search

IdentityServer / IdentityServer4

OpenID Connect and OAuth 2.0 Framework for ASP.NET Core
https://identityserver.io
Apache License 2.0
9.23k stars 4.02k forks source link

AuthorizationCode, ClientCredentials, implict type all shows "Unknown client or client not enabled". #5444

Closed deadislove closed 2 years ago

deadislove commented 2 years ago

I design two project. One project is the identityserver4 project. Other project is Web API project(.NET5) with swagger UI authentication mechanism. I set the client class's AllowedGrantTypes is GrantTypes.Code. When I click the swagger UI authentication, then push the Authorize button which should redirect to the login page, but it doesn't work. The identityserver4 project shows "Unknown client or client not enabled."

Could tell me where is wrong?

I have try other methods.(Implicit, ClientCredentials, Hybrid, and AuthorizationCode ) This error message still exist.

My environment: VS: VS2019 .Net Framework: .Net 5 OS: Win 10

image

URL: 

https://localhost:44328/connect/authorize?response_type=code&client_id=Dev-User&redirect_uri=http://localhost:55836/swagger/oauth2-redirect.html&scope=DevApi UatApi&state=U3VuIEFwciAwMyAyMDIyIDE0OjE5OjI1IEdNVCswODAwIChUYWlwZWkgU3RhbmRhcmQgVGltZSk=&code_challenge=ZzNQFEH7pCz1ZPFabFyS0mnH2L2rXWtJw4wGa2cSFlc&code_challenge_method=S256

VS output messages

IdentityServer4.Hosting.IdentityServerMiddleware: Information: Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeEndpoint for /connect/authorize
IdentityServer4.Stores.ValidatingClientStore: Error: Invalid client configuration for client Dev-User: No redirect URI configured.
IdentityServer4.Validation.AuthorizeRequestValidator: Error: Unknown client or not enabled: Dev-User
{
  "SubjectId": "anonymous",
  "RequestedScopes": "",
  "PromptMode": "",
  "Raw": {
    "response_type": "code",
    "client_id": "Dev-User",
    "redirect_uri": "http://localhost:55836/swagger/oauth2-redirect.html",
    "scope": "DevApi UatApi",
    "state": "U3VuIEFwciAwMyAyMDIyIDE0OjE5OjI1IEdNVCswODAwIChUYWlwZWkgU3RhbmRhcmQgVGltZSk=",
    "code_challenge": "ZzNQFEH7pCz1ZPFabFyS0mnH2L2rXWtJw4wGa2cSFlc",
    "code_challenge_method": "S256"
  }
}
IdentityServer4.Endpoints.AuthorizeEndpoint: Error: Request validation failed
IdentityServer4.Endpoints.AuthorizeEndpoint: Information: {
  "SubjectId": "anonymous",
  "RequestedScopes": "",
  "PromptMode": "",
  "Raw": {
    "response_type": "code",
    "client_id": "Dev-User",
    "redirect_uri": "http://localhost:55836/swagger/oauth2-redirect.html",
    "scope": "DevApi UatApi",
    "state": "U3VuIEFwciAwMyAyMDIyIDE0OjE5OjI1IEdNVCswODAwIChUYWlwZWkgU3RhbmRhcmQgVGltZSk=",
    "code_challenge": "ZzNQFEH7pCz1ZPFabFyS0mnH2L2rXWtJw4wGa2cSFlc",
    "code_challenge_method": "S256"
  }
}

Client class

new client
{
    ClientId = "Dev-User",
    AllowedGrantTypes = GrantTypes.Code,

    AllowedScopes = { 
        "DevApi", 
        "UatApi",
        IdentityServerConstants.StandardScopes.OpenId,
        IdentityServerConstants.StandardScopes.Profile,
    },
    AllowedCorsOrigins = { "https://localhost:44328" },    

    ClientSecrets = { new Secret("dev_Secret".Sha256())},
    Claims = new List<ClientClaim>
    {
        new ClientClaim(JwtClaimTypes.Role, "admin"),
        new ClientClaim(JwtClaimTypes.Role, "user")
    },
    ClientClaimsPrefix = string.Empty
}

IdentityServer4 project - startup class

services.AddIdentityServer()
.AddInMemoryIdentityResources(Resources.IdentityResources)
.AddInMemoryClients(Clients.GetClients())
.AddInMemoryApiResources(Resources.GetApiResources())
.AddInMemoryApiScopes(Resources.GetApiScopes())
// Create temp encripty key for developer stage.(tempkey.jwk)
.AddDeveloperSigningCredential()
// Add the test user info.
.AddTestUsers(Clients.TestUsers);

Web API project - startup class

services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
.AddJwtBearer(IdentityServerAuthenticationDefaults.AuthenticationScheme, options =>
{
    options.Authority = $"https://{Configuration["Auth0:Domain"]}";
    options.RequireHttpsMetadata = false;
    options.TokenValidationParameters = new TokenValidationParameters()
    {
        ValidateAudience = false
    };
});

            services.AddControllers();
            services.AddSwaggerGen(c =>
            {
c.SwaggerDoc("v1", new OpenApiInfo
{
    Title = "Microservices.Api",
    Description = "Microservices API Demo",
    Version = "v1"
});

var securitySchema = new OpenApiSecurityScheme { 
    Type = SecuritySchemeType.OAuth2,
    Flows = new OpenApiOAuthFlows { 
        AuthorizationCode = new OpenApiOAuthFlow { 
            AuthorizationUrl = new Uri($"https://{Configuration["Auth0:Domain"]}/connect/authorize", UriKind.RelativeOrAbsolute),
            TokenUrl = new Uri($"https://{Configuration["Auth0:Domain"]}/connect/token", UriKind.RelativeOrAbsolute),
            Scopes = new Dictionary<string, string> {
{ "DevApi", "Authorization - CRUD" },
{ "UatApi", "UAT Authorization - CRUD"}
            }
        }
    }
};

c.AddSecurityDefinition("oauth2", securitySchema);
c.OperationFilter<SecurityRequirementsOperationFilter>();
            });

......
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
    if (!env.IsDevelopment())
    {
app.UseDeveloperExceptionPage();
    }

    app.UseStaticFiles();
    app.UseSwagger();
    app.UseSwaggerUI(c => {
c.SwaggerEndpoint("/swagger/v1/swagger.json", "Microservices.Api v1");

// Additional OAuth settings (See https://github.com/swagger-api/swagger-ui/blob/v3.10.0/docs/usage/oauth2.md)
c.OAuthClientId("Dev-User");
c.OAuthClientSecret("dev_Secret");
c.OAuthAppName("Microservices.Api");
c.OAuthScopeSeparator(" ");

c.OAuthUsePkce();
    });

    app.UseRouting();

    app.UseAuthentication();
    app.UseAuthorization();

    app.UseEndpoints(endpoints =>
    {
endpoints.MapControllers();
    });
}
leastprivilege commented 2 years ago

Important update

This organization is not maintained anymore besides critical security bugfixes (if feasible). This organization will be archived when .NET Core 3.1 end of support is reached (3rd Dec 2022). All new development is happening in the new Duende Software organization.

The new Duende IdentityServer comes with a commercial license but is free for dev/testing/personal projects and companies or individuals making less than 1M USD gross annnual revenue. Please get in touch with us if you have any question.

stale[bot] commented 2 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Questions are community supported only and the authors/maintainers may or may not have time to reply. If you or your company would like commercial support, please see here for more information.

github-actions[bot] commented 2 years ago

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.