AGIS-Development
commented
3 months ago I found more detailed information in the event log:
FYI: In the previous post I faked the URL.
Closed AGIS-Development closed 3 months ago
AGIS-Development
commented
3 months ago I found more detailed information in the event log:
FYI: In the previous post I faked the URL.
kevinchalet
commented
3 months ago Hey @AGIS-Development,
For the grant type "authorization code" I had to change the issuer so that I could request a token.
Having to use a custom issuer is generally the sign something is not correct with your configuration: OpenIddict expects the HttpRequest details to exactly match what's really used by the HTTP client (either a browser or a headless client).
In your case, your ASP.NET Core application is likely not configured to restore the details of the original HTTP request, which is causing issues with routing and manifests as a "request not found" exception like in the network trace you provided.
You need to use ASP.NET Core's forwarded headers middleware to fix that. https://github.com/openiddict/openiddict-core/issues/2084 should put you on the right track :smiley:
All the best.
kevinchalet
commented
3 months ago Please let me know if you still need help, @AGIS-Development. I'm here for that 😃
kevinchalet
commented
3 months ago Closing, but feel free to reopen if you still need help 😃
Confirm you've already contributed to this project or that you sponsor it
Version
5.6.0
Question
Hi Kevin
Our web application is installed at a customer's site. The customer uses a proxy to change the URL of the indentity server.
Overview of the websites: Front: https://front.company.ch Backend: https://api.company.ch IAM: https://front.company.ch/iam -> https://iam-01.internal.company.ch or https://iam-02.internal.company.ch (Load balanced)
Wenn ich ein Token mit dem grant type "Client Credentials" abfrage, erhalte ich ein Token.
Access Token Url: https://front.company.ch/iam/connect/token Token: { "iss": "https://iam-01.internal.company.ch/", "exp": 1723019434, "iat": 1723015834, "scope": "access.fullAccess", "jti": "b452297f-6a79-4be2-85ac-8c3426a72ddb", "sub": "api.caching", "oi_prst": "api.caching", "client_id": "api.caching", "oi_tkn_id": "70e67cee-ef8f-49a5-bd85-fd63e146c309" }
So far so good :-)
For the grant type "authorization code" I had to change the issuer so that I could request a token.
.AddServer(options => {options.SetIssuer(appSettings.IdentityServer.AuthenticationAuthority);options.SetAuthorizationEndpointUris(new Uri(new Uri(appSettings.IdentityServer.AuthenticationAuthority), "connect/authorize")).SetLogoutEndpointUris(new Uri(new Uri(appSettings.IdentityServer.AuthenticationAuthority), "connect/logout")).SetTokenEndpointUris(new Uri(new Uri(appSettings.IdentityServer.AuthenticationAuthority), "connect/token")).SetUserinfoEndpointUris(new Uri(new Uri(appSettings.IdentityServer.AuthenticationAuthority), "connect/userinfo")).SetCryptographyEndpointUris(new Uri(new Uri(appSettings.IdentityServer.AuthenticationAuthority), ".well-known/jwks"));}appSettings.IdentityServer.AuthenticationAuthority = "https://front.company.ch/iam"
And now I can no longer request a token with client credentials -> Error: Could not complete OAuth 2.0 token request
I have tried to disable the issuer validation. But it did not work.
options.Configure(configure => { configure.TokenValidationParameters.ValidateIssuer = false; });Thank you for your support.
Kind regards Raphael