdConnect authentication. So i believe the problem is here somewhere, I've just exhausted my knowledge trying to figure out whats causing it.
Ive gone back over some old log files and i cant see anywhere where the second token request gets started that parses the post body for the secret
Ok a bit more information. As you'll see from the code I posted, I'm handlingOnAuthorizationCodeReceived of the OpenIdConnectOptions Events to add in all all the additional claims required as per Dominicks blog post here https://leastprivilege.com/2014/10/10/openid-connect-hybrid-flow-and-identityserver-v3/
This sends the first token request seen in the log to get the access token and refresh token to add to the claims
After the event has been handled something in OpendIdConnect sends a second token request, and its this that fails. I'm not sure but i dont recall it ever doing this in earlier versions of the .NET framework
If I don't handle this event then only the the token request from OpenIdConnect gets sent which gets validated and authorizes the user successfully but now I don't have all the claims information.
Can anyone point me to an implementation of this event handler that is ASP.NET Core compatible?
In the new OIDC MW in Core, it does all of the calls to the token endpoint for you. So if you're doing it manually, you can remove that code.
Ah ok, but does this also add the id_token, access_token and refresh_token to the claims because if i don't hand the event then I don't see them. Or do i not actually need to do this?
I did find out that adding the following line to the handler also works arg.HandleResponse();
I'm assuming that the oidc middleware doesn't know the event is being handled and adding this line lets it know so that it then doesn't do its own calls to the token endpoint. Although I'm not sure if this is the best thing to do as i don't know what else this is overriding in oidc
yes. When you set SaveTokens=true
I have an IdentityServer3 implementation running in .NET Framework 4.6.1 MVC application. This was being used to authenticate an ASP.NET Core RC1 MVC application and was working perfectly. We have recently upgraded our application to ASP.NET Core 1.0 and is now targeting the netcoreapp1.0 framework. Since then authorization has failed to validate the authorization code and giving an invalid_grant error. See the log information below.
It appears the the first token request is validating the authorization code successfully but then for some reason a second token request is initiated that parses a post body secret and fails to validate the authorization code.
Can anybody point me in the right direction to solve this issue. I have managed to replicate this in a brand new ASP.NET Core 1.0 MVC application that targets net461. The code for for which is below. Any help will be great-fully received.
Log File