openiddict / openiddict-samples

.NET samples for OpenIddict
https://documentation.openiddict.com/
Apache License 2.0
725 stars 299 forks source link

Getting token flow working using Zirku as example #261

Closed dgxhubbard closed 11 months ago

dgxhubbard commented 1 year ago

Confirm you've already contributed to this project or that you sponsor it

Version

4.x

Question

I have been using Zirku example to get my own code working. I use a symmetric key like Zirku.Client2, but need the method of Zirku.Client1 and opening a browser to login. The Identity Provider starts, the web api starts, and my test client. Then in the IteractiveService I reach the code to start up the browser and 30 or seconds later get the exception "The remote authorization server is currently unavailable or returned an invalid configuration". When I run Zirku ChallengeInteractivelyAsync is hit and the browser opens and authorize controller in the Zirku.Server is called. I am not sure what I am doing wrong. Any help you can provide would be appreciated.

` // Ask OpenIddict to initiate the authentication flow (typically, by starting the system browser). var result = await _service.ChallengeInteractivelyAsync(new() { CancellationToken = stoppingToken });

        Console.WriteLine("System browser launched.");

`

My client InteractiveService:

` public class InteractiveService : BackgroundService { private readonly IHostApplicationLifetime _lifetime; private readonly OpenIddictClientService _service;

    public InteractiveService (
        IHostApplicationLifetime lifetime,
        OpenIddictClientService service )
    {
        _lifetime = lifetime;
        _service = service;
    }

    protected override async Task ExecuteAsync ( CancellationToken stoppingToken )
    {
        // Wait for the host to confirm that the application has started.
        var source = new TaskCompletionSource<bool> ();
        using ( _lifetime.ApplicationStarted.Register ( static state => ( ( TaskCompletionSource<bool> ) state! ).SetResult ( true ), source ) )
        {
            await source.Task;
        }

        Console.WriteLine ( "Press any key to start the authentication process." );
        await Task.Run ( Console.ReadKey ).WaitAsync ( stoppingToken );

        string accessToken = null;

        try
        {
        // Ask OpenIddict to initiate the authentication flow (typically, by starting the system browser).
        var result = await _service.ChallengeInteractivelyAsync(new()
        {
            CancellationToken = stoppingToken
        });

        Console.WriteLine("System browser launched.");

        // Wait for the user to complete the authorization process.
        var response = await _service.AuthenticateInteractivelyAsync(new()
        {
            Nonce = result.Nonce
        });

        accessToken = response.BackchannelAccessToken ?? response.FrontchannelAccessToken;

        /*
        Console.WriteLine("Response from Api1: {0}", await GetResourceFromApi1Async(
            response.BackchannelAccessToken ?? response.FrontchannelAccessToken, stoppingToken));
        Console.WriteLine("Response from Api2: {0}", await GetResourceFromApi2Async(
            response.BackchannelAccessToken ?? response.FrontchannelAccessToken, stoppingToken));
        */

        }

        catch ( OperationCanceledException )
        {
            Console.WriteLine ( "The authentication process was aborted." );
            throw;
        }

        catch ( ProtocolException exception ) when ( exception.Error is Errors.AccessDenied )
        {
            Console.WriteLine ( "The authorization was denied by the end user." );
            throw;
        }

        catch ( Exception ex )
        {
            Console.WriteLine ( "An error occurred while trying to authenticate the user." );
            throw;
        }

        // initialize web utils
        var baseUrl = WebUtils.BaseUrl;
        WebUtils.Initialize ( baseUrl, accessToken );

        // test get all
        var resGetAll = WebUtils.GetAsync ( WebUtils.GageApiUrl );

        List<GageDto> items;
        if ( resGetAll.IsSuccessStatusCode )
        {
            items = resGetAll.Content.ReadAsAsync<List<GageDto>> ().Result;
        }
        else
        {
            Console.WriteLine ( "Internal server Error" );
        }

        // test create
        var oldProp = Guid.NewGuid ().ToString ();
        var gageName = Guid.NewGuid ().ToString ();

        var itemDto = Gt.WebModel.ObjectFactory.CreateGage ( gageName );

        itemDto.Gage_SN = oldProp;

        var resNew = WebUtils.Client.PostAsJsonAsync<GageDto> ( WebUtils.GageApiUrl, itemDto ).Result;

        if ( resNew.IsSuccessStatusCode )
        {
            itemDto = ( ( GageDto ) resNew.Content.ReadFromJsonAsync<GageDto> ().Result );
        }

        // test update
        itemDto.IsNew = false;

        var newProp = Guid.NewGuid ().ToString ();
        itemDto.Gage_SN = newProp;

        var resUpdate = WebUtils.Client.PutAsJsonAsync<GageDto> ( WebUtils.GageApiUrl, itemDto ).Result;
        if ( resUpdate.IsSuccessStatusCode )
        {
        }
        else
        {
        }

        // test get
        var resGet = WebUtils.Client.GetAsync ( WebUtils.GageApiUrl + itemDto.Gage_RID ).Result;

        GageDto itemDtoGet;
        if ( resGet.IsSuccessStatusCode )
        {
            itemDtoGet = resGet.Content.ReadAsAsync<GageDto> ().Result;

            if ( itemDto.Gage_SN == itemDtoGet.Gage_SN )
            {
                Console.WriteLine ( "Update success" );
            }
            else
            {
                Console.WriteLine ( "Update FAILED" );

            }
        }
        else
        {
            Console.WriteLine ( "Internal server Error" );
        }

        // test delete
        var resDel = WebUtils.Client.DeleteAsync ( WebUtils.GageApiUrl  + itemDto.Gage_RID.ToString () ).Result;

        if ( resDel.IsSuccessStatusCode )
        {
            Console.WriteLine ( "Delete success" );
        }
        else
        {
            Console.WriteLine ( "Internal server Error" );
        }

        // make sure deleted
        resGet = WebUtils.Client.GetAsync ( WebUtils.GageApiUrl  + itemDto.Gage_RID ).Result;

        if ( resGet.StatusCode == HttpStatusCode.NotFound )
        {
            Console.WriteLine ( "Delete check success" );

        }
        else
        {
            Console.WriteLine ( "Internal server Error" );
        }

    }
}

}`

My client Program.cs:

` var host = new HostBuilder () .ConfigureLogging(options => options.AddDebug()) .ConfigureServices ( services => { services.AddDbContext ( options => { options.UseSqlite ( connectionString ); options.UseOpenIddict (); } );

                services.AddOpenIddict ()

                    // Register the OpenIddict core components.
                    .AddCore ( options =>
                    {
                        // Configure OpenIddict to use the Entity Framework Core stores and models.
                        // Note: call ReplaceDefaultEntities() to replace the default OpenIddict entities.
                        options.UseEntityFrameworkCore ()
                               .UseDbContext<AppDbContext> ();
                    } )

                    // Register the OpenIddict client components.
                    .AddClient ( options =>
                    {
                        // Note: this sample uses the authorization code flow,
                        // but you can enable the other flows if necessary.
                        options.AllowAuthorizationCodeFlow ()
                               .AllowRefreshTokenFlow ();

                        // Register the signing and encryption credentials used to protect
                        // sensitive data like the state tokens produced by OpenIddict.
                        options.AddDevelopmentEncryptionCertificate ()
                               .AddDevelopmentSigningCertificate ();

                        // Add the operating system integration.
                        options.UseSystemIntegration ()
                               .SetAllowedEmbeddedWebServerPorts ( 7000 );

                        // Register the System.Net.Http integration and use the identity of the current
                        // assembly as a more specific user agent, which can be useful when dealing with
                        // providers that use the user agent as a way to throttle requests (e.g Reddit).
                        options.UseSystemNetHttp ()
                               .SetProductInformation ( typeof ( Program ).Assembly );

                        // Add a client registration matching the client application definition in the server project.
                        options.AddRegistration ( new OpenIddictClientRegistration
                        {
                            Issuer = new Uri ( "https://localhost:7296/", UriKind.Absolute ),

                            ClientId = "core_api_client",
                            RedirectUri = new Uri ( "http://localhost:7000/", UriKind.Absolute ),

                            Scopes = { Scopes.OpenId, "gtapi" }
                        } );
                    } );

                // Register the worker responsible for creating the database used to store tokens
                // and adding the registry entries required to register the custom URI scheme.
                //
                // Note: in a real world application, this step should be part of a setup script.
                services.AddHostedService<Worker> ();

                // Register the background service responsible for handling the console interactions.
                services.AddHostedService<InteractiveService> ();
            } )
            .UseConsoleLifetime ()
            .Build ();

        await host.RunAsync ();

`

My identity provider Program.cs

` var builder = WebApplication.CreateBuilder ( args );

            builder.Services.AddDbContext<AppDbContext> ( options =>
            {
                var sqliteBuilder = new SQLiteConnectionStringBuilder ( connectionString );

                sqliteBuilder.FailIfMissing = false;
                sqliteBuilder.MaxPoolSize = 100;
                sqliteBuilder.BinaryGUID = false;
                sqliteBuilder.JournalMode = JournalMode.Off;
                sqliteBuilder.Synchronous = SynchronizationMode.Normal;
                sqliteBuilder.Pooling = true;

                sqliteBuilder.LicenseKey = Gt.Model.GtContextFactory.SqliteKey;
                connectionString = sqliteBuilder.ToString ();

                options.UseSQLite ( connectionString );

                // Register the entity sets needed by OpenIddict.
                options.UseOpenIddict ();
            } );

            var ipAddress = IPAddress.Parse ( "127.0.0.1" );

            builder.WebHost.ConfigureKestrel (
                options => 
                {
                    var port = ports.IdpPort;
                    var pfxFilePath = certificatePath;
                    var pfxPassword = certificatePassword;

                    options.Listen ( 
                        ipAddress, port, 
                        listenOptions => 
                        {
                            // Configure Kestrel to use a certificate from a local .PFX file for hosting HTTPS
                            listenOptions.UseHttps ( pfxFilePath, pfxPassword );
                        } );
                } );

            // Add services to the container
            builder.Services.AddControllersWithViews ();

            builder.Services.AddOpenIddict ()

                // Register the OpenIddict Core. components
                .AddCore ( options =>
                {
                    options.UseEntityFrameworkCore ()
                        .UseDbContext<AppDbContext> ();
                } )

                // Register the OpenIddict server components
                .AddServer ( options =>
                {
                    options
                        .SetAuthorizationEndpointUris ( "/connect/authorize" )
                        .SetTokenEndpointUris ( "/connect/token" )
                        .SetUserinfoEndpointUris ( "/connect/userinfo" );

                    options
                        .AllowAuthorizationCodeFlow ()
                        //.RequireProofKeyForCodeExchange ()
                        .AllowPasswordFlow ()
                        .AllowRefreshTokenFlow ()
                        .AllowClientCredentialsFlow ();

                    // encryption and signing of tokens
                    var securityKey =
                        new SymmetricSecurityKey ( Encoding.ASCII.GetBytes ( "TheSuperSecretKeyThatProtectsAll" ) );

                    if ( securityKey == null )
                        throw new NullReferenceException ( "FAILED to get security key" );

                    options.AddEncryptionKey ( securityKey );

                    // Register the signing credentials.
                    options.AddDevelopmentSigningCertificate ();

                    // Register the ASP.NET Core host and configure the ASP.NET Core-specific options.
                    //
                    // Note: unlike other samples, this sample doesn't use token endpoint pass-through
                    // to handle token requests in a custom MVC action. As such, the token requests
                    // will be automatically handled by OpenIddict, that will reuse the identity
                    // resolved from the authorization code to produce access and identity tokens.
                    //
                    options.UseAspNetCore ()
                           .EnableAuthorizationEndpointPassthrough ();

                    /*
                    // Register the ASP.NET Core. host and configure the ASP.NET Core.-specific options
                    options
                        .UseAspNetCore ()
                        .EnableTokenEndpointPassthrough ()
                        .EnableAuthorizationEndpointPassthrough ()
                        .EnableUserinfoEndpointPassthrough ();
                    */
                } )

            // Register the OpenIddict validation components
            .AddValidation ( options =>
            {
                // Import the configuration from the local OpenIddict server instance
                options.UseLocalServer ();

                // Register the ASP.NET Core. host
                options.UseAspNetCore ();
            } );
            builder.Services.AddAuthorization ();

            builder.Services.AddScoped<UserManager, UserManager> ();

            var baseAddress = "https://localhost" + ":" + ports.IdpPort;

            builder.Services.AddScoped ( sp =>
            {
                var client = new HttpClient ();
                client.BaseAddress = new Uri ( baseAddress );
                return client;
            } );

            builder.Services.AddRazorPages ();

            var app = builder.Build ();

            // Configure the HTTP request pipeline.
            if ( !app.Environment.IsDevelopment () )
            {
                app.UseExceptionHandler ( "/Error" );
                // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
                app.UseHsts ();
            }

            app.UseHttpsRedirection ();

            app.UseStaticFiles ();

            app.UseRouting ();

            app.UseHttpsRedirection ();
            app.UseStaticFiles ();

            // Create new application registrations matching the values configured in Zirku.Client and Zirku.Api1.
            // Note: in a real world application, this step should be part of a setup script.
            using ( var scope = app.Services.CreateAsyncScope () )
            {
                var context = scope.ServiceProvider.GetRequiredService<AppDbContext> ();
                context.Database.Migrate ();

                CreateApplicationsAsync ().GetAwaiter ().GetResult ();
                CreateScopesAsync ().GetAwaiter ().GetResult ();

                async Task CreateApplicationsAsync ()
                {
                    var manager = scope.ServiceProvider.GetRequiredService<IOpenIddictApplicationManager> ();

                    if ( await manager.FindByClientIdAsync ( "core_api_client" ) is null )
                    {
                        await manager.CreateAsync ( new OpenIddictApplicationDescriptor
                        {
                            ClientId = "core_api_client",
                            ConsentType = ConsentTypes.Implicit,

                            RedirectUris =
                            {
                                new Uri("http://localhost:7000/"),
                            },
                            Permissions =
                            {
                                Permissions.Endpoints.Authorization,
                                Permissions.Endpoints.Token,
                                Permissions.GrantTypes.AuthorizationCode,
                                Permissions.GrantTypes.RefreshToken,
                                Permissions.ResponseTypes.Code,
                                Permissions.Prefixes.Scope + "gtapi"
                            }

                            /*
                            Requirements =
                            {
                                Requirements.Features.ProofKeyForCodeExchange
                            }
                            */
                        } );
                    }

                    if ( await manager.FindByClientIdAsync ( "core_api_console" ) is null )
                    {
                        await manager.CreateAsync ( new OpenIddictApplicationDescriptor
                        {
                            ClientId = "core_api_console",
                            ClientSecret = "E2B00F84-82D2-4D43-B081-B4B88283175A",
                            DisplayName = "My client application",
                            Permissions =
                            {
                                Permissions.Endpoints.Token,
                                Permissions.GrantTypes.ClientCredentials
                            }
                        } );
                    }
                }

                async Task CreateScopesAsync ()
                {
                    var manager = scope.ServiceProvider.GetRequiredService<IOpenIddictScopeManager> ();

                    if ( await manager.FindByNameAsync ( "gtapi" ) is null )
                    {
                        await manager.CreateAsync ( new OpenIddictScopeDescriptor
                        {
                            Name = "gtapi",
                            Resources =
                            {
                                "resource_server_1"
                            }
                        } );
                    }

                }

            }

            app.UseAuthentication ();
            app.UseAuthorization ();

            app.MapRazorPages ();
            app.MapControllers ();

            app.Run ();

`

kevinchalet commented 1 year ago

Hey,

First, can you please confirm the Zirku sample itself works fine? You should get something like this:

image

Then in the IteractiveService I reach the code to start up the browser and 30 or seconds later get the exception "The remote authorization server is currently unavailable or returned an invalid configuration".

The fact it's taking a long time likely means one or more HTTP requests had to be replayed. Can you please take a look at the logs to see what's going on?

dgxhubbard commented 1 year ago

It looks like it is working to me. Here is a screen shot and debug out

image

OpenIddict.Server.OpenIddictServerDispatcher: Information: The response was successfully returned as a JSON document: {
  "issuer": "https://localhost:44319/",
  "authorization_endpoint": "https://localhost:44319/authorize",
  "token_endpoint": "https://localhost:44319/token",
  "introspection_endpoint": "https://localhost:44319/introspect",
  "jwks_uri": "https://localhost:44319/.well-known/jwks",
  "grant_types_supported": [
    "authorization_code",
    "refresh_token"
  ],
  "response_types_supported": [
    "code"
  ],
  "response_modes_supported": [
    "form_post",
    "fragment",
    "query"
  ],
  "scopes_supported": [
    "openid",
    "offline_access"
  ],
  "claims_supported": [
    "aud",
    "exp",
    "iat",
    "iss",
    "sub"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "code_challenge_methods_supported": [
    "plain",
    "S256"
  ],
  "subject_types_supported": [
    "public"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post"
  ],
  "introspection_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post"
  ],
  "claims_parameter_supported": false,
  "request_parameter_supported": false,
  "request_uri_parameter_supported": false,
  "authorization_response_iss_parameter_supported": true
}.
Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request finished HTTP/1.1 GET https://localhost:44319/.well-known/openid-configuration - - - 200 1265 application/json;charset=UTF-8 9.4595ms
System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler: Information: Received HTTP response headers after 90.0713ms - 200
System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler: Information: End processing HTTP request after 104.058ms - 200
OpenIddict.Validation.OpenIddictValidationDispatcher: Information: The configuration request was successfully sent to https://localhost:44319/.well-known/openid-configuration: {}.
'iisexpress.exe' (CoreCLR: clrhost): Loaded 'C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.13\System.IO.Compression.Brotli.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
'iisexpress.exe' (CoreCLR: clrhost): Loaded 'C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.13\System.IO.Compression.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
'iisexpress.exe' (CoreCLR: clrhost): Loaded 'C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.13\System.Net.Http.Json.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
OpenIddict.Validation.OpenIddictValidationDispatcher: Information: The configuration response returned by https://localhost:44319/.well-known/openid-configuration was successfully extracted: {
  "issuer": "https://localhost:44319/",
  "authorization_endpoint": "https://localhost:44319/authorize",
  "token_endpoint": "https://localhost:44319/token",
  "introspection_endpoint": "https://localhost:44319/introspect",
  "jwks_uri": "https://localhost:44319/.well-known/jwks",
  "grant_types_supported": [
    "authorization_code",
    "refresh_token"
  ],
  "response_types_supported": [
    "code"
  ],
  "response_modes_supported": [
    "form_post",
    "fragment",
    "query"
  ],
  "scopes_supported": [
    "openid",
    "offline_access"
  ],
  "claims_supported": [
    "aud",
    "exp",
    "iat",
    "iss",
    "sub"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "code_challenge_methods_supported": [
    "plain",
    "S256"
  ],
  "subject_types_supported": [
    "public"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post"
  ],
  "introspection_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post"
  ],
  "claims_parameter_supported": false,
  "request_parameter_supported": false,
  "request_uri_parameter_supported": false,
  "authorization_response_iss_parameter_supported": true
}.
System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler: Information: Start processing HTTP request GET https://localhost:44319/.well-known/jwks
System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler: Information: Sending HTTP request GET https://localhost:44319/.well-known/jwks
Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request starting HTTP/1.1 GET https://localhost:44319/.well-known/jwks - -
OpenIddict.Server.OpenIddictServerDispatcher: Information: The request URI matched a server endpoint: Cryptography.
OpenIddict.Server.OpenIddictServerDispatcher: Information: The cryptography request was successfully extracted: {}.
OpenIddict.Server.OpenIddictServerDispatcher: Information: The cryptography request was successfully validated.
OpenIddict.Server.OpenIddictServerDispatcher: Information: The response was successfully returned as a JSON document: {
  "keys": [
    {
      "kid": "CEADFD0BD8A98A7928FE69635CC1D7C030A06C7D",
      "use": "sig",
      "kty": "RSA",
      "alg": "RS256",
      "e": "AQAB",
      "n": "vEae8GCifgoU-wp8EelNmZCghQ9odbhijwyf9M3DNZkVQHcDIECvu0PZI-W9FhaoLix5Oz_WceH6KBdUCthntvafvJ053zoH1HwnA24ACgdJFRUax0jFQ3c_TMQRB0-Iu4rd_uiIKbCvo8A04Ks1-mZbo2is27oSUG70UO4v-n98gqgeb02xZdwxvC5vgi5rdXCZoXTFoh3Nxtm_Y-xTqtyaSS0HlYB3JgFOHgUyMqS7dySNqgA2oNTrHfaRJe0o_UoNN7To_vMqoNKrA9USu9PnSOn3OVl4-fKlRQwpH9XFvvUeKD3jxCtSIMrzl_TGY2EXZn9_uy8L_GAd5dDeWQ",
      "x5t": "zq39C9ipinko_mljXMHXwDCgbH0",
      "x5c": [
        "MIIC9TCCAd2gAwIBAgIJALHmctK6xXiAMA0GCSqGSIb3DQEBCwUAMDAxLjAsBgNVBAMTJU9wZW5JZGRpY3QgU2VydmVyIFNpZ25pbmcgQ2VydGlmaWNhdGUwHhcNMjMwMjE0MjI0MDM3WhcNMjUwMjE0MjI0MDM3WjAwMS4wLAYDVQQDEyVPcGVuSWRkaWN0IFNlcnZlciBTaWduaW5nIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEae8GCifgoU+wp8EelNmZCghQ9odbhijwyf9M3DNZkVQHcDIECvu0PZI+W9FhaoLix5Oz/WceH6KBdUCthntvafvJ053zoH1HwnA24ACgdJFRUax0jFQ3c/TMQRB0+Iu4rd/uiIKbCvo8A04Ks1+mZbo2is27oSUG70UO4v+n98gqgeb02xZdwxvC5vgi5rdXCZoXTFoh3Nxtm/Y+xTqtyaSS0HlYB3JgFOHgUyMqS7dySNqgA2oNTrHfaRJe0o/UoNN7To/vMqoNKrA9USu9PnSOn3OVl4+fKlRQwpH9XFvvUeKD3jxCtSIMrzl/TGY2EXZn9/uy8L/GAd5dDeWQIDAQABoxIwEDAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAGreBthOycZgFB8jCcZTKeU5RMV3F+GGmjweA3Po45RVmbBPCxGRGWSBvJq+cE/Cgk0SwP+wDhCmNJ7KFzuNbhyYwO7f8SBfoY4H2/FlE1lmAPKUTNYpwCt5HDoFX3pUdW0Q1POoZVw6Q0J0NG8g8S6p0LOh2AQcW0Hq12qGMNe+U1KRACO49JJywlaQkoGOJb6/cVayL7mNMLqAvK767iR49iPRQlEWd+Ed9wHop5Q4Uet+UAMJOd0zcgZqcm9ofPLzZ5MPWxe+84kXq2J5buIgiTU1VgD9Og5rMs/cUO5iMDOxwBmOBKO4P8djXkeIrexSnbHZVGNNBtGIvLRNiHQ="
      ]
    }
  ]
}.
Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request finished HTTP/1.1 GET https://localhost:44319/.well-known/jwks - - - 200 1635 application/json;charset=UTF-8 8.4656ms
System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler: Information: Received HTTP response headers after 9.4858ms - 200
System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler: Information: End processing HTTP request after 13.4404ms - 200
OpenIddict.Validation.OpenIddictValidationDispatcher: Information: The cryptography request was successfully sent to https://localhost:44319/.well-known/jwks: {}.
OpenIddict.Validation.OpenIddictValidationDispatcher: Information: The cryptography response returned by https://localhost:44319/.well-known/jwks was successfully extracted: {
  "keys": [
    {
      "kid": "CEADFD0BD8A98A7928FE69635CC1D7C030A06C7D",
      "use": "sig",
      "kty": "RSA",
      "alg": "RS256",
      "e": "AQAB",
      "n": "vEae8GCifgoU-wp8EelNmZCghQ9odbhijwyf9M3DNZkVQHcDIECvu0PZI-W9FhaoLix5Oz_WceH6KBdUCthntvafvJ053zoH1HwnA24ACgdJFRUax0jFQ3c_TMQRB0-Iu4rd_uiIKbCvo8A04Ks1-mZbo2is27oSUG70UO4v-n98gqgeb02xZdwxvC5vgi5rdXCZoXTFoh3Nxtm_Y-xTqtyaSS0HlYB3JgFOHgUyMqS7dySNqgA2oNTrHfaRJe0o_UoNN7To_vMqoNKrA9USu9PnSOn3OVl4-fKlRQwpH9XFvvUeKD3jxCtSIMrzl_TGY2EXZn9_uy8L_GAd5dDeWQ",
      "x5t": "zq39C9ipinko_mljXMHXwDCgbH0",
      "x5c": [
        "MIIC9TCCAd2gAwIBAgIJALHmctK6xXiAMA0GCSqGSIb3DQEBCwUAMDAxLjAsBgNVBAMTJU9wZW5JZGRpY3QgU2VydmVyIFNpZ25pbmcgQ2VydGlmaWNhdGUwHhcNMjMwMjE0MjI0MDM3WhcNMjUwMjE0MjI0MDM3WjAwMS4wLAYDVQQDEyVPcGVuSWRkaWN0IFNlcnZlciBTaWduaW5nIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEae8GCifgoU+wp8EelNmZCghQ9odbhijwyf9M3DNZkVQHcDIECvu0PZI+W9FhaoLix5Oz/WceH6KBdUCthntvafvJ053zoH1HwnA24ACgdJFRUax0jFQ3c/TMQRB0+Iu4rd/uiIKbCvo8A04Ks1+mZbo2is27oSUG70UO4v+n98gqgeb02xZdwxvC5vgi5rdXCZoXTFoh3Nxtm/Y+xTqtyaSS0HlYB3JgFOHgUyMqS7dySNqgA2oNTrHfaRJe0o/UoNN7To/vMqoNKrA9USu9PnSOn3OVl4+fKlRQwpH9XFvvUeKD3jxCtSIMrzl/TGY2EXZn9/uy8L/GAd5dDeWQIDAQABoxIwEDAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAGreBthOycZgFB8jCcZTKeU5RMV3F+GGmjweA3Po45RVmbBPCxGRGWSBvJq+cE/Cgk0SwP+wDhCmNJ7KFzuNbhyYwO7f8SBfoY4H2/FlE1lmAPKUTNYpwCt5HDoFX3pUdW0Q1POoZVw6Q0J0NG8g8S6p0LOh2AQcW0Hq12qGMNe+U1KRACO49JJywlaQkoGOJb6/cVayL7mNMLqAvK767iR49iPRQlEWd+Ed9wHop5Q4Uet+UAMJOd0zcgZqcm9ofPLzZ5MPWxe+84kXq2J5buIgiTU1VgD9Og5rMs/cUO5iMDOxwBmOBKO4P8djXkeIrexSnbHZVGNNBtGIvLRNiHQ="
      ]
    }
  ]
}.
'iisexpress.exe' (CoreCLR: clrhost): Loaded 'C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.13\System.Text.RegularExpressions.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
'iisexpress.exe' (CoreCLR: clrhost): Loaded 'C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.13\System.Runtime.InteropServices.RuntimeInformation.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
'iisexpress.exe' (CoreCLR: clrhost): Loaded 'C:\Github\openiddict-samples\artifacts\bin\Zirku.Api2\Debug\net7.0\Microsoft.IdentityModel.Abstractions.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
Microsoft.AspNetCore.Routing.EndpointMiddleware: Information: Executing endpoint 'HTTP: GET /api'
'iisexpress.exe' (CoreCLR: clrhost): Loaded 'C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\7.0.13\Microsoft.AspNetCore.WebUtilities.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
Microsoft.AspNetCore.Routing.EndpointMiddleware: Information: Executed endpoint 'HTTP: GET /api'
Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request finished HTTP/1.1 GET https://localhost:44379/api - - - 200 - text/plain;+charset=utf-8 472.1730ms
kevinchalet commented 1 year ago

Nice, so it only stops working when you use your own/derived sample, right?

Could you please share the logs of the client app?

dgxhubbard commented 1 year ago
System.Net.Http.HttpClient.OpenIddict.Client.SystemNetHttp:Yx96d-xtnzWQt9Af220au8YDuEpSeP-0sk2oIVjCGJw.ClientHandler: Information: Sending HTTP request GET https://localhost:7296/.well-known/openid-configuration
System.Net.Http.HttpClient.OpenIddict.Client.SystemNetHttp:Yx96d-xtnzWQt9Af220au8YDuEpSeP-0sk2oIVjCGJw.ClientHandler: Information: Sending HTTP request GET https://localhost:7296/.well-known/openid-configuration
System.Net.Http.HttpClient.OpenIddict.Client.SystemNetHttp:Yx96d-xtnzWQt9Af220au8YDuEpSeP-0sk2oIVjCGJw.ClientHandler: Information: Sending HTTP request GET https://localhost:7296/.well-known/openid-configuration
System.Net.Http.HttpClient.OpenIddict.Client.SystemNetHttp:Yx96d-xtnzWQt9Af220au8YDuEpSeP-0sk2oIVjCGJw.ClientHandler: Information: Sending HTTP request GET https://localhost:7296/.well-known/openid-configuration
'WebApiTest.exe' (CoreCLR: clrhost): Loaded 'C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.13\System.Diagnostics.StackTrace.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
'WebApiTest.exe' (CoreCLR: clrhost): Loaded 'C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.13\System.Reflection.Metadata.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
OpenIddict.Client.OpenIddictClientDispatcher: Error: A network error occured while communicating with the remote HTTP server.

System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot
   at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions)
   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](Boolean receiveFirst, Byte[] reAuthenticationData, CancellationToken cancellationToken)
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(QueueItem queueItem)
   at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.HttpConnectionWaiter`1.WaitForConnectionAsync(Boolean async, CancellationToken requestCancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at Microsoft.Extensions.Http.Logging.LoggingHttpMessageHandler.<SendAsync>g__Core|5_0(HttpRequestMessage request, CancellationToken cancellationToken)
   at Microsoft.Extensions.Http.PolicyHttpMessageHandler.SendCoreAsync(HttpRequestMessage request, Context context, CancellationToken cancellationToken)
   at Polly.Retry.AsyncRetryEngine.ImplementationAsync[TResult](Func`3 action, Context context, CancellationToken cancellationToken, ExceptionPredicates shouldRetryExceptionPredicates, ResultPredicates`1 shouldRetryResultPredicates, Func`5 onRetryAsync, Int32 permittedRetryCount, IEnumerable`1 sleepDurationsEnumerable, Func`4 sleepDurationProvider, Boolean continueOnCapturedContext)
   at Polly.AsyncPolicy`1.ExecuteAsync(Func`3 action, Context context, CancellationToken cancellationToken, Boolean continueOnCapturedContext)
   at Microsoft.Extensions.Http.PolicyHttpMessageHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at Microsoft.Extensions.Http.Logging.LoggingScopeHttpMessageHandler.<SendAsync>g__Core|5_0(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
   at OpenIddict.Client.SystemNetHttp.OpenIddictClientSystemNetHttpHandlers.SendHttpRequest`1.HandleAsync(TContext context)
'WebApiTest.exe' (CoreCLR: clrhost): Loaded 'C:\Repository\GtApi\Source\Web\Test\WebApiTest\WebApiTest\bin\Debug\Microsoft.IdentityModel.Abstractions.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
OpenIddict.Client.OpenIddictClientDispatcher: Error: An error occurred while retrieving the configuration of the remote authorization server.

System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://localhost:7296/.well-known/openid-configuration'. Will retry at '10/25/2023 5:10:18 PM +00:00'. Exception: 'OpenIddict.Abstractions.OpenIddictExceptions+ProtocolException: An error occurred while sending the configuration request.
  Error: server_error
  Error description: An error occurred while communicating with the remote HTTP server.
  Error URI: https://documentation.openiddict.com/errors/ID2136
   at OpenIddict.Client.OpenIddictClientService.<>c__DisplayClass27_0.<<GetConfigurationAsync>g__ApplyConfigurationRequestAsync|1>d.MoveNext()
--- End of stack trace from previous location ---
   at OpenIddict.Client.OpenIddictClientService.GetConfigurationAsync(OpenIddictClientRegistration registration, Uri uri, CancellationToken cancellationToken)
   at OpenIddict.Client.OpenIddictClientService.GetConfigurationAsync(OpenIddictClientRegistration registration, Uri uri, CancellationToken cancellationToken)
   at OpenIddict.Client.OpenIddictClientRetriever.Microsoft.IdentityModel.Protocols.IConfigurationRetriever<OpenIddict.Abstractions.OpenIddictConfiguration>.GetConfigurationAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)'.
 ---> OpenIddict.Abstractions.OpenIddictExceptions+ProtocolException: An error occurred while sending the configuration request.
  Error: server_error
  Error description: An error occurred while communicating with the remote HTTP server.
  Error URI: https://documentation.openiddict.com/errors/ID2136
   at OpenIddict.Client.OpenIddictClientService.<>c__DisplayClass27_0.<<GetConfigurationAsync>g__ApplyConfigurationRequestAsync|1>d.MoveNext()
--- End of stack trace from previous location ---
   at OpenIddict.Client.OpenIddictClientService.GetConfigurationAsync(OpenIddictClientRegistration registration, Uri uri, CancellationToken cancellationToken)
   at OpenIddict.Client.OpenIddictClientService.GetConfigurationAsync(OpenIddictClientRegistration registration, Uri uri, CancellationToken cancellationToken)
   at OpenIddict.Client.OpenIddictClientRetriever.Microsoft.IdentityModel.Protocols.IConfigurationRetriever<OpenIddict.Abstractions.OpenIddictConfiguration>.GetConfigurationAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
   at OpenIddict.Client.OpenIddictClientHandlers.ResolveClientRegistrationFromChallengeContext.HandleAsync(ProcessChallengeContext context)
Exception thrown: 'OpenIddict.Abstractions.OpenIddictExceptions.ProtocolException' in System.Private.CoreLib.dll
The thread 0x8758 has exited with code 0 (0x0).
The thread 0x6878 has exited with code 0 (0x0).
The thread 0x4334 has exited with code 0 (0x0).
The thread 0x6a68 has exited with code 0 (0x0).
The thread 0x4750 has exited with code 0 (0x0).
The thread 0x97bc has exited with code 0 (0x0).
The thread 0x17e8 has exited with code 0 (0x0).
The thread '.NET ThreadPool Worker' (0x19d4) has exited with code 0 (0x0).
The thread '[Thread Destroyed]' (0x847c) has exited with code 0 (0x0).
Exception thrown: 'OpenIddict.Abstractions.OpenIddictExceptions.ProtocolException' in WebApiTest.dll
The thread '[Thread Destroyed]' (0x8ce4) has exited with code 0 (0x0).
The thread 0x4c18 has exited with code 0 (0x0).
'WebApiTest.exe' (CoreCLR: clrhost): Loaded 'C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.13\System.IO.MemoryMappedFiles.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
Microsoft.Extensions.Hosting.Internal.Host: Error: BackgroundService failed

OpenIddict.Abstractions.OpenIddictExceptions+ProtocolException: An error occurred while authenticating the user.
   at OpenIddict.Client.OpenIddictClientService.ChallengeInteractivelyAsync(InteractiveChallengeRequest request)
   at OpenIddict.Client.OpenIddictClientService.ChallengeInteractivelyAsync(InteractiveChallengeRequest request)
   at WebApiTest.InteractiveService.ExecuteAsync(CancellationToken stoppingToken) in C:\Repository\GtApi\Source\Web\Test\WebApiTest\WebApiTest\InteractiveService.cs:line 54
   at Microsoft.Extensions.Hosting.Internal.Host.TryExecuteBackgroundServiceAsync(BackgroundService backgroundService)
Microsoft.Extensions.Hosting.Internal.Host: Critical: The HostOptions.BackgroundServiceExceptionBehavior is configured to StopHost. A BackgroundService has thrown an unhandled exception, and the IHost instance is stopping. To avoid this behavior, configure this to Ignore; however the BackgroundService will not be restarted.

OpenIddict.Abstractions.OpenIddictExceptions+ProtocolException: An error occurred while authenticating the user.
   at OpenIddict.Client.OpenIddictClientService.ChallengeInteractivelyAsync(InteractiveChallengeRequest request)
   at OpenIddict.Client.OpenIddictClientService.ChallengeInteractivelyAsync(InteractiveChallengeRequest request)
   at WebApiTest.InteractiveService.ExecuteAsync(CancellationToken stoppingToken) in C:\Repository\GtApi\Source\Web\Test\WebApiTest\WebApiTest\InteractiveService.cs:line 54
   at Microsoft.Extensions.Hosting.Internal.Host.TryExecuteBackgroundServiceAsync(BackgroundService backgroundService)
kevinchalet commented 1 year ago

Thanks. The logs indicate it's a TLS issue: the certificate used by your authorization server app is not trusted:

System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot

How do you host the server app? Do you use a custom certificate or the default ASP.NET Core dev certificate?

dgxhubbard commented 1 year ago

We generate a self signed cert. On the idp we use the self signed cert as shown below, but we also add the call to options.AddDevelopmentSigningCertificate. On the client we do not use the self signed cert, but use code below. Should the self signed cert be added to client?

Client

` // Register the signing and encryption credentials used to protect // sensitive data like the state tokens produced by OpenIddict. options.AddDevelopmentEncryptionCertificate () .AddDevelopmentSigningCertificate ();

`

Identity Provider

` var ipAddress = IPAddress.Parse ( "127.0.0.1" );

            builder.WebHost.ConfigureKestrel (
                options => 
                {
                    var port = ports.IdpPort;
                    var pfxFilePath = certificatePath;
                    var pfxPassword = certificatePassword;

                    options.Listen ( 
                        ipAddress, port, 
                        listenOptions => 
                        {
                            // Configure Kestrel to use a certificate from a local .PFX file for hosting HTTPS
                            listenOptions.UseHttps ( pfxFilePath, pfxPassword );
                        } );
                } );

`

Self Signed Cert

` private static X509Certificate2 CreateCertificate ( string certificateName, string password ) {

        var issuedBy = "Microsoft Enhanced RSA and AES Cryptographic Provider";

        var sanBuilder = new SubjectAlternativeNameBuilder ();

        sanBuilder.AddIpAddress ( IPAddress.Loopback );
        sanBuilder.AddIpAddress ( IPAddress.IPv6Loopback );
        sanBuilder.AddDnsName ( "localhost" );
        sanBuilder.AddDnsName ( Environment.MachineName );

        var distinguishedName = new X500DistinguishedName ( $"CN={certificateName}" );

        var issuedTo = "Blazor App Service";

        using ( RSA rsa = new RSACryptoServiceProvider ( 2048 * 2, new CspParameters ( 24, issuedBy, issuedTo ) ) )
        {

            var request = 
                new CertificateRequest ( 
                    distinguishedName, rsa, 
                    HashAlgorithmName.SHA256, 
                    RSASignaturePadding.Pkcs1 );

            request.CertificateExtensions.Add ( sanBuilder.Build () );

            request.CertificateExtensions.Add (
                new X509KeyUsageExtension ( 
                    X509KeyUsageFlags.DataEncipherment | 
                    X509KeyUsageFlags.KeyEncipherment | 
                    X509KeyUsageFlags.DigitalSignature, false ) );

            request.CertificateExtensions.Add (
               new X509EnhancedKeyUsageExtension (
                   new OidCollection { new Oid ( "1.3.6.1.5.5.7.3.1" ) }, false ) );

            var certificate = 
                request.CreateSelfSigned ( 
                    new DateTimeOffset ( 
                        DateTime.UtcNow.AddDays ( -1 ) ), 
                    new DateTimeOffset ( DateTime.UtcNow.AddDays ( 3650 ) ) );

            bool isWindows = System.Runtime.InteropServices.RuntimeInformation
                          .IsOSPlatform ( OSPlatform.Windows );

            if ( isWindows )
                certificate.FriendlyName = certificateName;

            return certificate;

            // return new X509Certificate2(certificate.Export(X509ContentType.Pfx, password), password, X509KeyStorageFlags.MachineKeySet);
        }
    }

`

kevinchalet commented 1 year ago

We generate a self signed cert. On the idp we use the self signed cert as shown below, but we also add the call to options.AddDevelopmentSigningCertificate. On the client we do not use the self signed cert, but use code below.

The error you're seeing indicates an issue with the TLS certificate used for HTTPS, not an issue with the signing/encryption certificates used by OpenIddict to protect tokens.

Should the self signed cert be added to client?

You'll need to add your custom certificate to the trusted root authorities. See https://learn.microsoft.com/en-us/skype-sdk/sdn/articles/installing-the-trusted-root-certificate for more information.

Alternatively, you can remove your custom certificate and just use the default TLS certificate generated by ASP.NET Core.

dgxhubbard commented 1 year ago

From this:

"Alternatively, you can remove your custom certificate and just use the default TLS certificate generated by ASP.NET Core."

Do you mean using dev-certs command?

dotnet dev-certs https --trust

kevinchalet commented 1 year ago

Do you mean using dev-certs command? dotnet dev-certs https --trust

Yeah 😄

dgxhubbard commented 1 year ago

I apologize but I am still having issues. I registered the self signed cert as a trusted CA. Then ran again but access is denied for the redirect uri http://localhost:7000. I am not sure why

image

Debug Output

`OpenIddict.Client.OpenIddictClientDispatcher: Information: The redirection request was successfully extracted: { "error": "access_denied", "error_description": "The authorization was denied by the end user.", "erroruri": "https://documentation.openiddict.com/errors/ID2015", "state": "otV0aAo4N39VAyC3TXVVCfma17Ci7Vjr-zHkLY7Kzg", "iss": "https://localhost:7296/" }. Microsoft.EntityFrameworkCore.Database.Command: Information: Executed DbCommand (0ms) [Parameters=[@identifier_0='?' (Size = 44)], CommandType='Text', CommandTimeout='30'] SELECT "o"."Id", "o"."ApplicationId", "o"."AuthorizationId", "o"."ConcurrencyToken", "o"."CreationDate", "o"."ExpirationDate", "o"."Payload", "o"."Properties", "o"."RedemptionDate", "o"."ReferenceId", "o"."Status", "o"."Subject", "o"."Type", "o0"."Id", "o0"."ClientId", "o0"."ClientSecret", "o0"."ConcurrencyToken", "o0"."ConsentType", "o0"."DisplayName", "o0"."DisplayNames", "o0"."Permissions", "o0"."PostLogoutRedirectUris", "o0"."Properties", "o0"."RedirectUris", "o0"."Requirements", "o0"."Type", "o1"."Id", "o1"."ApplicationId", "o1"."ConcurrencyToken", "o1"."CreationDate", "o1"."Properties", "o1"."Scopes", "o1"."Status", "o1"."Subject", "o1"."Type" FROM "OpenIddictTokens" AS "o" LEFT JOIN "OpenIddictApplications" AS "o0" ON "o"."ApplicationId" = "o0"."Id" LEFT JOIN "OpenIddictAuthorizations" AS "o1" ON "o"."AuthorizationId" = "o1"."Id" WHERE "o"."ReferenceId" = @__identifier_0 LIMIT 1 Microsoft.EntityFrameworkCore.Database.Command: Information: Executed DbCommand (0ms) [Parameters=[@identifier_0='?' (Size = 44)], CommandType='Text', CommandTimeout='30'] SELECT "o"."Id", "o"."ApplicationId", "o"."AuthorizationId", "o"."ConcurrencyToken", "o"."CreationDate", "o"."ExpirationDate", "o"."Payload", "o"."Properties", "o"."RedemptionDate", "o"."ReferenceId", "o"."Status", "o"."Subject", "o"."Type", "o0"."Id", "o0"."ClientId", "o0"."ClientSecret", "o0"."ConcurrencyToken", "o0"."ConsentType", "o0"."DisplayName", "o0"."DisplayNames", "o0"."Permissions", "o0"."PostLogoutRedirectUris", "o0"."Properties", "o0"."RedirectUris", "o0"."Requirements", "o0"."Type", "o1"."Id", "o1"."ApplicationId", "o1"."ConcurrencyToken", "o1"."CreationDate", "o1"."Properties", "o1"."Scopes", "o1"."Status", "o1"."Subject", "o1"."Type" FROM "OpenIddictTokens" AS "o" LEFT JOIN "OpenIddictApplications" AS "o0" ON "o"."ApplicationId" = "o0"."Id" LEFT JOIN "OpenIddictAuthorizations" AS "o1" ON "o"."AuthorizationId" = "o1"."Id" WHERE "o"."ReferenceId" = @__identifier_0 LIMIT 1 Microsoft.EntityFrameworkCore.Database.Command: Information: Executed DbCommand (0ms) [Parameters=[@p12='?' (Size = 36), @p0='?', @p1='?', @p2='?' (Size = 36), @p13='?' (Size = 36), @p3='?' (DbType = DateTime), @p4='?' (DbType = DateTime), @p5='?' (Size = 2259), @p6='?', @p7='?' (DbType = DateTime), @p8='?' (Size = 44), @p9='?' (Size = 8), @p10='?', @p11='?' (Size = 11)], CommandType='Text', CommandTimeout='30'] UPDATE "OpenIddictTokens" SET "ApplicationId" = @p0, "AuthorizationId" = @p1, "ConcurrencyToken" = @p2, "CreationDate" = @p3, "ExpirationDate" = @p4, "Payload" = @p5, "Properties" = @p6, "RedemptionDate" = @p7, "ReferenceId" = @p8, "Status" = @p9, "Subject" = @p10, "Type" = @p11 WHERE "Id" = @p12 AND "ConcurrencyToken" = @p13 RETURNING 1; OpenIddict.Core.OpenIddictTokenManager: Information: The token '9e5b694b-6cda-4423-9d69-2023d77686f5' was successfully marked as redeemed. OpenIddict.Client.OpenIddictClientDispatcher: Information: The authorization request was rejected by the remote authorization server: { "error": "access_denied", "error_description": "The authorization was denied by the end user.", "erroruri": "https://documentation.openiddict.com/errors/ID2015", "state": "otV0aAo4N39VAyC3TXVVCfma17Ci7Vjr-zHkLY7Kzg", "iss": "https://localhost:7296/" }. Exception thrown: 'OpenIddict.Abstractions.OpenIddictExceptions.ProtocolException' in System.Private.CoreLib.dll Exception thrown: 'OpenIddict.Abstractions.OpenIddictExceptions.ProtocolException' in WebApiTest.dll 'WebApiTest.exe' (CoreCLR: clrhost): Loaded 'C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.13\System.Net.Requests.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled. 'WebApiTest.exe' (CoreCLR: clrhost): Loaded 'C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.13\System.Diagnostics.StackTrace.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled. 'WebApiTest.exe' (CoreCLR: clrhost): Loaded 'C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.13\System.Reflection.Metadata.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled. 'WebApiTest.exe' (CoreCLR: clrhost): Loaded 'C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.13\System.IO.MemoryMappedFiles.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled. Microsoft.Extensions.Hosting.Internal.Host: Error: BackgroundService failed

OpenIddict.Abstractions.OpenIddictExceptions+ProtocolException: An error occurred while authenticating the user. at OpenIddict.Client.OpenIddictClientService.AuthenticateInteractivelyAsync(InteractiveAuthenticationRequest request) at OpenIddict.Client.OpenIddictClientService.AuthenticateInteractivelyAsync(InteractiveAuthenticationRequest request) at WebApiTest.InteractiveService.ExecuteAsync(CancellationToken stoppingToken) in C:\Repository\GtApi\Source\Web\Test\WebApiTest\WebApiTest\InteractiveService.cs:line 62 at Microsoft.Extensions.Hosting.Internal.Host.TryExecuteBackgroundServiceAsync(BackgroundService backgroundService) Microsoft.Extensions.Hosting.Internal.Host: Critical: The HostOptions.BackgroundServiceExceptionBehavior is configured to StopHost. A BackgroundService has thrown an unhandled exception, and the IHost instance is stopping. To avoid this behavior, configure this to Ignore; however the BackgroundService will not be restarted.

OpenIddict.Abstractions.OpenIddictExceptions+ProtocolException: An error occurred while authenticating the user. at OpenIddict.Client.OpenIddictClientService.AuthenticateInteractivelyAsync(InteractiveAuthenticationRequest request) at OpenIddict.Client.OpenIddictClientService.AuthenticateInteractivelyAsync(InteractiveAuthenticationRequest request) at WebApiTest.InteractiveService.ExecuteAsync(CancellationToken stoppingToken) in C:\Repository\GtApi\Source\Web\Test\WebApiTest\WebApiTest\InteractiveService.cs:line 62 at Microsoft.Extensions.Hosting.Internal.Host.TryExecuteBackgroundServiceAsync(BackgroundService backgroundService) Microsoft.Hosting.Lifetime: Information: Application is shutting down... The program '[31804] WebApiTest.exe' has exited with code 0 (0x0). `

kevinchalet commented 1 year ago

No need to apologize 😄

I apologize but I am still having issues. I registered the self signed cert as a trusted CA. Then ran again but access is denied for the redirect uri http://localhost:7000/. I am not sure why

This error is returned when the server calls return Challenge(OpenIddictServerAspNetCoreDefaults.AuthenticationScheme) or return Forbid(OpenIddictServerAspNetCoreDefaults.AuthenticationScheme): it's a way to inform the client application the user denied the authorization demand.

What does your authorization controller look like?

dgxhubbard commented 1 year ago

Here is the Authorization controller:

`using System; using System.Collections.Generic; using System.Linq; using System.Security.Claims; using System.Threading.Tasks;

using Microsoft.AspNetCore; using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Authentication.Cookies; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Http.Extensions; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Primitives; using OpenIddict.Abstractions; using OpenIddict.Client.AspNetCore; using OpenIddict.Server.AspNetCore;

using static OpenIddict.Abstractions.OpenIddictConstants;

using Microsoft.AspNetCore.Components;

using Gt.IDP.Extensions; using Microsoft.AspNetCore.Identity;

namespace Gt.IDP.Controllers { public class AuthorizationController : Controller {

region Constructors

    public AuthorizationController ( IOpenIddictApplicationManager applicationManager, IOpenIddictAuthorizationManager authorizationManager, IOpenIddictScopeManager scopeManager ) 
    {

        ApplicationManager = applicationManager;
        AuthorizationManager = authorizationManager;
        ScopeManager = scopeManager;

        UserManager = new UserManager ();
        if ( UserManager == null )
            throw new NullReferenceException ();

    }

    #endregion

    #region Properties

    [Inject]
    private UserManager UserManager
    { get; set; }

    [Inject]
    private IOpenIddictApplicationManager ApplicationManager
    { get; set; }

    [Inject]
    private IOpenIddictAuthorizationManager AuthorizationManager
    { get; set; }

    [Inject]
    private IOpenIddictScopeManager ScopeManager
    { get; set; }

    #endregion

    [HttpGet ( "~/connect/authorize" )]
    [HttpPost ( "~/connect/authorize" )]
    [IgnoreAntiforgeryToken]
    public async Task<IActionResult> Authorize ( string returnUrl = null )
    {
        //ClaimsPrincipal claimsPrincipal = null;

        try
        {

            var request = HttpContext.GetOpenIddictServerRequest () ??
                throw new InvalidOperationException ( "The OpenID Connect request cannot be retrieved." );

            // Try to retrieve the user principal
            var result = await HttpContext.AuthenticateAsync ( OpenIddictServerAspNetCoreDefaults.AuthenticationScheme );

            if ( result == null || !result.Succeeded || request.HasPrompt ( Prompts.Login ) ||
               ( request.MaxAge != null && result.Properties?.IssuedUtc != null &&
                DateTimeOffset.UtcNow - result.Properties.IssuedUtc > TimeSpan.FromSeconds ( request.MaxAge.Value ) ) )
            {
                // If the client application requested promptless authentication,
                // return an error indicating that the user is not logged in.
                if ( request.HasPrompt ( Prompts.None ) )
                {
                    return Forbid (
                        authenticationSchemes: OpenIddictServerAspNetCoreDefaults.AuthenticationScheme,
                        properties: new AuthenticationProperties ( new Dictionary<string, string>
                        {
                            [ OpenIddictServerAspNetCoreConstants.Properties.Error ] = Errors.LoginRequired,
                            [ OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription ] = "The user is not logged in."
                        } ) );
                }

                // To avoid endless login -> authorization redirects, the prompt=login flag
                // is removed from the authorization request payload before redirecting the user.
                var prompt = string.Join ( " ", request.GetPrompts ().Remove ( Prompts.Login ) );

                var parameters = Request.HasFormContentType ?
                    Request.Form.Where ( parameter => parameter.Key != Parameters.Prompt ).ToList () :
                    Request.Query.Where ( parameter => parameter.Key != Parameters.Prompt ).ToList ();

                parameters.Add ( KeyValuePair.Create ( Parameters.Prompt, new StringValues ( prompt ) ) );

                var redirectUri = Request.PathBase + Request.Path + QueryString.Create ( parameters );

                return Challenge (
                    authenticationSchemes: OpenIddictServerAspNetCoreDefaults.AuthenticationScheme,
                    properties: new AuthenticationProperties
                    {
                        RedirectUri = redirectUri
                    } );
            }

            // Retrieve the profile of the logged in user.
            var principal = result.Principal;

            // Retrieve the application details from the database.
            var application = await ApplicationManager.FindByClientIdAsync ( request.ClientId ) ??
                throw new InvalidOperationException ( "Details concerning the calling client application cannot be found." );

            // Retrieve the permanent authorizations associated with the user and the calling client application.
            var authorizations = await AuthorizationManager.FindAsync (
                subject: UserManager.GetUserId ( principal ),
                client:  await ApplicationManager.GetIdAsync ( application ),
                status:  Statuses.Valid,
                type:    AuthorizationTypes.Permanent,

                scopes: request.GetScopes () ).ToListAsync ();

            var consentType = await ApplicationManager.GetConsentTypeAsync ( application );
            switch ( consentType )
            {
                // If the consent is external (e.g when authorizations are granted by a sysadmin),
                // immediately return an error if no authorization can be found in the database.
                case ConsentTypes.External when !authorizations.Any ():
                    return Forbid (
                        authenticationSchemes: OpenIddictServerAspNetCoreDefaults.AuthenticationScheme,
                        properties: new AuthenticationProperties ( new Dictionary<string, string>
                        {
                            [ OpenIddictServerAspNetCoreConstants.Properties.Error ] = Errors.ConsentRequired,
                            [ OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription ] =
                                "The logged in user is not allowed to access this client application."
                        } ) );

                // If the consent is implicit or if an authorization was found,
                // return an authorization response without displaying the consent form.
                case ConsentTypes.Implicit:
                case ConsentTypes.External when authorizations.Any ():
                case ConsentTypes.Explicit when authorizations.Any () && !request.HasPrompt ( Prompts.Consent ):
                    // Create the claims-based identity that will be used by OpenIddict to generate tokens.
                    var claimsIdentity = new ClaimsIdentity (
                        authenticationType: OpenIddictServerAspNetCoreDefaults.AuthenticationScheme );
                    /*
                        nameType: Claims.Name,
                        roleType: Claims.Role );
                    */

                    // Add the claims that will be persisted in the tokens.
                    claimsIdentity.SetClaim ( Claims.Subject, UserManager.GetUserId ( principal ) )
                                  //.SetClaim ( Claims.Email, UserManager.GetEmail ( principal ) )
                                  .SetClaim ( Claims.Username, UserManager.GetUsername ( principal ) );
                            //.SetClaims ( Claims.Role, ( await UserManager.GetRolesAsync ( user ) ).ToImmutableArray () );

                    // Note: in this sample, the granted scopes match the requested scope
                    // but you may want to allow the user to uncheck specific scopes.
                    // For that, simply restrict the list of scopes before calling SetScopes.
                    claimsIdentity.SetScopes ( request.GetScopes () );
                    claimsIdentity.SetResources ( await ScopeManager.ListResourcesAsync ( claimsIdentity.GetScopes () ).ToListAsync () );

                    // Automatically create a permanent authorization to avoid requiring explicit consent
                    // for future authorization or token requests containing the same scopes.
                    var authorization = authorizations.LastOrDefault ();
                    authorization ??= await AuthorizationManager.CreateAsync (
                        identity: claimsIdentity,
                        subject: UserManager.GetUserId ( principal ),
                        client: await ApplicationManager.GetIdAsync ( application ),
                        type: AuthorizationTypes.Permanent,
                        scopes: claimsIdentity.GetScopes () );

                    claimsIdentity.SetAuthorizationId ( await AuthorizationManager.GetIdAsync ( authorization ) );
                    claimsIdentity.SetDestinations ( GetDestinations );

                    return SignIn ( new ClaimsPrincipal ( claimsIdentity ), OpenIddictServerAspNetCoreDefaults.AuthenticationScheme );

                    //break;

                // At this point, no authorization was found in the database and an error must be returned
                // if the client application specified prompt=none in the authorization request.
                case ConsentTypes.Explicit when request.HasPrompt ( Prompts.None ):
                case ConsentTypes.Systematic when request.HasPrompt ( Prompts.None ):
                    return Forbid (
                        authenticationSchemes: OpenIddictServerAspNetCoreDefaults.AuthenticationScheme,
                        properties: new AuthenticationProperties ( new Dictionary<string, string>
                        {
                            [ OpenIddictServerAspNetCoreConstants.Properties.Error ] = Errors.ConsentRequired,
                            [ OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription ] =
                                "Interactive user consent is required."
                        } ) );

            }

        }
        catch ( Exception ex ) 
        {
            throw;
        }

        /*

        try
        {
            // Retrieve the OpenIddict server request from the HTTP context.
            var request = HttpContext.GetOpenIddictServerRequest ();

            // Retrieve the user principal stored in the authentication cookie.
            var result = await HttpContext.AuthenticateAsync ( OpenIddictServerAspNetCoreDefaults.AuthenticationScheme );

            // If the user principal can't be extracted, redirect the user to the login page.
            if ( !result.Succeeded )
            {
                var redirectUri = Request.PathBase + Request.Path + QueryString.Create ( Request.HasFormContentType ? Request.Form.ToList () : Request.Query.ToList () );

                var res =
                Challenge (
                    authenticationSchemes: OpenIddictServerAspNetCoreDefaults.AuthenticationScheme,
                    properties: new AuthenticationProperties
                    {
                        RedirectUri = redirectUri
                    } );

                return res;
            }

            // Create a new claims principal
            var claims = new List<Claim>
            {
                // 'subject' claim which is required
                new Claim(OpenIddictConstants.Claims.Subject, result.Principal.Identity.Name),
                new Claim("some claim", "some value").SetDestinations(OpenIddictConstants.Destinations.AccessToken),
                new Claim(OpenIddictConstants.Claims.Email, "some@email").SetDestinations(OpenIddictConstants.Destinations.IdentityToken)
            };

            var claimsIdentity = new ClaimsIdentity ( claims, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme );

            claimsPrincipal = new ClaimsPrincipal ( claimsIdentity );

            // Set requested scopes (this is not done automatically)
            claimsPrincipal.SetScopes ( request.GetScopes () );

            // Signing in with the OpenIddict authentiction scheme trigger OpenIddict to issue a code (which can be exchanged for an access token)
            return SignIn ( claimsPrincipal, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme );
        }
        catch ( Exception ex ) 
        {
            var msg = ex.Message;
            throw;
        }
        */

        return Ok ();

    }

    [HttpPost ( "~/connect/token" )]
    public async Task<IActionResult> Exchange ()
    {
        var request = HttpContext.GetOpenIddictServerRequest () ??
                      throw new InvalidOperationException ( "The OpenID Connect request cannot be retrieved." );

        ClaimsPrincipal claimsPrincipal;

        if ( request.IsClientCredentialsGrantType () )
        {
            // Note: the client credentials are automatically validated by OpenIddict:
            // if client_id or client_secret are invalid, this action won't be invoked.

            var identity = new ClaimsIdentity ( OpenIddictServerAspNetCoreDefaults.AuthenticationScheme );

            // Subject (sub) is a required field, we use the client id as the subject identifier here.
            identity.AddClaim ( OpenIddictConstants.Claims.Subject, request.ClientId ?? throw new InvalidOperationException () );

            // Add some claim, don't forget to add destination otherwise it won't be added to the access token.
            //identity.AddClaim ( "some-claim", "some-value", OpenIddictConstants.Destinations.AccessToken );

            claimsPrincipal = new ClaimsPrincipal ( identity );

            claimsPrincipal.SetScopes ( request.GetScopes () );
        }

        else if ( request.IsAuthorizationCodeGrantType () )
        {
            // Retrieve the claims principal stored in the authorization code
            claimsPrincipal = ( await HttpContext.AuthenticateAsync ( OpenIddictServerAspNetCoreDefaults.AuthenticationScheme ) ).Principal;
        }

        else if ( request.IsRefreshTokenGrantType () )
        {
            // Retrieve the claims principal stored in the refresh token.
            claimsPrincipal = ( await HttpContext.AuthenticateAsync ( OpenIddictServerAspNetCoreDefaults.AuthenticationScheme ) ).Principal;
        }

        else
        {
            throw new InvalidOperationException ( "The specified grant type is not supported." );
        }

        // Returning a SignInResult will ask OpenIddict to issue the appropriate access/identity tokens.
        var result = SignIn ( claimsPrincipal, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme );

        return result;
    }

    [Authorize ( AuthenticationSchemes = OpenIddictServerAspNetCoreDefaults.AuthenticationScheme )]
    [HttpGet ( "~/connect/userinfo" )]
    public async Task<IActionResult> Userinfo ()
    {
        var id = User.GetClaim ( Claims.Subject );

        var user = UserManager.FindById ( id );
        if ( user == null )
        {
            return Challenge (
                authenticationSchemes: OpenIddictServerAspNetCoreDefaults.AuthenticationScheme,
                properties: new AuthenticationProperties ( new Dictionary<string, string>
                {
                    [ OpenIddictServerAspNetCoreConstants.Properties.Error ] = Errors.InvalidToken,
                    [ OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription ] =
                        "The specified access token is bound to an account that no longer exists."
                } ) );
        }

        var claims = new Dictionary<string, object> ( StringComparer.Ordinal )
        {
            // Note: the "sub" claim is a mandatory claim and must be included in the JSON response.
            [ Claims.Subject ] = UserManager.GetUserId ( user )
        };

        if ( User.HasScope ( Scopes.Email ) )
        {
            claims [ Claims.Email ] = UserManager.GetEmail ( user );
            claims [ Claims.EmailVerified ] = UserManager.IsEmailConfirmedAsync ( user );
        }

        /*
        if ( User.HasScope ( Scopes.Phone ) )
        {
            claims [ Claims.PhoneNumber ] = await UserManager.GetPhoneNumberAsync ( user );
            claims [ Claims.PhoneNumberVerified ] = await UserManager.IsPhoneNumberConfirmedAsync ( user );
        }

        if ( User.HasScope ( Scopes.Roles ) )
        {
            claims [ Claims.Role ] = await UserManager.GetRolesAsync ( user );
        }
        */

        // Note: the complete list of standard claims supported by the OpenID Connect specification
        // can be found here: http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims

        return Ok ( claims );
    }

    private static IEnumerable<string> GetDestinations ( Claim claim )
    {
        // Note: by default, claims are NOT automatically included in the access and identity tokens.
        // To allow OpenIddict to serialize them, you must attach them a destination, that specifies
        // whether they should be included in access tokens, in identity tokens or in both.

        switch ( claim.Type )
        {
            case Claims.Name:
                yield return Destinations.AccessToken;

                if ( claim.Subject.HasScope ( Scopes.Profile ) )
                    yield return Destinations.IdentityToken;

                yield break;

            case Claims.Email:
                yield return Destinations.AccessToken;

                if ( claim.Subject.HasScope ( Scopes.Email ) )
                    yield return Destinations.IdentityToken;

                yield break;

            case Claims.Role:
                yield return Destinations.AccessToken;

                if ( claim.Subject.HasScope ( Scopes.Roles ) )
                    yield return Destinations.IdentityToken;

                yield break;

            // Never include the security stamp in the access and identity tokens, as it's a secret value.
            case "AspNet.Identity.SecurityStamp": yield break;

            default:
                yield return Destinations.AccessToken;
                yield break;
        }
    }

}

}`

kevinchalet commented 1 year ago
return Challenge (
                    authenticationSchemes: OpenIddictServerAspNetCoreDefaults.AuthenticationScheme,
                    properties: new AuthenticationProperties
                    {
                        RedirectUri = redirectUri
                    } );

You used an incorrect scheme for this call: since you want to redirect the user to the login page, you must use an authentication scheme that points to an instance of the cookie authentication handler. Assuming you're using ASP.NET Core Identity, try using the default scheme instead:


return Challenge(new AuthenticationProperties
{
    RedirectUri = redirectUri
});
kevinchalet commented 1 year ago

Note: it's not the only problematic call. This one too is invalid and shouldn't point to OpenIddict ('cause here, you want to resolve the identity stored in the authentication cookie containing the user session):

var result = await HttpContext.AuthenticateAsync ( OpenIddictServerAspNetCoreDefaults.AuthenticationScheme );
dgxhubbard commented 1 year ago

Thank you very much that got me to make the authorize, login, authorize circle. Which I think is correct. When we use OpenIddictClientService I am getting very confused. I thought we had to use OpenIddictServerAspNetCoreDefaults.AuthenticationScheme everywhere. Now using CookieAuthenticationDefaults.AuthenticationScheme where you indicated.

I have on my api controllers this:

[Authorize(AuthenticationSchemes = OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme)]

or this:

[Authorize(AuthenticationSchemes = CookieAuthenticationDefaults.AuthenticationScheme)]

and where should I use:

OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme

Thank you for your help!

dgxhubbard commented 1 year ago

I tried both authentication schemes and authorize by itself with no success. Getting internal server error 500

kevinchalet commented 1 year ago

Thank you very much that got me to make the authorize, login, authorize circle. Which I think is correct.

It is 👍🏻

When we use OpenIddictClientService I am getting very confused. I thought we had to use OpenIddictServerAspNetCoreDefaults.AuthenticationScheme everywhere.

Whether you have to use OpenIddictServerAspNetCoreDefaults.AuthenticationScheme or a different value is completely unrelated to whether you're using OpenIddictClientService or not: it would work exactly the same way with any other OIDC client.

You must use OpenIddictServerAspNetCoreDefaults.AuthenticationScheme as soon as you want to ask the OpenIddict server stack to return something, like a a sign-in response or an error response.

I have on my api controllers this: [Authorize(AuthenticationSchemes = OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme)]

It's the right one to use to validate tokens for your own APIs.

dgxhubbard commented 1 year ago

I have [Authorize(AuthenticationSchemes = OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme)] on all my api endpoints. The token is being rejected, and I cannot figure out why.

My endpoints are set:

                    options
                        .SetAuthorizationEndpointUris ( "/connect/authorize" )
                        .SetTokenEndpointUris ( "/connect/token" )
                        .SetUserinfoEndpointUris ( "/connect/userinfo" );

I have break points in "connect/token" and "connect/userinfo" but they are never hit. The output window shows they are call and providing info, but I don't see how because the break points are not hit. All I see is api call is unauthorized

image

Output Window

OpenIddict.Client.OpenIddictClientDispatcher: Information: The redirection request was successfully extracted: { "code": "[redacted]", "state": "jTLUDosoB_EkeJUXwbte_FC3SctkGmk7ZpXYyMOyQaY", "iss": "https://localhost:7296/" }. Microsoft.EntityFrameworkCore.Database.Command: Information: Executed DbCommand (0ms) [Parameters=[@__identifier_0='?' (Size = 44)], CommandType='Text', CommandTimeout='30'] SELECT "o"."Id", "o"."ApplicationId", "o"."AuthorizationId", "o"."ConcurrencyToken", "o"."CreationDate", "o"."ExpirationDate", "o"."Payload", "o"."Properties", "o"."RedemptionDate", "o"."ReferenceId", "o"."Status", "o"."Subject", "o"."Type", "o0"."Id", "o0"."ClientId", "o0"."ClientSecret", "o0"."ConcurrencyToken", "o0"."ConsentType", "o0"."DisplayName", "o0"."DisplayNames", "o0"."Permissions", "o0"."PostLogoutRedirectUris", "o0"."Properties", "o0"."RedirectUris", "o0"."Requirements", "o0"."Type", "o1"."Id", "o1"."ApplicationId", "o1"."ConcurrencyToken", "o1"."CreationDate", "o1"."Properties", "o1"."Scopes", "o1"."Status", "o1"."Subject", "o1"."Type" FROM "OpenIddictTokens" AS "o" LEFT JOIN "OpenIddictApplications" AS "o0" ON "o"."ApplicationId" = "o0"."Id" LEFT JOIN "OpenIddictAuthorizations" AS "o1" ON "o"."AuthorizationId" = "o1"."Id" WHERE "o"."ReferenceId" = @__identifier_0 LIMIT 1 Microsoft.EntityFrameworkCore.Database.Command: Information: Executed DbCommand (0ms) [Parameters=[@__identifier_0='?' (Size = 44)], CommandType='Text', CommandTimeout='30'] SELECT "o"."Id", "o"."ApplicationId", "o"."AuthorizationId", "o"."ConcurrencyToken", "o"."CreationDate", "o"."ExpirationDate", "o"."Payload", "o"."Properties", "o"."RedemptionDate", "o"."ReferenceId", "o"."Status", "o"."Subject", "o"."Type", "o0"."Id", "o0"."ClientId", "o0"."ClientSecret", "o0"."ConcurrencyToken", "o0"."ConsentType", "o0"."DisplayName", "o0"."DisplayNames", "o0"."Permissions", "o0"."PostLogoutRedirectUris", "o0"."Properties", "o0"."RedirectUris", "o0"."Requirements", "o0"."Type", "o1"."Id", "o1"."ApplicationId", "o1"."ConcurrencyToken", "o1"."CreationDate", "o1"."Properties", "o1"."Scopes", "o1"."Status", "o1"."Subject", "o1"."Type" FROM "OpenIddictTokens" AS "o" LEFT JOIN "OpenIddictApplications" AS "o0" ON "o"."ApplicationId" = "o0"."Id" LEFT JOIN "OpenIddictAuthorizations" AS "o1" ON "o"."AuthorizationId" = "o1"."Id" WHERE "o"."ReferenceId" = @__identifier_0 LIMIT 1 Microsoft.EntityFrameworkCore.Database.Command: Information: Executed DbCommand (0ms) [Parameters=[@p12='?' (Size = 36), @p0='?', @p1='?', @p2='?' (Size = 36), @p13='?' (Size = 36), @p3='?' (DbType = DateTime), @p4='?' (DbType = DateTime), @p5='?' (Size = 2259), @p6='?', @p7='?' (DbType = DateTime), @p8='?' (Size = 44), @p9='?' (Size = 8), @p10='?', @p11='?' (Size = 11)], CommandType='Text', CommandTimeout='30'] UPDATE "OpenIddictTokens" SET "ApplicationId" = @p0, "AuthorizationId" = @p1, "ConcurrencyToken" = @p2, "CreationDate" = @p3, "ExpirationDate" = @p4, "Payload" = @p5, "Properties" = @p6, "RedemptionDate" = @p7, "ReferenceId" = @p8, "Status" = @p9, "Subject" = @p10, "Type" = @p11 WHERE "Id" = @p12 AND "ConcurrencyToken" = @p13 RETURNING 1; OpenIddict.Core.OpenIddictTokenManager: Information: The token '2bac982b-6071-4bff-a528-98ebf8e990db' was successfully marked as redeemed. System.Net.Http.HttpClient.OpenIddict.Client.SystemNetHttp:Yx96d-xtnzWQt9Af220au8YDuEpSeP-0sk2oIVjCGJw.LogicalHandler: Information: Start processing HTTP request POST https://localhost:7296/connect/token System.Net.Http.HttpClient.OpenIddict.Client.SystemNetHttp:Yx96d-xtnzWQt9Af220au8YDuEpSeP-0sk2oIVjCGJw.ClientHandler: Information: Sending HTTP request POST https://localhost:7296/connect/token System.Net.Http.HttpClient.OpenIddict.Client.SystemNetHttp:Yx96d-xtnzWQt9Af220au8YDuEpSeP-0sk2oIVjCGJw.ClientHandler: Information: Received HTTP response headers after 2188.6433ms - 200 System.Net.Http.HttpClient.OpenIddict.Client.SystemNetHttp:Yx96d-xtnzWQt9Af220au8YDuEpSeP-0sk2oIVjCGJw.LogicalHandler: Information: End processing HTTP request after 2193.837ms - 200 OpenIddict.Client.OpenIddictClientDispatcher: Information: The token request was successfully sent to https://localhost:7296/connect/token: { "grant_type": "authorization_code", "code": "[redacted]", "code_verifier": "VIc252SsQW8m8kE8NHQcjg0IPHzBcs-owPftzbZ1LAw", "redirect_uri": "http://localhost:7000/", "client_id": "core_api_client" }. OpenIddict.Client.OpenIddictClientDispatcher: Information: The token response returned by https://localhost:7296/connect/token was successfully extracted: { "access_token": "[redacted]", "token_type": "Bearer", "expires_in": 3600, "scope": "openid gtapi", "id_token": "[redacted]" }. Microsoft.EntityFrameworkCore.Database.Command: Information: Executed DbCommand (0ms) [Parameters=[@__identifier_0='?' (Size = 44)], CommandType='Text', CommandTimeout='30'] SELECT "o"."Id", "o"."ApplicationId", "o"."AuthorizationId", "o"."ConcurrencyToken", "o"."CreationDate", "o"."ExpirationDate", "o"."Payload", "o"."Properties", "o"."RedemptionDate", "o"."ReferenceId", "o"."Status", "o"."Subject", "o"."Type", "o0"."Id", "o0"."ClientId", "o0"."ClientSecret", "o0"."ConcurrencyToken", "o0"."ConsentType", "o0"."DisplayName", "o0"."DisplayNames", "o0"."Permissions", "o0"."PostLogoutRedirectUris", "o0"."Properties", "o0"."RedirectUris", "o0"."Requirements", "o0"."Type", "o1"."Id", "o1"."ApplicationId", "o1"."ConcurrencyToken", "o1"."CreationDate", "o1"."Properties", "o1"."Scopes", "o1"."Status", "o1"."Subject", "o1"."Type" FROM "OpenIddictTokens" AS "o" LEFT JOIN "OpenIddictApplications" AS "o0" ON "o"."ApplicationId" = "o0"."Id" LEFT JOIN "OpenIddictAuthorizations" AS "o1" ON "o"."AuthorizationId" = "o1"."Id" WHERE "o"."ReferenceId" = @__identifier_0 LIMIT 1 System.Net.Http.HttpClient.OpenIddict.Client.SystemNetHttp:Yx96d-xtnzWQt9Af220au8YDuEpSeP-0sk2oIVjCGJw.LogicalHandler: Information: Start processing HTTP request GET https://localhost:7296/connect/userinfo System.Net.Http.HttpClient.OpenIddict.Client.SystemNetHttp:Yx96d-xtnzWQt9Af220au8YDuEpSeP-0sk2oIVjCGJw.ClientHandler: Information: Sending HTTP request GET https://localhost:7296/connect/userinfo System.Net.Http.HttpClient.OpenIddict.Client.SystemNetHttp:Yx96d-xtnzWQt9Af220au8YDuEpSeP-0sk2oIVjCGJw.ClientHandler: Information: Received HTTP response headers after 42.2217ms - 200 System.Net.Http.HttpClient.OpenIddict.Client.SystemNetHttp:Yx96d-xtnzWQt9Af220au8YDuEpSeP-0sk2oIVjCGJw.LogicalHandler: Information: End processing HTTP request after 48.6118ms - 200 OpenIddict.Client.OpenIddictClientDispatcher: Information: The userinfo request was successfully sent to https://localhost:7296/connect/userinfo: {}. OpenIddict.Client.OpenIddictClientDispatcher: Information: The userinfo response returned by https://localhost:7296/connect/userinfo was successfully extracted: { "sub": "1", "iss": "https://localhost:7296/", "aud": "core_api_client" }. OpenIddict.Client.OpenIddictClientDispatcher: Information: The redirection request was successfully validated.

kevinchalet commented 1 year ago

I have break points in "connect/token" and "connect/userinfo" but they are never hit.

That's because you haven't enabled passthrough for the token and userinfo endpoints. In this case, OpenIddict handles the token and userinfo requests for you using its default logic. If you want to handle these requests in your own actions, uncomment the calls to EnableTokenEndpointPassthrough() and EnableUserinfoEndpointPassthrough().

As for why the API call is rejected, it's impossible to say as you didn't include the server logs. Alternatively, post the HTTP logs to see what the WWW-Authenticate response header looks like.

dgxhubbard commented 1 year ago

This is configured to use NLog, and from the log I don't see anything:

10/27/23 15:39:54 742 INFO Gt.IDP - IdpPort 7296 10/27/23 15:39:56 093 INFO Microsoft.EntityFrameworkCore.Database.Command - Executed DbCommand (18ms) [Parameters=[], CommandType='Text', CommandTimeout='30'] select count() from sqlite_master where (name IN ('OpenIddictApplications', 'OpenIddictAuthorizations', 'OpenIddictScopes', 'OpenIddictTokens')) 10/27/23 15:39:56 093 INFO Microsoft.EntityFrameworkCore.Database.Command - Executed DbCommand (0ms) [Parameters=[], CommandType='Text', CommandTimeout='30'] select count() from sqlite_master where (name IN ('OpenIddictApplications', 'OpenIddictAuthorizations', 'OpenIddictScopes', 'OpenIddictTokens')) 10/27/23 15:39:56 119 INFO Microsoft.EntityFrameworkCore.Database.Command - Executed DbCommand (1ms) [Parameters=[], CommandType='Text', CommandTimeout='30'] SELECT MigrationId, ProductVersion FROM EFMigrationsHistory ORDER BY MigrationId; 10/27/23 15:39:56 131 INFO Microsoft.EntityFrameworkCore.Migrations - No migrations were applied. The database is already up to date. 10/27/23 15:39:56 323 INFO Microsoft.EntityFrameworkCore.Database.Command - Executed DbCommand (3ms) [Parameters=[pidentifier_0='?' (Size = 15) (DbType = Object)], CommandType='Text', CommandTimeout='30'] SELECT o.Id, o.ClientId, o.ClientSecret, o.ConcurrencyToken, o.ConsentType, o.DisplayName, o.DisplayNames, o.Permissions, o.PostLogoutRedirectUris, o.Properties, o.RedirectUris, o.Requirements, o.Type FROM OpenIddictApplications AS o WHERE o.ClientId = :pidentifier_0 LIMIT 1 10/27/23 15:39:56 390 INFO Microsoft.EntityFrameworkCore.Database.Command - Executed DbCommand (0ms) [Parameters=[p__identifier_0='?' (Size = 16) (DbType = Object)], CommandType='Text', CommandTimeout='30'] SELECT o.Id, o.ClientId, o.ClientSecret, o.ConcurrencyToken, o.ConsentType, o.DisplayName, o.DisplayNames, o.Permissions, o.PostLogoutRedirectUris, o.Properties, o.RedirectUris, o.Requirements, o.Type FROM OpenIddictApplications AS o WHERE o.ClientId = :pidentifier_0 LIMIT 1 10/27/23 15:39:56 409 INFO Microsoft.EntityFrameworkCore.Database.Command - Executed DbCommand (0ms) [Parameters=[pname_0='?' (Size = 5) (DbType = Object)], CommandType='Text', CommandTimeout='30'] SELECT o.Id, o.ConcurrencyToken, o.Description, o.Descriptions, o.DisplayName, o.DisplayNames, o.Name, o.Properties, o.Resources FROM OpenIddictScopes AS o WHERE o.Name = :p__name_0 LIMIT 1 10/27/23 15:39:56 468 INFO Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager - User profile is available. Using 'C:\Users\dhubb\AppData\Local\ASP.NET\DataProtection-Keys' as key repository and Windows DPAPI to encrypt keys at rest. 10/27/23 15:39:56 577 WARN Microsoft.AspNetCore.Server.Kestrel - Overriding address(es) 'https://localhost:7296'. Binding to endpoints defined via IConfiguration and/or UseKestrel() instead. 10/27/23 15:39:56 611 INFO Microsoft.Hosting.Lifetime - Now listening on: https://127.0.0.1:7296 10/27/23 15:39:56 611 INFO Microsoft.Hosting.Lifetime - Application started. Press Ctrl+C to shut down. 10/27/23 15:39:56 622 INFO Microsoft.Hosting.Lifetime - Hosting environment: Development 10/27/23 15:39:56 622 INFO Microsoft.Hosting.Lifetime - Content root path: C:\Repository\GtApi\bin\Debug 10/27/23 15:39:59 047 INFO Microsoft.AspNetCore.Hosting.Diagnostics - Request starting HTTP/1.1 GET https://localhost:7296/.well-known/openid-configuration - - 10/27/23 15:39:59 151 INFO OpenIddict.Server.OpenIddictServerDispatcher - The request URI matched a server endpoint: Configuration. 10/27/23 15:39:59 162 INFO OpenIddict.Server.OpenIddictServerDispatcher - The configuration request was successfully extracted: {}. 10/27/23 15:39:59 162 INFO OpenIddict.Server.OpenIddictServerDispatcher - The configuration request was successfully validated. 10/27/23 15:39:59 176 INFO OpenIddict.Server.OpenIddictServerDispatcher - The response was successfully returned as a JSON document: { "issuer": "https://localhost:7296/", "authorization_endpoint": "https://localhost:7296/connect/authorize", "token_endpoint": "https://localhost:7296/connect/token", "userinfo_endpoint": "https://localhost:7296/connect/userinfo", "jwks_uri": "https://localhost:7296/.well-known/jwks", "grant_types_supported": [ "authorization_code", "password", "refresh_token", "client_credentials" ], "response_types_supported": [ "code" ], "response_modes_supported": [ "form_post", "fragment", "query" ], "scopes_supported": [ "openid", "offline_access" ], "claims_supported": [ "aud", "exp", "iat", "iss", "sub" ], "id_token_signing_alg_values_supported": [ "RS256" ], "code_challenge_methods_supported": [ "plain", "S256" ], "subject_types_supported": [ "public" ], "token_endpoint_auth_methods_supported": [ "client_secret_basic", "client_secret_post" ], "claims_parameter_supported": false, "request_parameter_supported": false, "request_uri_parameter_supported": false, "authorization_response_iss_parameter_supported": true }. 10/27/23 15:39:59 176 INFO Microsoft.AspNetCore.Hosting.Diagnostics - Request finished HTTP/1.1 GET https://localhost:7296/.well-known/openid-configuration - - - 200 1207 application/json;charset=UTF-8 135.2442ms 10/27/23 15:39:59 250 INFO Microsoft.AspNetCore.Hosting.Diagnostics - Request starting HTTP/1.1 GET https://localhost:7296/.well-known/jwks - - 10/27/23 15:39:59 250 INFO OpenIddict.Server.OpenIddictServerDispatcher - The request URI matched a server endpoint: Cryptography. 10/27/23 15:39:59 250 INFO OpenIddict.Server.OpenIddictServerDispatcher - The cryptography request was successfully extracted: {}. 10/27/23 15:39:59 250 INFO OpenIddict.Server.OpenIddictServerDispatcher - The cryptography request was successfully validated. 10/27/23 15:39:59 250 INFO OpenIddict.Server.OpenIddictServerDispatcher - The response was successfully returned as a JSON document: { "keys": [ { "kid": "CEADFD0BD8A98A7928FE69635CC1D7C030A06C7D", "use": "sig", "kty": "RSA", "alg": "RS256", "e": "AQAB", "n": "vEae8GCifgoU-wp8EelNmZCghQ9odbhijwyf9M3DNZkVQHcDIECvu0PZI-W9FhaoLix5Oz_WceH6KBdUCthntvafvJ053zoH1HwnA24ACgdJFRUax0jFQ3c_TMQRB0-Iu4rd_uiIKbCvo8A04Ks1-mZbo2is27oSUG70UO4v-n98gqgeb02xZdwxvC5vgi5rdXCZoXTFoh3Nxtm_Y-xTqtyaSS0HlYB3JgFOHgUyMqS7dySNqgA2oNTrHfaRJe0o_UoNN7To_vMqoNKrA9USu9PnSOn3OVl4-fKlRQwpH9XFvvUeKD3jxCtSIMrzl_TGY2EXZn9_uy8L_GAd5dDeWQ", "x5t": "zq39C9ipinko_mljXMHXwDCgbH0", "x5c": [ "MIIC9TCCAd2gAwIBAgIJALHmctK6xXiAMA0GCSqGSIb3DQEBCwUAMDAxLjAsBgNVBAMTJU9wZW5JZGRpY3QgU2VydmVyIFNpZ25pbmcgQ2VydGlmaWNhdGUwHhcNMjMwMjE0MjI0MDM3WhcNMjUwMjE0MjI0MDM3WjAwMS4wLAYDVQQDEyVPcGVuSWRkaWN0IFNlcnZlciBTaWduaW5nIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEae8GCifgoU+wp8EelNmZCghQ9odbhijwyf9M3DNZkVQHcDIECvu0PZI+W9FhaoLix5Oz/WceH6KBdUCthntvafvJ053zoH1HwnA24ACgdJFRUax0jFQ3c/TMQRB0+Iu4rd/uiIKbCvo8A04Ks1+mZbo2is27oSUG70UO4v+n98gqgeb02xZdwxvC5vgi5rdXCZoXTFoh3Nxtm/Y+xTqtyaSS0HlYB3JgFOHgUyMqS7dySNqgA2oNTrHfaRJe0o/UoNN7To/vMqoNKrA9USu9PnSOn3OVl4+fKlRQwpH9XFvvUeKD3jxCtSIMrzl/TGY2EXZn9/uy8L/GAd5dDeWQIDAQABoxIwEDAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAGreBthOycZgFB8jCcZTKeU5RMV3F+GGmjweA3Po45RVmbBPCxGRGWSBvJq+cE/Cgk0SwP+wDhCmNJ7KFzuNbhyYwO7f8SBfoY4H2/FlE1lmAPKUTNYpwCt5HDoFX3pUdW0Q1POoZVw6Q0J0NG8g8S6p0LOh2AQcW0Hq12qGMNe+U1KRACO49JJywlaQkoGOJb6/cVayL7mNMLqAvK767iR49iPRQlEWd+Ed9wHop5Q4Uet+UAMJOd0zcgZqcm9ofPLzZ5MPWxe+84kXq2J5buIgiTU1VgD9Og5rMs/cUO5iMDOxwBmOBKO4P8djXkeIrexSnbHZVGNNBtGIvLRNiHQ=" ] } ] }. 10/27/23 15:39:59 263 INFO Microsoft.AspNetCore.Hosting.Diagnostics - Request finished HTTP/1.1 GET https://localhost:7296/.well-known/jwks - - - 200 1635 application/json;charset=UTF-8 13.3762ms 10/27/23 15:40:00 203 INFO Microsoft.AspNetCore.Hosting.Diagnostics - Request starting HTTP/2 GET https://localhost:7296/connect/authorize?client_id=core_api_client&redirect_uri=http%3A%2F%2Flocalhost%3A7000%2F&response_type=code&scope=openid%20gtapi&nonce=jZQEMVr4VNejPu8K9K7SrL4_7ICiTxWqvTBgAAryvrY&code_challenge=OA-00HSn8Ekfz-9Sm-QAJ9kWFXvB2mIjMqan6mmjGMw&code_challenge_method=S256&state=IGadIWG8I_pGLjNjPsfFe0VYJtLtn4R6FtCpzHarrDg - - 10/27/23 15:40:00 203 INFO OpenIddict.Server.OpenIddictServerDispatcher - The request URI matched a server endpoint: Authorization. 10/27/23 15:40:00 203 INFO OpenIddict.Server.OpenIddictServerDispatcher - The authorization request was successfully extracted: { "client_id": "core_api_client", "redirect_uri": "http://localhost:7000/", "response_type": "code", "scope": "openid gtapi", "nonce": "jZQEMVr4VNejPu8K9K7SrL4_7ICiTxWqvTBgAAryvrY", "code_challenge": "OA-00HSn8Ekfz-9Sm-QAJ9kWFXvB2mIjMqan6mmjGMw", "code_challenge_method": "S256", "state": "IGadIWG8I_pGLjNjPsfFe0VYJtLtn4R6FtCpzHarrDg" }. 10/27/23 15:40:00 234 INFO Microsoft.EntityFrameworkCore.Database.Command - Executed DbCommand (0ms) [Parameters=[pidentifier_0='?' (Size = 15) (DbType = Object)], CommandType='Text', CommandTimeout='30'] SELECT o.Id, o.ClientId, o.ClientSecret, o.ConcurrencyToken, o.ConsentType, o.DisplayName, o.DisplayNames, o.Permissions, o.PostLogoutRedirectUris, o.Properties, o.RedirectUris, o.Requirements, o.Type FROM OpenIddictApplications AS o WHERE o.ClientId = :pidentifier_0 LIMIT 1 10/27/23 15:40:00 260 INFO Microsoft.EntityFrameworkCore.Database.Command - Executed DbCommand (0ms) [Parameters=[], CommandType='Text', CommandTimeout='30'] SELECT o.Id, o.ConcurrencyToken, o.Description, o.Descriptions, o.DisplayName, o.DisplayNames, o.Name, o.Properties, o.Resources FROM OpenIddictScopes AS o WHERE o.Name = 'gtapi' 10/27/23 15:40:00 271 INFO OpenIddict.Server.OpenIddictServerDispatcher - The authorization request was successfully validated. 10/27/23 15:40:00 295 INFO Microsoft.AspNetCore.Routing.EndpointMiddleware - Executing endpoint 'Gt.IDP.Controllers.AuthorizationController.Authorize (Gt.IDP)' 10/27/23 15:40:00 295 INFO Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker - Route matched with {action = "Authorize", controller = "Authorization", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] Authorize(System.String) on controller Gt.IDP.Controllers.AuthorizationController (Gt.IDP). 10/27/23 15:40:00 355 INFO Microsoft.EntityFrameworkCore.Database.Command - Executed DbCommand (0ms) [Parameters=[p__subject_0='?' (Size = 1) (DbType = Object), pstatus_1='?' (Size = 5) (DbType = Object), ptype_2='?' (Size = 9) (DbType = Object), p__key_3='?' (Size = 36) (DbType = Object)], CommandType='Text', CommandTimeout='30'] SELECT o.Id, o.ApplicationId, o.ConcurrencyToken, o.CreationDate, o.Properties, o.Scopes, o.Status, o.Subject, o.Type, o0.Id, o0.ClientId, o0.ClientSecret, o0.ConcurrencyToken, o0.ConsentType, o0.DisplayName, o0.DisplayNames, o0.Permissions, o0.PostLogoutRedirectUris, o0.Properties, o0.RedirectUris, o0.Requirements, o0.Type FROM OpenIddictAuthorizations AS o LEFT JOIN OpenIddictApplications AS o0 ON o.ApplicationId = o0.Id INNER JOIN OpenIddictApplications AS o1 ON o0.Id = o1.Id WHERE o.Subject = :psubject_0 AND o.Status = :pstatus_1 AND o.Type = :p__type_2 AND o1.Id = :pkey_3 10/27/23 15:40:00 393 INFO Microsoft.EntityFrameworkCore.Database.Command - Executed DbCommand (0ms) [Parameters=[], CommandType='Text', CommandTimeout='30'] SELECT o.Id, o.ConcurrencyToken, o.Description, o.Descriptions, o.DisplayName, o.DisplayNames, o.Name, o.Properties, o.Resources FROM OpenIddictScopes AS o WHERE o.Name IN ('openid', 'gtapi') 10/27/23 15:40:00 393 INFO Microsoft.AspNetCore.Mvc.SignInResult - Executing SignInResult with authentication scheme (OpenIddict.Server.AspNetCore) and the following principal: System.Security.Claims.ClaimsPrincipal. 10/27/23 15:40:00 428 INFO Microsoft.EntityFrameworkCore.Database.Command - Executed DbCommand (0ms) [Parameters=[pkey_0='?' (Size = 36) (DbType = Object)], CommandType='Text', CommandTimeout='30'] SELECT o.Id, o.ClientId, o.ClientSecret, o.ConcurrencyToken, o.ConsentType, o.DisplayName, o.DisplayNames, o.Permissions, o.PostLogoutRedirectUris, o.Properties, o.RedirectUris, o.Requirements, o.Type FROM OpenIddictApplications AS o WHERE o.Id = :p__key_0 LIMIT 1 10/27/23 15:40:00 454 INFO Microsoft.EntityFrameworkCore.Database.Command - Executed DbCommand (0ms) [Parameters=[pkey_0='?' (Size = 36) (DbType = Object)], CommandType='Text', CommandTimeout='30'] SELECT o.Id, o.ApplicationId, o.ConcurrencyToken, o.CreationDate, o.Properties, o.Scopes, o.Status, o.Subject, o.Type FROM OpenIddictAuthorizations AS o WHERE o.Id = :pkey_0 LIMIT 1 10/27/23 15:40:00 576 INFO Microsoft.EntityFrameworkCore.Database.Command - Executed DbCommand (11ms) [Parameters=[p0='?' (Size = 36) (DbType = Object), p1='?' (Size = 36) (DbType = Object), p2='?' (Size = 36) (DbType = Object), p3='?' (Size = 36) (DbType = Object), p4='?' (DbType = DateTime), p5='?' (DbType = DateTime), p6='?' (DbType = Object), p7='?' (DbType = Object), p8='?' (DbType = DateTime), p9='?' (DbType = Object), p10='?' (Size = 5) (DbType = Object), p11='?' (Size = 1) (DbType = Object), p12='?' (Size = 18) (DbType = Object)], CommandType='Text', CommandTimeout='30'] INSERT INTO OpenIddictTokens (Id, ApplicationId, AuthorizationId, ConcurrencyToken, CreationDate, ExpirationDate, Payload, Properties, RedemptionDate, ReferenceId, Status, Subject, Type) VALUES (:p0, :p1, :p2, :p3, :p4, :p5, :p6, :p7, :p8, :p9, :p10, :p11, :p12); SELECT CHANGES(); 10/27/23 15:40:00 676 INFO Microsoft.EntityFrameworkCore.Database.Command - Executed DbCommand (0ms) [Parameters=[p__key_0='?' (Size = 36) (DbType = Object)], CommandType='Text', CommandTimeout='30'] SELECT o.Id, o.ClientId, o.ClientSecret, o.ConcurrencyToken, o.ConsentType, o.DisplayName, o.DisplayNames, o.Permissions, o.PostLogoutRedirectUris, o.Properties, o.RedirectUris, o.Requirements, o.Type FROM OpenIddictApplications AS o WHERE o.Id = :pkey_0 LIMIT 1 10/27/23 15:40:00 676 INFO Microsoft.EntityFrameworkCore.Database.Command - Executed DbCommand (0ms) [Parameters=[pkey_0='?' (Size = 36) (DbType = Object)], CommandType='Text', CommandTimeout='30'] SELECT o.Id, o.ApplicationId, o.ConcurrencyToken, o.CreationDate, o.Properties, o.Scopes, o.Status, o.Subject, o.Type FROM OpenIddictAuthorizations AS o WHERE o.Id = :p__key_0 LIMIT 1 10/27/23 15:40:00 690 INFO Microsoft.EntityFrameworkCore.Database.Command - Executed DbCommand (0ms) [Parameters=[pidentifier_0='?' (Size = 44) (DbType = Object)], CommandType='Text', CommandTimeout='30'] SELECT o.Id, o.ApplicationId, o.AuthorizationId, o.ConcurrencyToken, o.CreationDate, o.ExpirationDate, o.Payload, o.Properties, o.RedemptionDate, o.ReferenceId, o.Status, o.Subject, o.Type, o0.Id, o0.ClientId, o0.ClientSecret, o0.ConcurrencyToken, o0.ConsentType, o0.DisplayName, o0.DisplayNames, o0.Permissions, o0.PostLogoutRedirectUris, o0.Properties, o0.RedirectUris, o0.Requirements, o0.Type, o1.Id, o1.ApplicationId, o1.ConcurrencyToken, o1.CreationDate, o1.Properties, o1.Scopes, o1.Status, o1.Subject, o1.Type FROM OpenIddictTokens AS o LEFT JOIN OpenIddictApplications AS o0 ON o.ApplicationId = o0.Id LEFT JOIN OpenIddictAuthorizations AS o1 ON o.AuthorizationId = o1.Id WHERE o.ReferenceId = :pidentifier_0 LIMIT 1 10/27/23 15:40:00 700 INFO Microsoft.EntityFrameworkCore.Database.Command - Executed DbCommand (3ms) [Parameters=[p12='?' (Size = 36) (DbType = Object), p0='?' (Size = 36) (DbType = Object), p1='?' (Size = 36) (DbType = Object), p2='?' (Size = 36) (DbType = Object), p13='?' (Size = 36) (DbType = Object), p3='?' (DbType = DateTime), p4='?' (DbType = DateTime), p5='?' (Size = 2321) (DbType = Object), p6='?' (DbType = Object), p7='?' (DbType = DateTime), p8='?' (Size = 44) (DbType = Object), p9='?' (Size = 5) (DbType = Object), p10='?' (Size = 1) (DbType = Object), p11='?' (Size = 18) (DbType = Object)], CommandType='Text', CommandTimeout='30'] UPDATE OpenIddictTokens SET ApplicationId = :p0, AuthorizationId = :p1, ConcurrencyToken = :p2, CreationDate = :p3, ExpirationDate = :p4, Payload = :p5, Properties = :p6, RedemptionDate = :p7, ReferenceId = :p8, Status = :p9, Subject = :p10, Type = :p11 WHERE Id = :p12 AND ConcurrencyToken = :p13; SELECT CHANGES(); 10/27/23 15:40:00 700 INFO OpenIddict.Server.OpenIddictServerDispatcher - The authorization response was successfully returned to 'http://localhost:7000/' using the query response mode: { "code": "[redacted]", "state": "IGadIWG8I_pGLjNjPsfFe0VYJtLtn4R6FtCpzHarrDg", "iss": "https://localhost:7296/" }. 10/27/23 15:40:00 700 INFO Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker - Executed action Gt.IDP.Controllers.AuthorizationController.Authorize (Gt.IDP) in 408.2201ms 10/27/23 15:40:00 700 INFO Microsoft.AspNetCore.Routing.EndpointMiddleware - Executed endpoint 'Gt.IDP.Controllers.AuthorizationController.Authorize (Gt.IDP)' 10/27/23 15:40:00 720 INFO Microsoft.AspNetCore.Hosting.Diagnostics - Request finished HTTP/2 GET https://localhost:7296/connect/authorize?client_id=core_api_client&redirect_uri=http%3A%2F%2Flocalhost%3A7000%2F&response_type=code&scope=openid%20gtapi&nonce=jZQEMVr4VNejPu8K9K7SrL4_7ICiTxWqvTBgAAryvrY&code_challenge=OA-00HSn8Ekfz-9Sm-QAJ9kWFXvB2mIjMqan6mmjGMw&code_challenge_method=S256&state=IGadIWG8I_pGLjNjPsfFe0VYJtLtn4R6FtCpzHarrDg - - - 302 0 - 516.9184ms 10/27/23 15:40:00 858 INFO Microsoft.AspNetCore.Hosting.Diagnostics - Request starting HTTP/1.1 POST https://localhost:7296/connect/token application/x-www-form-urlencoded 208 10/27/23 15:40:00 858 INFO OpenIddict.Server.OpenIddictServerDispatcher - The request URI matched a server endpoint: Token. 10/27/23 15:40:00 858 INFO OpenIddict.Server.OpenIddictServerDispatcher - The token request was successfully extracted: { "grant_type": "authorization_code", "code": "[redacted]", "code_verifier": "zCXcc6UPQq4m7mGfcA6GQhHWEAs52miZ--jnK4x9RdA", "redirect_uri": "http://localhost:7000/", "client_id": "core_api_client" }. 10/27/23 15:40:00 900 INFO Microsoft.EntityFrameworkCore.Database.Command - Executed DbCommand (0ms) [Parameters=[p__identifier_0='?' (Size = 15) (DbType = Object)], CommandType='Text', CommandTimeout='30'] SELECT o.Id, o.ClientId, o.ClientSecret, o.ConcurrencyToken, o.ConsentType, o.DisplayName, o.DisplayNames, o.Permissions, o.PostLogoutRedirectUris, o.Properties, o.RedirectUris, o.Requirements, o.Type FROM OpenIddictApplications AS o WHERE o.ClientId = :pidentifier_0 LIMIT 1 10/27/23 15:40:00 914 INFO Microsoft.EntityFrameworkCore.Database.Command - Executed DbCommand (0ms) [Parameters=[pidentifier_0='?' (Size = 44) (DbType = Object)], CommandType='Text', CommandTimeout='30'] SELECT o.Id, o.ApplicationId, o.AuthorizationId, o.ConcurrencyToken, o.CreationDate, o.ExpirationDate, o.Payload, o.Properties, o.RedemptionDate, o.ReferenceId, o.Status, o.Subject, o.Type, o0.Id, o0.ClientId, o0.ClientSecret, o0.ConcurrencyToken, o0.ConsentType, o0.DisplayName, o0.DisplayNames, o0.Permissions, o0.PostLogoutRedirectUris, o0.Properties, o0.RedirectUris, o0.Requirements, o0.Type, o1.Id, o1.ApplicationId, o1.ConcurrencyToken, o1.CreationDate, o1.Properties, o1.Scopes, o1.Status, o1.Subject, o1.Type FROM OpenIddictTokens AS o LEFT JOIN OpenIddictApplications AS o0 ON o.ApplicationId = o0.Id LEFT JOIN OpenIddictAuthorizations AS o1 ON o.AuthorizationId = o1.Id WHERE o.ReferenceId = :p__identifier_0 LIMIT 1 10/27/23 15:40:00 960 INFO Microsoft.EntityFrameworkCore.Database.Command - Executed DbCommand (0ms) [Parameters=[pkey_0='?' (Size = 36) (DbType = Object)], CommandType='Text', CommandTimeout='30'] SELECT o.Id, o.ApplicationId, o.ConcurrencyToken, o.CreationDate, o.Properties, o.Scopes, o.Status, o.Subject, o.Type, o0.Id, o0.ClientId, o0.ClientSecret, o0.ConcurrencyToken, o0.ConsentType, o0.DisplayName, o0.DisplayNames, o0.Permissions, o0.PostLogoutRedirectUris, o0.Properties, o0.RedirectUris, o0.Requirements, o0.Type FROM OpenIddictAuthorizations AS o LEFT JOIN OpenIddictApplications AS o0 ON o.ApplicationId = o0.Id WHERE o.Id = :pkey_0 LIMIT 1 10/27/23 15:40:00 960 INFO OpenIddict.Server.OpenIddictServerDispatcher - The token request was successfully validated. 10/27/23 15:40:00 970 INFO Microsoft.AspNetCore.Routing.EndpointMiddleware - Executing endpoint 'Gt.IDP.Controllers.AuthorizationController.Exchange (Gt.IDP)' 10/27/23 15:40:00 970 INFO Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker - Route matched with {action = "Exchange", controller = "Authorization", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] Exchange() on controller Gt.IDP.Controllers.AuthorizationController (Gt.IDP). 10/27/23 15:40:00 970 INFO Microsoft.AspNetCore.Mvc.SignInResult - Executing SignInResult with authentication scheme (OpenIddict.Server.AspNetCore) and the following principal: System.Security.Claims.ClaimsPrincipal. 10/27/23 15:40:00 970 INFO Microsoft.EntityFrameworkCore.Database.Command - Executed DbCommand (0ms) [Parameters=[p__identifier_0='?' (Size = 44) (DbType = Object)], CommandType='Text', CommandTimeout='30'] SELECT o.Id, o.ApplicationId, o.AuthorizationId, o.ConcurrencyToken, o.CreationDate, o.ExpirationDate, o.Payload, o.Properties, o.RedemptionDate, o.ReferenceId, o.Status, o.Subject, o.Type, o0.Id, o0.ClientId, o0.ClientSecret, o0.ConcurrencyToken, o0.ConsentType, o0.DisplayName, o0.DisplayNames, o0.Permissions, o0.PostLogoutRedirectUris, o0.Properties, o0.RedirectUris, o0.Requirements, o0.Type, o1.Id, o1.ApplicationId, o1.ConcurrencyToken, o1.CreationDate, o1.Properties, o1.Scopes, o1.Status, o1.Subject, o1.Type FROM OpenIddictTokens AS o LEFT JOIN OpenIddictApplications AS o0 ON o.ApplicationId = o0.Id LEFT JOIN OpenIddictAuthorizations AS o1 ON o.AuthorizationId = o1.Id WHERE o.ReferenceId = :pidentifier_0 LIMIT 1 10/27/23 15:40:00 982 INFO Microsoft.EntityFrameworkCore.Database.Command - Executed DbCommand (3ms) [Parameters=[p12='?' (Size = 36) (DbType = Object), p0='?' (Size = 36) (DbType = Object), p1='?' (Size = 36) (DbType = Object), p2='?' (Size = 36) (DbType = Object), p13='?' (Size = 36) (DbType = Object), p3='?' (DbType = DateTime), p4='?' (DbType = DateTime), p5='?' (Size = 2321) (DbType = Object), p6='?' (DbType = Object), p7='?' (DbType = DateTime), p8='?' (Size = 44) (DbType = Object), p9='?' (Size = 8) (DbType = Object), p10='?' (Size = 1) (DbType = Object), p11='?' (Size = 18) (DbType = Object)], CommandType='Text', CommandTimeout='30'] UPDATE OpenIddictTokens SET ApplicationId = :p0, AuthorizationId = :p1, ConcurrencyToken = :p2, CreationDate = :p3, ExpirationDate = :p4, Payload = :p5, Properties = :p6, RedemptionDate = :p7, ReferenceId = :p8, Status = :p9, Subject = :p10, Type = :p11 WHERE Id = :p12 AND ConcurrencyToken = :p13; SELECT CHANGES(); 10/27/23 15:40:00 982 INFO OpenIddict.Core.OpenIddictTokenManager - The token '4c076e82-a43a-482d-9d5e-2c5355e941a1' was successfully marked as redeemed. 10/27/23 15:40:00 982 INFO Microsoft.EntityFrameworkCore.Database.Command - Executed DbCommand (0ms) [Parameters=[pkey_0='?' (Size = 36) (DbType = Object)], CommandType='Text', CommandTimeout='30'] SELECT o.Id, o.ClientId, o.ClientSecret, o.ConcurrencyToken, o.ConsentType, o.DisplayName, o.DisplayNames, o.Permissions, o.PostLogoutRedirectUris, o.Properties, o.RedirectUris, o.Requirements, o.Type FROM OpenIddictApplications AS o WHERE o.Id = :p__key_0 LIMIT 1 10/27/23 15:40:00 982 INFO Microsoft.EntityFrameworkCore.Database.Command - Executed DbCommand (0ms) [Parameters=[pkey_0='?' (Size = 36) (DbType = Object)], CommandType='Text', CommandTimeout='30'] SELECT o.Id, o.ApplicationId, o.ConcurrencyToken, o.CreationDate, o.Properties, o.Scopes, o.Status, o.Subject, o.Type FROM OpenIddictAuthorizations AS o WHERE o.Id = :pkey_0 LIMIT 1 10/27/23 15:40:00 982 INFO Microsoft.EntityFrameworkCore.Database.Command - Executed DbCommand (3ms) [Parameters=[p0='?' (Size = 36) (DbType = Object), p1='?' (Size = 36) (DbType = Object), p2='?' (Size = 36) (DbType = Object), p3='?' (Size = 36) (DbType = Object), p4='?' (DbType = DateTime), p5='?' (DbType = DateTime), p6='?' (DbType = Object), p7='?' (DbType = Object), p8='?' (DbType = DateTime), p9='?' (DbType = Object), p10='?' (Size = 5) (DbType = Object), p11='?' (Size = 1) (DbType = Object), p12='?' (Size = 12) (DbType = Object)], CommandType='Text', CommandTimeout='30'] INSERT INTO OpenIddictTokens (Id, ApplicationId, AuthorizationId, ConcurrencyToken, CreationDate, ExpirationDate, Payload, Properties, RedemptionDate, ReferenceId, Status, Subject, Type) VALUES (:p0, :p1, :p2, :p3, :p4, :p5, :p6, :p7, :p8, :p9, :p10, :p11, :p12); SELECT CHANGES(); 10/27/23 15:40:00 998 INFO Microsoft.EntityFrameworkCore.Database.Command - Executed DbCommand (0ms) [Parameters=[p__key_0='?' (Size = 36) (DbType = Object)], CommandType='Text', CommandTimeout='30'] SELECT o.Id, o.ClientId, o.ClientSecret, o.ConcurrencyToken, o.ConsentType, o.DisplayName, o.DisplayNames, o.Permissions, o.PostLogoutRedirectUris, o.Properties, o.RedirectUris, o.Requirements, o.Type FROM OpenIddictApplications AS o WHERE o.Id = :pkey_0 LIMIT 1 10/27/23 15:40:00 998 INFO Microsoft.EntityFrameworkCore.Database.Command - Executed DbCommand (0ms) [Parameters=[pkey_0='?' (Size = 36) (DbType = Object)], CommandType='Text', CommandTimeout='30'] SELECT o.Id, o.ApplicationId, o.ConcurrencyToken, o.CreationDate, o.Properties, o.Scopes, o.Status, o.Subject, o.Type FROM OpenIddictAuthorizations AS o WHERE o.Id = :pkey_0 LIMIT 1 10/27/23 15:40:00 998 INFO Microsoft.EntityFrameworkCore.Database.Command - Executed DbCommand (2ms) [Parameters=[p0='?' (Size = 36) (DbType = Object), p1='?' (Size = 36) (DbType = Object), p2='?' (Size = 36) (DbType = Object), p3='?' (Size = 36) (DbType = Object), p4='?' (DbType = DateTime), p5='?' (DbType = DateTime), p6='?' (DbType = Object), p7='?' (DbType = Object), p8='?' (DbType = DateTime), p9='?' (DbType = Object), p10='?' (Size = 5) (DbType = Object), p11='?' (Size = 1) (DbType = Object), p12='?' (Size = 8) (DbType = Object)], CommandType='Text', CommandTimeout='30'] INSERT INTO OpenIddictTokens (Id, ApplicationId, AuthorizationId, ConcurrencyToken, CreationDate, ExpirationDate, Payload, Properties, RedemptionDate, ReferenceId, Status, Subject, Type) VALUES (:p0, :p1, :p2, :p3, :p4, :p5, :p6, :p7, :p8, :p9, :p10, :p11, :p12); SELECT CHANGES(); 10/27/23 15:40:00 998 INFO OpenIddict.Server.OpenIddictServerDispatcher - The response was successfully returned as a JSON document: { "access_token": "[redacted]", "token_type": "Bearer", "expires_in": 3599, "scope": "openid gtapi", "id_token": "[redacted]" }. 10/27/23 15:40:00 998 INFO Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker - Executed action Gt.IDP.Controllers.AuthorizationController.Exchange (Gt.IDP) in 34.6736ms 10/27/23 15:40:00 998 INFO Microsoft.AspNetCore.Routing.EndpointMiddleware - Executed endpoint 'Gt.IDP.Controllers.AuthorizationController.Exchange (Gt.IDP)' 10/27/23 15:40:00 998 INFO Microsoft.AspNetCore.Hosting.Diagnostics - Request finished HTTP/1.1 POST https://localhost:7296/connect/token application/x-www-form-urlencoded 208 - 200 2883 application/json;charset=UTF-8 149.4159ms 10/27/23 15:40:01 034 INFO Microsoft.AspNetCore.Hosting.Diagnostics - Request starting HTTP/1.1 GET https://localhost:7296/connect/userinfo - - 10/27/23 15:40:01 034 INFO OpenIddict.Server.OpenIddictServerDispatcher - The request URI matched a server endpoint: Userinfo. 10/27/23 15:40:01 034 INFO OpenIddict.Server.OpenIddictServerDispatcher - The userinfo request was successfully extracted: { "access_token": "[redacted]" }. 10/27/23 15:40:01 049 INFO Microsoft.EntityFrameworkCore.Database.Command - Executed DbCommand (0ms) [Parameters=[pkey_0='?' (Size = 36) (DbType = Object)], CommandType='Text', CommandTimeout='30'] SELECT o.Id, o.ApplicationId, o.AuthorizationId, o.ConcurrencyToken, o.CreationDate, o.ExpirationDate, o.Payload, o.Properties, o.RedemptionDate, o.ReferenceId, o.Status, o.Subject, o.Type, o0.Id, o0.ClientId, o0.ClientSecret, o0.ConcurrencyToken, o0.ConsentType, o0.DisplayName, o0.DisplayNames, o0.Permissions, o0.PostLogoutRedirectUris, o0.Properties, o0.RedirectUris, o0.Requirements, o0.Type, o1.Id, o1.ApplicationId, o1.ConcurrencyToken, o1.CreationDate, o1.Properties, o1.Scopes, o1.Status, o1.Subject, o1.Type FROM OpenIddictTokens AS o LEFT JOIN OpenIddictApplications AS o0 ON o.ApplicationId = o0.Id LEFT JOIN OpenIddictAuthorizations AS o1 ON o.AuthorizationId = o1.Id WHERE o.Id = :pkey_0 LIMIT 1 10/27/23 15:40:01 049 INFO Microsoft.EntityFrameworkCore.Database.Command - Executed DbCommand (0ms) [Parameters=[p__key_0='?' (Size = 36) (DbType = Object)], CommandType='Text', CommandTimeout='30'] SELECT o.Id, o.ApplicationId, o.ConcurrencyToken, o.CreationDate, o.Properties, o.Scopes, o.Status, o.Subject, o.Type, o0.Id, o0.ClientId, o0.ClientSecret, o0.ConcurrencyToken, o0.ConsentType, o0.DisplayName, o0.DisplayNames, o0.Permissions, o0.PostLogoutRedirectUris, o0.Properties, o0.RedirectUris, o0.Requirements, o0.Type FROM OpenIddictAuthorizations AS o LEFT JOIN OpenIddictApplications AS o0 ON o.ApplicationId = o0.Id WHERE o.Id = :p__key_0 LIMIT 1 10/27/23 15:40:01 049 INFO OpenIddict.Server.OpenIddictServerDispatcher - The userinfo request was successfully validated. 10/27/23 15:40:01 049 INFO Microsoft.AspNetCore.Routing.EndpointMiddleware - Executing endpoint 'Gt.IDP.Controllers.AuthorizationController.Userinfo (Gt.IDP)' 10/27/23 15:40:01 060 INFO Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker - Route matched with {action = "Userinfo", controller = "Authorization", page = ""}. Executing controller action with signature System.Threading.Tasks.Task1[Microsoft.AspNetCore.Mvc.IActionResult] Userinfo() on controller Gt.IDP.Controllers.AuthorizationController (Gt.IDP). 10/27/23 15:40:01 060 INFO Microsoft.AspNetCore.Mvc.Infrastructure.ObjectResultExecutor - Executing OkObjectResult, writing value of type 'System.Collections.Generic.Dictionary2[[System.String, System.Private.CoreLib, Version=7.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[System.Object, System.Private.CoreLib, Version=7.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]]'. 10/27/23 15:40:01 060 INFO Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker - Executed action Gt.IDP.Controllers.AuthorizationController.Userinfo (Gt.IDP) in 6.3962ms 10/27/23 15:40:01 060 INFO Microsoft.AspNetCore.Routing.EndpointMiddleware - Executed endpoint 'Gt.IDP.Controllers.AuthorizationController.Userinfo (Gt.IDP)' 10/27/23 15:40:01 060 INFO Microsoft.AspNetCore.Hosting.Diagnostics - Request finished HTTP/1.1 GET https://localhost:7296/connect/userinfo - - - 200 - application/json;+charset=utf-8 33.6334ms 10/27/23 15:40:05 440 INFO Microsoft.AspNetCore.Hosting.Diagnostics - Request starting HTTP/1.1 GET https://localhost:7296/.well-known/openid-configuration - - 10/27/23 15:40:05 440 INFO OpenIddict.Server.OpenIddictServerDispatcher - The request URI matched a server endpoint: Configuration. 10/27/23 15:40:05 440 INFO OpenIddict.Server.OpenIddictServerDispatcher - The configuration request was successfully extracted: {}. 10/27/23 15:40:05 440 INFO OpenIddict.Server.OpenIddictServerDispatcher - The configuration request was successfully validated. 10/27/23 15:40:05 440 INFO OpenIddict.Server.OpenIddictServerDispatcher - The response was successfully returned as a JSON document: { "issuer": "https://localhost:7296/", "authorization_endpoint": "https://localhost:7296/connect/authorize", "token_endpoint": "https://localhost:7296/connect/token", "userinfo_endpoint": "https://localhost:7296/connect/userinfo", "jwks_uri": "https://localhost:7296/.well-known/jwks", "grant_types_supported": [ "authorization_code", "password", "refresh_token", "client_credentials" ], "response_types_supported": [ "code" ], "response_modes_supported": [ "form_post", "fragment", "query" ], "scopes_supported": [ "openid", "offline_access" ], "claims_supported": [ "aud", "exp", "iat", "iss", "sub" ], "id_token_signing_alg_values_supported": [ "RS256" ], "code_challenge_methods_supported": [ "plain", "S256" ], "subject_types_supported": [ "public" ], "token_endpoint_auth_methods_supported": [ "client_secret_basic", "client_secret_post" ], "claims_parameter_supported": false, "request_parameter_supported": false, "request_uri_parameter_supported": false, "authorization_response_iss_parameter_supported": true }. 10/27/23 15:40:05 440 INFO Microsoft.AspNetCore.Hosting.Diagnostics - Request finished HTTP/1.1 GET https://localhost:7296/.well-known/openid-configuration - - - 200 1207 application/json;charset=UTF-8 3.3529ms 10/27/23 15:40:05 488 INFO Microsoft.AspNetCore.Hosting.Diagnostics - Request starting HTTP/1.1 GET https://localhost:7296/.well-known/jwks - - 10/27/23 15:40:05 488 INFO OpenIddict.Server.OpenIddictServerDispatcher - The request URI matched a server endpoint: Cryptography. 10/27/23 15:40:05 488 INFO OpenIddict.Server.OpenIddictServerDispatcher - The cryptography request was successfully extracted: {}. 10/27/23 15:40:05 488 INFO OpenIddict.Server.OpenIddictServerDispatcher - The cryptography request was successfully validated. 10/27/23 15:40:05 488 INFO OpenIddict.Server.OpenIddictServerDispatcher - The response was successfully returned as a JSON document: { "keys": [ { "kid": "CEADFD0BD8A98A7928FE69635CC1D7C030A06C7D", "use": "sig", "kty": "RSA", "alg": "RS256", "e": "AQAB", "n": "vEae8GCifgoU-wp8EelNmZCghQ9odbhijwyf9M3DNZkVQHcDIECvu0PZI-W9FhaoLix5Oz_WceH6KBdUCthntvafvJ053zoH1HwnA24ACgdJFRUax0jFQ3c_TMQRB0-Iu4rd_uiIKbCvo8A04Ks1-mZbo2is27oSUG70UO4v-n98gqgeb02xZdwxvC5vgi5rdXCZoXTFoh3Nxtm_Y-xTqtyaSS0HlYB3JgFOHgUyMqS7dySNqgA2oNTrHfaRJe0o_UoNN7To_vMqoNKrA9USu9PnSOn3OVl4-fKlRQwpH9XFvvUeKD3jxCtSIMrzl_TGY2EXZn9_uy8L_GAd5dDeWQ", "x5t": "zq39C9ipinko_mljXMHXwDCgbH0", "x5c": [ "MIIC9TCCAd2gAwIBAgIJALHmctK6xXiAMA0GCSqGSIb3DQEBCwUAMDAxLjAsBgNVBAMTJU9wZW5JZGRpY3QgU2VydmVyIFNpZ25pbmcgQ2VydGlmaWNhdGUwHhcNMjMwMjE0MjI0MDM3WhcNMjUwMjE0MjI0MDM3WjAwMS4wLAYDVQQDEyVPcGVuSWRkaWN0IFNlcnZlciBTaWduaW5nIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEae8GCifgoU+wp8EelNmZCghQ9odbhijwyf9M3DNZkVQHcDIECvu0PZI+W9FhaoLix5Oz/WceH6KBdUCthntvafvJ053zoH1HwnA24ACgdJFRUax0jFQ3c/TMQRB0+Iu4rd/uiIKbCvo8A04Ks1+mZbo2is27oSUG70UO4v+n98gqgeb02xZdwxvC5vgi5rdXCZoXTFoh3Nxtm/Y+xTqtyaSS0HlYB3JgFOHgUyMqS7dySNqgA2oNTrHfaRJe0o/UoNN7To/vMqoNKrA9USu9PnSOn3OVl4+fKlRQwpH9XFvvUeKD3jxCtSIMrzl/TGY2EXZn9/uy8L/GAd5dDeWQIDAQABoxIwEDAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAGreBthOycZgFB8jCcZTKeU5RMV3F+GGmjweA3Po45RVmbBPCxGRGWSBvJq+cE/Cgk0SwP+wDhCmNJ7KFzuNbhyYwO7f8SBfoY4H2/FlE1lmAPKUTNYpwCt5HDoFX3pUdW0Q1POoZVw6Q0J0NG8g8S6p0LOh2AQcW0Hq12qGMNe+U1KRACO49JJywlaQkoGOJb6/cVayL7mNMLqAvK767iR49iPRQlEWd+Ed9wHop5Q4Uet+UAMJOd0zcgZqcm9ofPLzZ5MPWxe+84kXq2J5buIgiTU1VgD9Og5rMs/cUO5iMDOxwBmOBKO4P8djXkeIrexSnbHZVGNNBtGIvLRNiHQ=" ] } ] }. 10/27/23 15:40:05 488 INFO Microsoft.AspNetCore.Hosting.Diagnostics - Request finished HTTP/1.1 GET https://localhost:7296/.well-known/jwks - - - 200 1635 application/json;charset=UTF-8 2.9220ms

kevinchalet commented 1 year ago

I don't see any API call in these logs. Is your API in a different app?

dgxhubbard commented 1 year ago

there is the identity provider in one app, the web api in another and then the client app

dgxhubbard commented 1 year ago

wouldn't the web api show the rejection of the access token?

kevinchalet commented 1 year ago

there is the identity provider in one app, the web api in another and then the client app

Then, I need to see the logs of that "another" app 😄

I'll also need the .AddValidation(options => ...) configuration for that app.

dgxhubbard commented 1 year ago

Here is AddValidation:

                // Register the OpenIddict validation components.
                builder.Services.AddOpenIddict ()
                    .AddValidation ( options =>
                    {
                        var issuer = "https://localhost" + ":" + ports.IdpPort;

                        // Note: the validation handler uses OpenID Connect discovery
                        // to retrieve the issuer signing keys used to validate tokens.
                        options.SetIssuer ( issuer );
                        options.AddAudiences ( "resource_server_1" );

                        // Register the encryption credentials. This sample uses a symmetric
                        // encryption key that is shared between the server and the api
                        // (that performs local token validation instead of using introspection).
                        //
                        // Note: in a real world application, this encryption key should be
                        // stored in a safe place (e.g in Azure KeyVault, stored as a secret).
                        /*
                        options.AddEncryptionKey ( 
                            new SymmetricSecurityKey (
                                Encoding.ASCII.GetBytes ( "TheSuperSecretKeyThatProtectsAll" ) ) );
                        */

                        // Register the System.Net.Http integration.
                        options.UseSystemNetHttp ();

                        // Register the ASP.NET Core host.
                        options.UseAspNetCore ();
                    } );

                //builder.Services.AddAuthentication ( OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme );

                builder.Services.AddAuthorization ()
                    .AddAuthentication ( options =>
                    {
                        options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                    } )

                    .AddCookie ();
dgxhubbard commented 1 year ago

The api should write to same look trying to figure out why it isnt

dgxhubbard commented 1 year ago

This is from the console output of the web api:

10/27/23 16:20:34 787      INFO      Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager  - User profile is available. Using 'C:\Users\dhubb\AppData\Local\ASP.NET\DataProtection-Keys' as key repository and Windows DPAPI to encrypt keys at rest.
10/27/23 16:20:35 092      WARN      Microsoft.AspNetCore.Server.Kestrel  - Overriding address(es) 'https://localhost:7224'. Binding to endpoints defined via IConfiguration and/or UseKestrel() instead.
warn: Microsoft.AspNetCore.Server.Kestrel[0]
      Overriding address(es) 'https://localhost:7224'. Binding to endpoints defined via IConfiguration and/or UseKestrel() instead.
10/27/23 16:20:35 116      INFO      Microsoft.Hosting.Lifetime  - Now listening on: https://127.0.0.1:7224
info: Microsoft.Hosting.Lifetime[14]
      Now listening on: https://127.0.0.1:7224
10/27/23 16:20:35 116      INFO      Microsoft.Hosting.Lifetime  - Application started. Press Ctrl+C to shut down.
10/27/23 16:20:35 116      INFO      Microsoft.Hosting.Lifetime  - Hosting environment: Development
10/27/23 16:20:35 116      INFO      Microsoft.Hosting.Lifetime  - Content root path: C:\Repository\GtApi\bin\Debug
info: Microsoft.Hosting.Lifetime[0]
      Application started. Press Ctrl+C to shut down.
info: Microsoft.Hosting.Lifetime[0]
      Hosting environment: Development
info: Microsoft.Hosting.Lifetime[0]
      Content root path: C:\Repository\GtApi\bin\Debug
10/27/23 16:20:44 032      INFO      Microsoft.AspNetCore.Hosting.Diagnostics  - Request starting HTTP/1.1 GET https://localhost:7224/api/v1/Gage/ - -
10/27/23 16:20:44 164      INFO      System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler  - Start processing HTTP request GET https://localhost:7296/.well-known/openid-configuration
info: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler[100]
      Start processing HTTP request GET https://localhost:7296/.well-known/openid-configuration
10/27/23 16:20:44 169      INFO      System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler  - Sending HTTP request GET https://localhost:7296/.well-known/openid-configuration
info: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler[100]
      Sending HTTP request GET https://localhost:7296/.well-known/openid-configuration
10/27/23 16:20:46 271      INFO      System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler  - Received HTTP response headers after 2099.5838ms - 200
info: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler[101]
      Received HTTP response headers after 2099.5838ms - 200
10/27/23 16:20:46 271      INFO      System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler  - End processing HTTP request after 2110.4877ms - 200
info: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler[101]
      End processing HTTP request after 2110.4877ms - 200
10/27/23 16:20:46 271      INFO      OpenIddict.Validation.OpenIddictValidationDispatcher  - The configuration request was successfully sent to https://localhost:7296/.well-known/openid-configuration: {}.
info: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
      The configuration request was successfully sent to https://localhost:7296/.well-known/openid-configuration: {}.
10/27/23 16:20:46 305      INFO      OpenIddict.Validation.OpenIddictValidationDispatcher  - The configuration response returned by https://localhost:7296/.well-known/openid-configuration was successfully extracted: {
  "issuer": "https://localhost:7296/",
  "authorization_endpoint": "https://localhost:7296/connect/authorize",
  "token_endpoint": "https://localhost:7296/connect/token",
  "userinfo_endpoint": "https://localhost:7296/connect/userinfo",
  "jwks_uri": "https://localhost:7296/.well-known/jwks",
  "grant_types_supported": [
    "authorization_code",
    "password",
    "refresh_token",
    "client_credentials"
  ],
  "response_types_supported": [
    "code"
  ],
  "response_modes_supported": [
    "form_post",
    "fragment",
    "query"
  ],
  "scopes_supported": [
    "openid",
    "offline_access"
  ],
  "claims_supported": [
    "aud",
    "exp",
    "iat",
    "iss",
    "sub"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "code_challenge_methods_supported": [
    "plain",
    "S256"
  ],
  "subject_types_supported": [
    "public"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post"
  ],
  "claims_parameter_supported": false,
  "request_parameter_supported": false,
  "request_uri_parameter_supported": false,
  "authorization_response_iss_parameter_supported": true
}.
info: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
      The configuration response returned by https://localhost:7296/.well-known/openid-configuration was successfully extracted: {
        "issuer": "https://localhost:7296/",
        "authorization_endpoint": "https://localhost:7296/connect/authorize",
        "token_endpoint": "https://localhost:7296/connect/token",
        "userinfo_endpoint": "https://localhost:7296/connect/userinfo",
        "jwks_uri": "https://localhost:7296/.well-known/jwks",
        "grant_types_supported": [
          "authorization_code",
          "password",
          "refresh_token",
          "client_credentials"
        ],
        "response_types_supported": [
          "code"
        ],
        "response_modes_supported": [
          "form_post",
          "fragment",
          "query"
        ],
        "scopes_supported": [
          "openid",
          "offline_access"
        ],
        "claims_supported": [
          "aud",
          "exp",
          "iat",
          "iss",
          "sub"
        ],
        "id_token_signing_alg_values_supported": [
          "RS256"
        ],
        "code_challenge_methods_supported": [
          "plain",
          "S256"
        ],
        "subject_types_supported": [
          "public"
        ],
        "token_endpoint_auth_methods_supported": [
          "client_secret_basic",
          "client_secret_post"
        ],
        "claims_parameter_supported": false,
        "request_parameter_supported": false,
        "request_uri_parameter_supported": false,
        "authorization_response_iss_parameter_supported": true
      }.
10/27/23 16:20:46 314      INFO      System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler  - Start processing HTTP request GET https://localhost:7296/.well-known/jwks
info: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler[100]
      Start processing HTTP request GET https://localhost:7296/.well-known/jwks
10/27/23 16:20:46 314      INFO      System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler  - Sending HTTP request GET https://localhost:7296/.well-known/jwks
info: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler[100]
      Sending HTTP request GET https://localhost:7296/.well-known/jwks
10/27/23 16:20:46 314      INFO      System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler  - Received HTTP response headers after 7.1074ms - 200
info: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler[101]
      Received HTTP response headers after 7.1074ms - 200
10/27/23 16:20:46 314      INFO      System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler  - End processing HTTP request after 8.0572ms - 200
info: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler[101]
      End processing HTTP request after 8.0572ms - 200
10/27/23 16:20:46 314      INFO      OpenIddict.Validation.OpenIddictValidationDispatcher  - The cryptography request was successfully sent to https://localhost:7296/.well-known/jwks: {}.
info: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
      The cryptography request was successfully sent to https://localhost:7296/.well-known/jwks: {}.
10/27/23 16:20:46 314      INFO      OpenIddict.Validation.OpenIddictValidationDispatcher  - The cryptography response returned by https://localhost:7296/.well-known/jwks was successfully extracted: {
  "keys": [
    {
      "kid": "CEADFD0BD8A98A7928FE69635CC1D7C030A06C7D",
      "use": "sig",
      "kty": "RSA",
      "alg": "RS256",
      "e": "AQAB",
      "n": "vEae8GCifgoU-wp8EelNmZCghQ9odbhijwyf9M3DNZkVQHcDIECvu0PZI-W9FhaoLix5Oz_WceH6KBdUCthntvafvJ053zoH1HwnA24ACgdJFRUax0jFQ3c_TMQRB0-Iu4rd_uiIKbCvo8A04Ks1-mZbo2is27oSUG70UO4v-n98gqgeb02xZdwxvC5vgi5rdXCZoXTFoh3Nxtm_Y-xTqtyaSS0HlYB3JgFOHgUyMqS7dySNqgA2oNTrHfaRJe0o_UoNN7To_vMqoNKrA9USu9PnSOn3OVl4-fKlRQwpH9XFvvUeKD3jxCtSIMrzl_TGY2EXZn9_uy8L_GAd5dDeWQ",
      "x5t": "zq39C9ipinko_mljXMHXwDCgbH0",
      "x5c": [
        "MIIC9TCCAd2gAwIBAgIJALHmctK6xXiAMA0GCSqGSIb3DQEBCwUAMDAxLjAsBgNVBAMTJU9wZW5JZGRpY3QgU2VydmVyIFNpZ25pbmcgQ2VydGlmaWNhdGUwHhcNMjMwMjE0MjI0MDM3WhcNMjUwMjE0MjI0MDM3WjAwMS4wLAYDVQQDEyVPcGVuSWRkaWN0IFNlcnZlciBTaWduaW5nIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEae8GCifgoU+wp8EelNmZCghQ9odbhijwyf9M3DNZkVQHcDIECvu0PZI+W9FhaoLix5Oz/WceH6KBdUCthntvafvJ053zoH1HwnA24ACgdJFRUax0jFQ3c/TMQRB0+Iu4rd/uiIKbCvo8A04Ks1+mZbo2is27oSUG70UO4v+n98gqgeb02xZdwxvC5vgi5rdXCZoXTFoh3Nxtm/Y+xTqtyaSS0HlYB3JgFOHgUyMqS7dySNqgA2oNTrHfaRJe0o/UoNN7To/vMqoNKrA9USu9PnSOn3OVl4+fKlRQwpH9XFvvUeKD3jxCtSIMrzl/TGY2EXZn9/uy8L/GAd5dDeWQIDAQABoxIwEDAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAGreBthOycZgFB8jCcZTKeU5RMV3F+GGmjweA3Po45RVmbBPCxGRGWSBvJq+cE/Cgk0SwP+wDhCmNJ7KFzuNbhyYwO7f8SBfoY4H2/FlE1lmAPKUTNYpwCt5HDoFX3pUdW0Q1POoZVw6Q0J0NG8g8S6p0LOh2AQcW0Hq12qGMNe+U1KRACO49JJywlaQkoGOJb6/cVayL7mNMLqAvK767iR49iPRQlEWd+Ed9wHop5Q4Uet+UAMJOd0zcgZqcm9ofPLzZ5MPWxe+84kXq2J5buIgiTU1VgD9Og5rMs/cUO5iMDOxwBmOBKO4P8djXkeIrexSnbHZVGNNBtGIvLRNiHQ="
      ]
    }
  ]
}.
info: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
      The cryptography response returned by https://localhost:7296/.well-known/jwks was successfully extracted: {
        "keys": [
          {
            "kid": "CEADFD0BD8A98A7928FE69635CC1D7C030A06C7D",
            "use": "sig",
            "kty": "RSA",
            "alg": "RS256",
            "e": "AQAB",
            "n": "vEae8GCifgoU-wp8EelNmZCghQ9odbhijwyf9M3DNZkVQHcDIECvu0PZI-W9FhaoLix5Oz_WceH6KBdUCthntvafvJ053zoH1HwnA24ACgdJFRUax0jFQ3c_TMQRB0-Iu4rd_uiIKbCvo8A04Ks1-mZbo2is27oSUG70UO4v-n98gqgeb02xZdwxvC5vgi5rdXCZoXTFoh3Nxtm_Y-xTqtyaSS0HlYB3JgFOHgUyMqS7dySNqgA2oNTrHfaRJe0o_UoNN7To_vMqoNKrA9USu9PnSOn3OVl4-fKlRQwpH9XFvvUeKD3jxCtSIMrzl_TGY2EXZn9_uy8L_GAd5dDeWQ",
            "x5t": "zq39C9ipinko_mljXMHXwDCgbH0",
            "x5c": [
              "MIIC9TCCAd2gAwIBAgIJALHmctK6xXiAMA0GCSqGSIb3DQEBCwUAMDAxLjAsBgNVBAMTJU9wZW5JZGRpY3QgU2VydmVyIFNpZ25pbmcgQ2VydGlmaWNhdGUwHhcNMjMwMjE0MjI0MDM3WhcNMjUwMjE0MjI0MDM3WjAwMS4wLAYDVQQDEyVPcGVuSWRkaWN0IFNlcnZlciBTaWduaW5nIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEae8GCifgoU+wp8EelNmZCghQ9odbhijwyf9M3DNZkVQHcDIECvu0PZI+W9FhaoLix5Oz/WceH6KBdUCthntvafvJ053zoH1HwnA24ACgdJFRUax0jFQ3c/TMQRB0+Iu4rd/uiIKbCvo8A04Ks1+mZbo2is27oSUG70UO4v+n98gqgeb02xZdwxvC5vgi5rdXCZoXTFoh3Nxtm/Y+xTqtyaSS0HlYB3JgFOHgUyMqS7dySNqgA2oNTrHfaRJe0o/UoNN7To/vMqoNKrA9USu9PnSOn3OVl4+fKlRQwpH9XFvvUeKD3jxCtSIMrzl/TGY2EXZn9/uy8L/GAd5dDeWQIDAQABoxIwEDAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAGreBthOycZgFB8jCcZTKeU5RMV3F+GGmjweA3Po45RVmbBPCxGRGWSBvJq+cE/Cgk0SwP+wDhCmNJ7KFzuNbhyYwO7f8SBfoY4H2/FlE1lmAPKUTNYpwCt5HDoFX3pUdW0Q1POoZVw6Q0J0NG8g8S6p0LOh2AQcW0Hq12qGMNe+U1KRACO49JJywlaQkoGOJb6/cVayL7mNMLqAvK767iR49iPRQlEWd+Ed9wHop5Q4Uet+UAMJOd0zcgZqcm9ofPLzZ5MPWxe+84kXq2J5buIgiTU1VgD9Og5rMs/cUO5iMDOxwBmOBKO4P8djXkeIrexSnbHZVGNNBtGIvLRNiHQ="
            ]
          }
        ]
      }.
10/27/23 16:20:46 390      INFO      OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler  - OpenIddict.Validation.AspNetCore was not authenticated. Failure message: An error occurred while authenticating the current request.
info: OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler[7]
      OpenIddict.Validation.AspNetCore was not authenticated. Failure message: An error occurred while authenticating the current request.
10/27/23 16:20:46 390      INFO      Microsoft.AspNetCore.Authorization.DefaultAuthorizationService  - Authorization failed. These requirements were not met:
DenyAnonymousAuthorizationRequirement: Requires an authenticated user.
10/27/23 16:20:46 390      INFO      OpenIddict.Validation.OpenIddictValidationDispatcher  - The response was successfully returned as a challenge response: {
  "error": "invalid_token",
  "error_description": "The specified token is invalid.",
  "error_uri": "https://documentation.openiddict.com/errors/ID2004"
}.
info: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
      The response was successfully returned as a challenge response: {
        "error": "invalid_token",
        "error_description": "The specified token is invalid.",
        "error_uri": "https://documentation.openiddict.com/errors/ID2004"
      }.
10/27/23 16:20:46 390      INFO      OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler  - AuthenticationScheme: OpenIddict.Validation.AspNetCore was challenged.
info: OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler[12]
      AuthenticationScheme: OpenIddict.Validation.AspNetCore was challenged.
10/27/23 16:20:46 413      INFO      Microsoft.AspNetCore.Hosting.Diagnostics  - Request finished HTTP/1.1 GET https://localhost:7224/api/v1/Gage/ - - - 401 0 - 2381.3471ms
kevinchalet commented 1 year ago

Change the default log level to Trace to get more precise logs.

It's likely caused by the fact you commented the options.AddEncryptionKey() call...

dgxhubbard commented 1 year ago

Below is the log. The first thing shown is

10/30/23 11:00:01 954 INFO Microsoft.AspNetCore.Authorization.DefaultAuthorizationService - Authorization failed. These requirements were not met: DenyAnonymousAuthorizationRequirement: Requires an authenticated user.

I tried to get the payload from token on jwt.io but I get not a valid json object.

Log output

10/30/23 10:59:37 740      DEBUG     Microsoft.AspNetCore.Mvc.Razor.Compilation.DefaultViewCompiler  - Initializing Razor view compiler with compiled view: '/Pages/Error.cshtml'.
10/30/23 10:59:37 767      DEBUG     Microsoft.AspNetCore.Mvc.ModelBinding.ModelBinderFactory  - Registered model binder providers, in the following order: Microsoft.AspNetCore.Mvc.Versioning.ApiVersionModelBinderProvider, Microsoft.AspNetCore.Mvc.ModelBinding.Binders.BinderTypeModelBinderProvider, Microsoft.AspNetCore.Mvc.ModelBinding.Binders.ServicesModelBinderProvider, Microsoft.AspNetCore.Mvc.ModelBinding.Binders.BodyModelBinderProvider, Microsoft.AspNetCore.Mvc.ModelBinding.Binders.HeaderModelBinderProvider, Microsoft.AspNetCore.Mvc.ModelBinding.Binders.FloatingPointTypeModelBinderProvider, Microsoft.AspNetCore.Mvc.ModelBinding.Binders.EnumTypeModelBinderProvider, Microsoft.AspNetCore.Mvc.ModelBinding.Binders.DateTimeModelBinderProvider, Microsoft.AspNetCore.Mvc.ModelBinding.Binders.SimpleTypeModelBinderProvider, Microsoft.AspNetCore.Mvc.ModelBinding.Binders.TryParseModelBinderProvider, Microsoft.AspNetCore.Mvc.ModelBinding.Binders.CancellationTokenModelBinderProvider, Microsoft.AspNetCore.Mvc.ModelBinding.Binders.ByteArrayModelBinderProvider, Microsoft.AspNetCore.Mvc.ModelBinding.Binders.FormFileModelBinderProvider, Microsoft.AspNetCore.Mvc.ModelBinding.Binders.FormCollectionModelBinderProvider, Microsoft.AspNetCore.Mvc.ModelBinding.Binders.KeyValuePairModelBinderProvider, Microsoft.AspNetCore.Mvc.ModelBinding.Binders.DictionaryModelBinderProvider, Microsoft.AspNetCore.Mvc.ModelBinding.Binders.ArrayModelBinderProvider, Microsoft.AspNetCore.Mvc.ModelBinding.Binders.CollectionModelBinderProvider, Microsoft.AspNetCore.Mvc.ModelBinding.Binders.ComplexObjectModelBinderProvider
10/30/23 10:59:37 767      INFO      Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager  - User profile is available. Using 'C:\Users\dhubb\AppData\Local\ASP.NET\DataProtection-Keys' as key repository and Windows DPAPI to encrypt keys at rest.
10/30/23 10:59:38 202      DEBUG     Microsoft.Extensions.Hosting.Internal.Host  - Hosting starting
10/30/23 10:59:38 207      DEBUG     Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository  - Reading data from file 'C:\Users\dhubb\AppData\Local\ASP.NET\DataProtection-Keys\key-3bef1a2f-46f5-413d-8fd9-673e738c0776.xml'.
10/30/23 10:59:38 207      DEBUG     Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository  - Reading data from file 'C:\Users\dhubb\AppData\Local\ASP.NET\DataProtection-Keys\key-4d9e5efc-49dd-4bd1-b61f-5d8d7fcc14ac.xml'.
10/30/23 10:59:38 207      DEBUG     Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository  - Reading data from file 'C:\Users\dhubb\AppData\Local\ASP.NET\DataProtection-Keys\key-b3ebd037-51e9-4f6f-9b85-f5e00a80a27d.xml'.
10/30/23 10:59:38 207      DEBUG     Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository  - Reading data from file 'C:\Users\dhubb\AppData\Local\ASP.NET\DataProtection-Keys\key-e7a8029d-4611-4fd7-a3bc-64170eda4864.xml'.
10/30/23 10:59:38 207      DEBUG     Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository  - Reading data from file 'C:\Users\dhubb\AppData\Local\ASP.NET\DataProtection-Keys\key-f7fd3278-fd84-48d1-ad86-0ddc44261dd9.xml'.
10/30/23 10:59:38 207      DEBUG     Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager  - Found key {3bef1a2f-46f5-413d-8fd9-673e738c0776}.
10/30/23 10:59:38 207      DEBUG     Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager  - Found key {4d9e5efc-49dd-4bd1-b61f-5d8d7fcc14ac}.
10/30/23 10:59:38 207      DEBUG     Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager  - Found key {b3ebd037-51e9-4f6f-9b85-f5e00a80a27d}.
10/30/23 10:59:38 207      DEBUG     Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager  - Found key {e7a8029d-4611-4fd7-a3bc-64170eda4864}.
10/30/23 10:59:38 207      DEBUG     Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager  - Found key {f7fd3278-fd84-48d1-ad86-0ddc44261dd9}.
10/30/23 10:59:38 220      DEBUG     Microsoft.AspNetCore.DataProtection.KeyManagement.DefaultKeyResolver  - Considering key {3bef1a2f-46f5-413d-8fd9-673e738c0776} with expiration date 2023-11-08 18:13:56Z as default key.
10/30/23 10:59:38 220      DEBUG     Microsoft.AspNetCore.DataProtection.TypeForwardingActivator  - Forwarded activator type request from Microsoft.AspNetCore.DataProtection.XmlEncryption.DpapiXmlDecryptor, Microsoft.AspNetCore.DataProtection, Version=7.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60 to Microsoft.AspNetCore.DataProtection.XmlEncryption.DpapiXmlDecryptor, Microsoft.AspNetCore.DataProtection, Culture=neutral, PublicKeyToken=adb9793829ddae60
10/30/23 10:59:38 220      DEBUG     Microsoft.AspNetCore.DataProtection.XmlEncryption.DpapiXmlDecryptor  - Decrypting secret element using Windows DPAPI.
10/30/23 10:59:38 220      DEBUG     Microsoft.AspNetCore.DataProtection.TypeForwardingActivator  - Forwarded activator type request from Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptorDescriptorDeserializer, Microsoft.AspNetCore.DataProtection, Version=7.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60 to Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptorDescriptorDeserializer, Microsoft.AspNetCore.DataProtection, Culture=neutral, PublicKeyToken=adb9793829ddae60
10/30/23 10:59:38 220      DEBUG     Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.CngCbcAuthenticatedEncryptorFactory  - Opening CNG algorithm 'AES' from provider '(null)' with chaining mode CBC.
10/30/23 10:59:38 220      DEBUG     Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.CngCbcAuthenticatedEncryptorFactory  - Opening CNG algorithm 'SHA256' from provider '(null)' with HMAC.
10/30/23 10:59:38 220      DEBUG     Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingProvider  - Using key {3bef1a2f-46f5-413d-8fd9-673e738c0776} as the default key.
10/30/23 10:59:38 220      DEBUG     Microsoft.AspNetCore.DataProtection.Internal.DataProtectionHostedService  - Key ring with default key {3bef1a2f-46f5-413d-8fd9-673e738c0776} was loaded during application startup.
10/30/23 10:59:38 249      WARN      Microsoft.AspNetCore.Server.Kestrel  - Overriding address(es) 'https://localhost:7224'. Binding to endpoints defined via IConfiguration and/or UseKestrel() instead.
10/30/23 10:59:38 270      INFO      Microsoft.Hosting.Lifetime  - Now listening on: https://127.0.0.1:7224
10/30/23 10:59:38 270      DEBUG     Microsoft.AspNetCore.Hosting.Diagnostics  - Loaded hosting startup assembly Gt.WebApi
10/30/23 10:59:38 270      DEBUG     Microsoft.AspNetCore.Hosting.Diagnostics  - Loaded hosting startup assembly Microsoft.AspNetCore.Watch.BrowserRefresh
10/30/23 10:59:38 270      DEBUG     Microsoft.AspNetCore.Hosting.Diagnostics  - Loaded hosting startup assembly Microsoft.WebTools.BrowserLink.Net
10/30/23 10:59:38 270      INFO      Microsoft.Hosting.Lifetime  - Application started. Press Ctrl+C to shut down.
10/30/23 10:59:38 270      INFO      Microsoft.Hosting.Lifetime  - Hosting environment: Development
10/30/23 10:59:38 270      INFO      Microsoft.Hosting.Lifetime  - Content root path: C:\Repository\GtApi\bin\Debug
10/30/23 10:59:38 270      DEBUG     Microsoft.Extensions.Hosting.Internal.Host  - Hosting started
10/30/23 10:59:58 844      DEBUG     Microsoft.AspNetCore.Server.Kestrel.Connections  - Connection id "0HMUPE841J1PC" accepted.
10/30/23 10:59:58 846      DEBUG     Microsoft.AspNetCore.Server.Kestrel.Connections  - Connection id "0HMUPE841J1PC" started.
10/30/23 10:59:58 882      DEBUG     Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionMiddleware  - Connection 0HMUPE841J1PC established using the following protocol: Tls13
10/30/23 10:59:58 905      INFO      Microsoft.AspNetCore.Hosting.Diagnostics  - Request starting HTTP/1.1 GET https://localhost:7224/api/v1/Gage/ - -
10/30/23 10:59:58 913      DEBUG     Microsoft.AspNetCore.HostFiltering.HostFilteringMiddleware  - Wildcard detected, all requests with hosts will be allowed.
10/30/23 10:59:58 913      TRACE     Microsoft.AspNetCore.HostFiltering.HostFilteringMiddleware  - All hosts are allowed.
10/30/23 10:59:58 929      DEBUG     Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware  - The request path  does not match the path filter
10/30/23 10:59:58 929      DEBUG     Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware  - The request path /api/v1/Gage/ does not match a supported file type
10/30/23 10:59:58 971      DEBUG     Microsoft.AspNetCore.Routing.Matching.DfaMatcher  - 2 candidate(s) found for the request path '/api/v1/Gage/'
10/30/23 10:59:58 971      DEBUG     Microsoft.AspNetCore.Routing.Matching.DfaMatcher  - Endpoint 'Gt.ApiControllers.GageController.Get (Gt.ApiControllers)' with route pattern 'api/v{version:apiVersion}/Gage' is valid for the request path '/api/v1/Gage/'
10/30/23 10:59:58 971      DEBUG     Microsoft.AspNetCore.Routing.Matching.DfaMatcher  - Endpoint 'Fallback {*path:nonfile}' with route pattern '{*path:nonfile}' is valid for the request path '/api/v1/Gage/'
10/30/23 10:59:58 971      DEBUG     Microsoft.AspNetCore.Routing.EndpointRoutingMiddleware  - Request matched endpoint 'Gt.ApiControllers.GageController.Get (Gt.ApiControllers)'
10/30/23 10:59:59 007      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessRequestContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ResolveRequestUri.
10/30/23 10:59:59 007      DEBUG     Microsoft.AspNetCore.Authentication.Certificate.CertificateAuthenticationHandler  - No client certificate found.
10/30/23 10:59:59 007      DEBUG     Microsoft.AspNetCore.Authentication.Certificate.CertificateAuthenticationHandler  - AuthenticationScheme: Certificate was not authenticated.
10/30/23 10:59:59 007      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ValidateHostHeader.
10/30/23 10:59:59 007      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+EvaluateValidatedTokens.
10/30/23 10:59:59 007      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromAuthorizationHeader.
10/30/23 10:59:59 007      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromBodyForm.
10/30/23 10:59:59 007      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromQueryString.
10/30/23 10:59:59 007      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+ValidateRequiredTokens.
10/30/23 10:59:59 191      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+CreateHttpClient`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 10:59:59 191      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+PrepareGetHttpRequest`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 10:59:59 191      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+AttachHttpVersion`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 10:59:59 191      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+AttachJsonAcceptHeaders`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 10:59:59 191      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+AttachUserAgentHeader`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 10:59:59 191      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+AttachFromHeader`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 10:59:59 191      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+AttachHttpParameters`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 10:59:59 191      INFO      System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler  - Start processing HTTP request GET https://localhost:7296/.well-known/openid-configuration
10/30/23 10:59:59 191      TRACE     System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler  - Request Headers:
Accept: application/json
Accept-Charset: utf-8
User-Agent: OpenIddict.Validation.SystemNetHttp/4.9.0.0

10/30/23 10:59:59 207      INFO      System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler  - Sending HTTP request GET https://localhost:7296/.well-known/openid-configuration
10/30/23 10:59:59 207      TRACE     System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler  - Request Headers:
Accept: application/json
Accept-Charset: utf-8
User-Agent: OpenIddict.Validation.SystemNetHttp/4.9.0.0

10/30/23 11:00:01 316      INFO      System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler  - Received HTTP response headers after 2107.4499ms - 200
10/30/23 11:00:01 316      TRACE     System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler  - Response Headers:
Date: Mon, 30 Oct 2023 18:00:00 GMT
Server: Kestrel
Content-Length: 1207
Content-Type: application/json; charset=UTF-8

10/30/23 11:00:01 316      INFO      System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler  - End processing HTTP request after 2123.608ms - 200
10/30/23 11:00:01 316      TRACE     System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler  - Response Headers:
Date: Mon, 30 Oct 2023 18:00:00 GMT
Server: Kestrel
Content-Length: 1207
Content-Type: application/json; charset=UTF-8

10/30/23 11:00:01 316      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ApplyConfigurationRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+SendHttpRequest`1[[OpenIddict.Validation.OpenIddictValidationEvents+ApplyConfigurationRequestContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 316      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ApplyConfigurationRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+DisposeHttpRequest`1[[OpenIddict.Validation.OpenIddictValidationEvents+ApplyConfigurationRequestContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 316      INFO      OpenIddict.Validation.OpenIddictValidationDispatcher  - The configuration request was successfully sent to https://localhost:7296/.well-known/openid-configuration: {}.
10/30/23 11:00:01 338      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ExtractConfigurationResponseContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+DecompressResponseContent`1[[OpenIddict.Validation.OpenIddictValidationEvents+ExtractConfigurationResponseContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 350      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ExtractConfigurationResponseContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+ExtractJsonHttpResponse`1[[OpenIddict.Validation.OpenIddictValidationEvents+ExtractConfigurationResponseContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 350      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ExtractConfigurationResponseContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+ExtractWwwAuthenticateHeader`1[[OpenIddict.Validation.OpenIddictValidationEvents+ExtractConfigurationResponseContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 350      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ExtractConfigurationResponseContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+ValidateHttpResponse`1[[OpenIddict.Validation.OpenIddictValidationEvents+ExtractConfigurationResponseContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 350      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ExtractConfigurationResponseContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+DisposeHttpResponse`1[[OpenIddict.Validation.OpenIddictValidationEvents+ExtractConfigurationResponseContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 350      INFO      OpenIddict.Validation.OpenIddictValidationDispatcher  - The configuration response returned by https://localhost:7296/.well-known/openid-configuration was successfully extracted: {
  "issuer": "https://localhost:7296/",
  "authorization_endpoint": "https://localhost:7296/connect/authorize",
  "token_endpoint": "https://localhost:7296/connect/token",
  "userinfo_endpoint": "https://localhost:7296/connect/userinfo",
  "jwks_uri": "https://localhost:7296/.well-known/jwks",
  "grant_types_supported": [
    "authorization_code",
    "password",
    "refresh_token",
    "client_credentials"
  ],
  "response_types_supported": [
    "code"
  ],
  "response_modes_supported": [
    "form_post",
    "fragment",
    "query"
  ],
  "scopes_supported": [
    "openid",
    "offline_access"
  ],
  "claims_supported": [
    "aud",
    "exp",
    "iat",
    "iss",
    "sub"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "code_challenge_methods_supported": [
    "plain",
    "S256"
  ],
  "subject_types_supported": [
    "public"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post"
  ],
  "claims_parameter_supported": false,
  "request_parameter_supported": false,
  "request_uri_parameter_supported": false,
  "authorization_response_iss_parameter_supported": true
}.
10/30/23 11:00:01 350      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+HandleConfigurationResponseContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Discovery+ValidateWellKnownConfigurationParameters.
10/30/23 11:00:01 362      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+HandleConfigurationResponseContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Discovery+HandleConfigurationErrorResponse.
10/30/23 11:00:01 362      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+HandleConfigurationResponseContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Discovery+ValidateIssuer.
10/30/23 11:00:01 362      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+HandleConfigurationResponseContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Discovery+ExtractCryptographyEndpoint.
10/30/23 11:00:01 362      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+HandleConfigurationResponseContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Discovery+ExtractIntrospectionEndpoint.
10/30/23 11:00:01 362      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+HandleConfigurationResponseContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Discovery+ExtractIntrospectionEndpointClientAuthenticationMethods.
10/30/23 11:00:01 362      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+CreateHttpClient`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 362      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+PrepareGetHttpRequest`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 362      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+AttachHttpVersion`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 362      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+AttachJsonAcceptHeaders`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 362      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+AttachUserAgentHeader`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 362      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+AttachFromHeader`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 362      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+AttachHttpParameters`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 362      INFO      System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler  - Start processing HTTP request GET https://localhost:7296/.well-known/jwks
10/30/23 11:00:01 362      TRACE     System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler  - Request Headers:
Accept: application/json
Accept-Charset: utf-8
User-Agent: OpenIddict.Validation.SystemNetHttp/4.9.0.0

10/30/23 11:00:01 362      INFO      System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler  - Sending HTTP request GET https://localhost:7296/.well-known/jwks
10/30/23 11:00:01 362      TRACE     System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler  - Request Headers:
Accept: application/json
Accept-Charset: utf-8
User-Agent: OpenIddict.Validation.SystemNetHttp/4.9.0.0

10/30/23 11:00:01 380      INFO      System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler  - Received HTTP response headers after 9.3682ms - 200
10/30/23 11:00:01 380      TRACE     System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler  - Response Headers:
Date: Mon, 30 Oct 2023 18:00:01 GMT
Server: Kestrel
Content-Length: 1635
Content-Type: application/json; charset=UTF-8

10/30/23 11:00:01 380      INFO      System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler  - End processing HTTP request after 11.5731ms - 200
10/30/23 11:00:01 380      TRACE     System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler  - Response Headers:
Date: Mon, 30 Oct 2023 18:00:01 GMT
Server: Kestrel
Content-Length: 1635
Content-Type: application/json; charset=UTF-8

10/30/23 11:00:01 380      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ApplyCryptographyRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+SendHttpRequest`1[[OpenIddict.Validation.OpenIddictValidationEvents+ApplyCryptographyRequestContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 380      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ApplyCryptographyRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+DisposeHttpRequest`1[[OpenIddict.Validation.OpenIddictValidationEvents+ApplyCryptographyRequestContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 380      INFO      OpenIddict.Validation.OpenIddictValidationDispatcher  - The cryptography request was successfully sent to https://localhost:7296/.well-known/jwks: {}.
10/30/23 11:00:01 380      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ExtractCryptographyResponseContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+DecompressResponseContent`1[[OpenIddict.Validation.OpenIddictValidationEvents+ExtractCryptographyResponseContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 380      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ExtractCryptographyResponseContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+ExtractJsonHttpResponse`1[[OpenIddict.Validation.OpenIddictValidationEvents+ExtractCryptographyResponseContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 380      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ExtractCryptographyResponseContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+ExtractWwwAuthenticateHeader`1[[OpenIddict.Validation.OpenIddictValidationEvents+ExtractCryptographyResponseContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 380      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ExtractCryptographyResponseContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+ValidateHttpResponse`1[[OpenIddict.Validation.OpenIddictValidationEvents+ExtractCryptographyResponseContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 380      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ExtractCryptographyResponseContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+DisposeHttpResponse`1[[OpenIddict.Validation.OpenIddictValidationEvents+ExtractCryptographyResponseContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 380      INFO      OpenIddict.Validation.OpenIddictValidationDispatcher  - The cryptography response returned by https://localhost:7296/.well-known/jwks was successfully extracted: {
  "keys": [
    {
      "kid": "CEADFD0BD8A98A7928FE69635CC1D7C030A06C7D",
      "use": "sig",
      "kty": "RSA",
      "alg": "RS256",
      "e": "AQAB",
      "n": "vEae8GCifgoU-wp8EelNmZCghQ9odbhijwyf9M3DNZkVQHcDIECvu0PZI-W9FhaoLix5Oz_WceH6KBdUCthntvafvJ053zoH1HwnA24ACgdJFRUax0jFQ3c_TMQRB0-Iu4rd_uiIKbCvo8A04Ks1-mZbo2is27oSUG70UO4v-n98gqgeb02xZdwxvC5vgi5rdXCZoXTFoh3Nxtm_Y-xTqtyaSS0HlYB3JgFOHgUyMqS7dySNqgA2oNTrHfaRJe0o_UoNN7To_vMqoNKrA9USu9PnSOn3OVl4-fKlRQwpH9XFvvUeKD3jxCtSIMrzl_TGY2EXZn9_uy8L_GAd5dDeWQ",
      "x5t": "zq39C9ipinko_mljXMHXwDCgbH0",
      "x5c": [
        "MIIC9TCCAd2gAwIBAgIJALHmctK6xXiAMA0GCSqGSIb3DQEBCwUAMDAxLjAsBgNVBAMTJU9wZW5JZGRpY3QgU2VydmVyIFNpZ25pbmcgQ2VydGlmaWNhdGUwHhcNMjMwMjE0MjI0MDM3WhcNMjUwMjE0MjI0MDM3WjAwMS4wLAYDVQQDEyVPcGVuSWRkaWN0IFNlcnZlciBTaWduaW5nIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEae8GCifgoU+wp8EelNmZCghQ9odbhijwyf9M3DNZkVQHcDIECvu0PZI+W9FhaoLix5Oz/WceH6KBdUCthntvafvJ053zoH1HwnA24ACgdJFRUax0jFQ3c/TMQRB0+Iu4rd/uiIKbCvo8A04Ks1+mZbo2is27oSUG70UO4v+n98gqgeb02xZdwxvC5vgi5rdXCZoXTFoh3Nxtm/Y+xTqtyaSS0HlYB3JgFOHgUyMqS7dySNqgA2oNTrHfaRJe0o/UoNN7To/vMqoNKrA9USu9PnSOn3OVl4+fKlRQwpH9XFvvUeKD3jxCtSIMrzl/TGY2EXZn9/uy8L/GAd5dDeWQIDAQABoxIwEDAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAGreBthOycZgFB8jCcZTKeU5RMV3F+GGmjweA3Po45RVmbBPCxGRGWSBvJq+cE/Cgk0SwP+wDhCmNJ7KFzuNbhyYwO7f8SBfoY4H2/FlE1lmAPKUTNYpwCt5HDoFX3pUdW0Q1POoZVw6Q0J0NG8g8S6p0LOh2AQcW0Hq12qGMNe+U1KRACO49JJywlaQkoGOJb6/cVayL7mNMLqAvK767iR49iPRQlEWd+Ed9wHop5Q4Uet+UAMJOd0zcgZqcm9ofPLzZ5MPWxe+84kXq2J5buIgiTU1VgD9Og5rMs/cUO5iMDOxwBmOBKO4P8djXkeIrexSnbHZVGNNBtGIvLRNiHQ="
      ]
    }
  ]
}.
10/30/23 11:00:01 380      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+HandleCryptographyResponseContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Discovery+ValidateWellKnownCryptographyParameters.
10/30/23 11:00:01 380      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+HandleCryptographyResponseContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Discovery+HandleCryptographyErrorResponse.
10/30/23 11:00:01 398      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+HandleCryptographyResponseContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Discovery+ExtractSigningKeys.
10/30/23 11:00:01 417      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+ResolveServerConfiguration.
10/30/23 11:00:01 417      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ValidateTokenContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Protection+ResolveTokenValidationParameters.
10/30/23 11:00:01 438      TRACE     OpenIddict.Validation.OpenIddictValidationDispatcher  - An error occurred while validating the token 'eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZDQkMtSFM1MTIiLCJraWQiOiJPRkZBTkhOUklVT0pIQ0dDR0E0QlpFQ1UxUUZDVVJISlFaWFNCSk0yIiwidHlwIjoiYXQrand0IiwiY3R5IjoiSldUIn0.Elr40DUn4foNw-O8PtODWH6RBgc0hC_-g50eY0IyvcKU_waTgh4JRPG-JAzO215nc8F3ickxum2c8scOs6z3h0YpzFbDuB5pRNbx5CxVFcskpnpNOQF-esMyCFes-AtBBEaRsr88uucE7FRXnDnAsWKKRxKm1MiwXralEHfA1je5YxxasNatvRfCzjUENDDj01kYjfoQUHrkpeHbcx40SKpD0isaipl67636WDppUCuLlzN8_wcoDt90JmNj4g-5pNM_V_nqfyGuxKX7jLso-Tovyzou0ogzsH1smeOcE6eiiHdhKnddG3Pf5l7XVtspcZL1n3AipEw-pq3sglIqYQ.imj_GJx6vP2k3hpIDPs8wQ.30RjVM7VvPFj_YDBLEmOTEKyhk5iWWzLdF5lGzkv-jx5_4P1UhSPiHAd2Jv3GCKaURR1Ax_J0sRKgVlCtJAH4VsidvXj3F_kdGOA6QbQWBReX6hykUibMsJ6cl8sjqINLzB-UOJKNrr21Y1cxRanXqIP6BZI0dpJsXu-3Czj66Gf_A6ggJHufz2UL7Q6ASXIGZiEO8t0JXd8n_7d2elohHYbyZYx-0owEzQzHz8B8_uK6HFPFjUljp18Ek7E0B8rkPuRZtT7TWl6l1KBtR1oBjH4IH3cO4QY6oN2tLqYyb1ToZShjF7gNP2BffMBDtHS-sKDCo4ZYvhkzBmhETgYMWMlHa9Dz7rgejsUBk_YtiQ8wn_ZpiSSLcNJmkGmpYDZAoGzYX4Fd60q3sNuA3biZFkRfuFnFUFFcBGtCSsHewZzNxW7SktQ3VbPqZHfE4Ibp5PiIuh9jpKDZ5968MEEYfFb6XaonB_CxR8kjUX0n-rxFMKQGtq7Aa4Lax8fm9c5x84ucDdGWJy-ydOcGIZykRt8rnzyD04J12JycaZYU0tdlXV8rCL9oZEUQJ8aD91Tlj6SeRxrE-3s3KLqXg3NV2117xmP18bLR3HFZx5SXiwycREEkOVhTamUsP_2p-TZY06aAlL6m-bOQe4gGeIMxDUgKdynXMyU0zTR3Ke3IxcZC_JO80SHIdm6YwR6LadzefmPMZTRWygCylXv-Ztx4X2-40Fh_A--TEKt7v6TESDPH2jL90ghZn8jdEUmt-QBQB6O3nKaJsej_L_al-jODBoye0K-2M1A-Ik1_q4b1iwwsLFcAPvTtCC9TqVncMXLGj2Lb0uXNGesQGMdK5DgJlatcMmf07dmO3GJWlHlc-KaMVstwntw9Avb-lFcZLF0nogMSdPUn2HGm7Dmmb7JKa9gQtxKW_NENbCRIhLlEGccqutIQbeqxkNPN2eBs7v8cJCYgZt3LFaleUTAUROeyG1jYWZLBy90-0ABKZt5ts5e1WmQ1kWIJMR5ktRAxE2jitpKyimACNkhbBzoKHA69wv_DM5pCAVjiky4bB8u4M6E1gS_d4lTMwWC2g71twPgP_cFr2cFfdt2jIUCSwgcdeZI72SlAsidxv1HG4bC2cr-imMQe7afkaOmn49bbZK_ikyRadnAjrQkZO6fat_kReAKvk6zVaNjDddoUR5pplCqdSWQZxLYzOc4WnahBBZRqHe5NoKb7Oh55JfLkIjuiqb09KyenQ_9n7Pk9za8HwbH4SIjDu9S_gfxZzSlvJpQ.mYfYo_uBykeL5aXEOQZrViFC6I21BjnNxa8XH2tl4f8'.
10/30/23 11:00:01 439      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ValidateTokenContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Protection+ValidateIdentityModelToken.
10/30/23 11:00:01 439      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ValidateTokenContext was marked as rejected by OpenIddict.Validation.OpenIddictValidationHandlers+Protection+ValidateIdentityModelToken.
10/30/23 11:00:01 439      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+ValidateAccessToken.
10/30/23 11:00:01 439      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was marked as rejected by OpenIddict.Validation.OpenIddictValidationHandlers+ValidateAccessToken.
10/30/23 11:00:01 439      INFO      OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler  - OpenIddict.Validation.AspNetCore was not authenticated. Failure message: An error occurred while authenticating the current request.
10/30/23 11:00:01 439      INFO      Microsoft.AspNetCore.Authorization.DefaultAuthorizationService  - Authorization failed. These requirements were not met:
DenyAnonymousAuthorizationRequirement: Requires an authenticated user.
10/30/23 11:00:01 439      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ResolveHostChallengeProperties.
10/30/23 11:00:01 439      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+AttachHostChallengeError.
10/30/23 11:00:01 439      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+AttachDefaultChallengeError.
10/30/23 11:00:01 439      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+AttachCustomChallengeParameters.
10/30/23 11:00:01 439      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+AttachHttpResponseCode`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 439      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+AttachCacheControlHeader`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 439      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+AttachWwwAuthenticateHeader`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 439      INFO      OpenIddict.Validation.OpenIddictValidationDispatcher  - The response was successfully returned as a challenge response: {
  "error": "invalid_token",
  "error_description": "The specified token is invalid.",
  "error_uri": "https://documentation.openiddict.com/errors/ID2004"
}.
10/30/23 11:00:01 439      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ProcessChallengeErrorResponse`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 439      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was marked as handled by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ProcessChallengeErrorResponse`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 439      INFO      OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler  - AuthenticationScheme: OpenIddict.Validation.AspNetCore was challenged.
10/30/23 11:00:01 460      DEBUG     Microsoft.AspNetCore.Server.Kestrel.Connections  - Connection id "0HMUPE841J1PC" completed keep alive response.
10/30/23 11:00:01 460      INFO      Microsoft.AspNetCore.Hosting.Diagnostics  - Request finished HTTP/1.1 GET https://localhost:7224/api/v1/Gage/ - - - 401 0 - 2555.9163ms
10/30/23 11:00:01 909      INFO      Microsoft.AspNetCore.Hosting.Diagnostics  - Request starting HTTP/1.1 POST https://localhost:7224/api/v1/Gage/ application/json;+charset=utf-8 -
10/30/23 11:00:01 909      TRACE     Microsoft.AspNetCore.HostFiltering.HostFilteringMiddleware  - All hosts are allowed.
10/30/23 11:00:01 909      DEBUG     Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware  - POST requests are not supported
10/30/23 11:00:01 909      DEBUG     Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware  - POST requests are not supported
10/30/23 11:00:01 909      DEBUG     Microsoft.AspNetCore.Routing.Matching.DfaMatcher  - 1 candidate(s) found for the request path '/api/v1/Gage/'
10/30/23 11:00:01 909      DEBUG     Microsoft.AspNetCore.Routing.Matching.DfaMatcher  - Endpoint 'Gt.ApiControllers.GageController.Post (Gt.ApiControllers)' with route pattern 'api/v{version:apiVersion}/Gage' is valid for the request path '/api/v1/Gage/'
10/30/23 11:00:01 909      DEBUG     Microsoft.AspNetCore.Routing.EndpointRoutingMiddleware  - Request matched endpoint 'Gt.ApiControllers.GageController.Post (Gt.ApiControllers)'
10/30/23 11:00:01 909      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessRequestContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ResolveRequestUri.
10/30/23 11:00:01 909      DEBUG     Microsoft.AspNetCore.Authentication.Certificate.CertificateAuthenticationHandler  - No client certificate found.
10/30/23 11:00:01 909      DEBUG     Microsoft.AspNetCore.Authentication.Certificate.CertificateAuthenticationHandler  - AuthenticationScheme: Certificate was not authenticated.
10/30/23 11:00:01 909      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ValidateHostHeader.
10/30/23 11:00:01 909      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+EvaluateValidatedTokens.
10/30/23 11:00:01 909      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromAuthorizationHeader.
10/30/23 11:00:01 909      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromBodyForm.
10/30/23 11:00:01 909      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromQueryString.
10/30/23 11:00:01 909      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+ValidateRequiredTokens.
10/30/23 11:00:01 909      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+ResolveServerConfiguration.
10/30/23 11:00:01 909      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ValidateTokenContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Protection+ResolveTokenValidationParameters.
10/30/23 11:00:01 909      TRACE     OpenIddict.Validation.OpenIddictValidationDispatcher  - An error occurred while validating the token 'eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZDQkMtSFM1MTIiLCJraWQiOiJPRkZBTkhOUklVT0pIQ0dDR0E0QlpFQ1UxUUZDVVJISlFaWFNCSk0yIiwidHlwIjoiYXQrand0IiwiY3R5IjoiSldUIn0.Elr40DUn4foNw-O8PtODWH6RBgc0hC_-g50eY0IyvcKU_waTgh4JRPG-JAzO215nc8F3ickxum2c8scOs6z3h0YpzFbDuB5pRNbx5CxVFcskpnpNOQF-esMyCFes-AtBBEaRsr88uucE7FRXnDnAsWKKRxKm1MiwXralEHfA1je5YxxasNatvRfCzjUENDDj01kYjfoQUHrkpeHbcx40SKpD0isaipl67636WDppUCuLlzN8_wcoDt90JmNj4g-5pNM_V_nqfyGuxKX7jLso-Tovyzou0ogzsH1smeOcE6eiiHdhKnddG3Pf5l7XVtspcZL1n3AipEw-pq3sglIqYQ.imj_GJx6vP2k3hpIDPs8wQ.30RjVM7VvPFj_YDBLEmOTEKyhk5iWWzLdF5lGzkv-jx5_4P1UhSPiHAd2Jv3GCKaURR1Ax_J0sRKgVlCtJAH4VsidvXj3F_kdGOA6QbQWBReX6hykUibMsJ6cl8sjqINLzB-UOJKNrr21Y1cxRanXqIP6BZI0dpJsXu-3Czj66Gf_A6ggJHufz2UL7Q6ASXIGZiEO8t0JXd8n_7d2elohHYbyZYx-0owEzQzHz8B8_uK6HFPFjUljp18Ek7E0B8rkPuRZtT7TWl6l1KBtR1oBjH4IH3cO4QY6oN2tLqYyb1ToZShjF7gNP2BffMBDtHS-sKDCo4ZYvhkzBmhETgYMWMlHa9Dz7rgejsUBk_YtiQ8wn_ZpiSSLcNJmkGmpYDZAoGzYX4Fd60q3sNuA3biZFkRfuFnFUFFcBGtCSsHewZzNxW7SktQ3VbPqZHfE4Ibp5PiIuh9jpKDZ5968MEEYfFb6XaonB_CxR8kjUX0n-rxFMKQGtq7Aa4Lax8fm9c5x84ucDdGWJy-ydOcGIZykRt8rnzyD04J12JycaZYU0tdlXV8rCL9oZEUQJ8aD91Tlj6SeRxrE-3s3KLqXg3NV2117xmP18bLR3HFZx5SXiwycREEkOVhTamUsP_2p-TZY06aAlL6m-bOQe4gGeIMxDUgKdynXMyU0zTR3Ke3IxcZC_JO80SHIdm6YwR6LadzefmPMZTRWygCylXv-Ztx4X2-40Fh_A--TEKt7v6TESDPH2jL90ghZn8jdEUmt-QBQB6O3nKaJsej_L_al-jODBoye0K-2M1A-Ik1_q4b1iwwsLFcAPvTtCC9TqVncMXLGj2Lb0uXNGesQGMdK5DgJlatcMmf07dmO3GJWlHlc-KaMVstwntw9Avb-lFcZLF0nogMSdPUn2HGm7Dmmb7JKa9gQtxKW_NENbCRIhLlEGccqutIQbeqxkNPN2eBs7v8cJCYgZt3LFaleUTAUROeyG1jYWZLBy90-0ABKZt5ts5e1WmQ1kWIJMR5ktRAxE2jitpKyimACNkhbBzoKHA69wv_DM5pCAVjiky4bB8u4M6E1gS_d4lTMwWC2g71twPgP_cFr2cFfdt2jIUCSwgcdeZI72SlAsidxv1HG4bC2cr-imMQe7afkaOmn49bbZK_ikyRadnAjrQkZO6fat_kReAKvk6zVaNjDddoUR5pplCqdSWQZxLYzOc4WnahBBZRqHe5NoKb7Oh55JfLkIjuiqb09KyenQ_9n7Pk9za8HwbH4SIjDu9S_gfxZzSlvJpQ.mYfYo_uBykeL5aXEOQZrViFC6I21BjnNxa8XH2tl4f8'.
10/30/23 11:00:01 923      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ValidateTokenContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Protection+ValidateIdentityModelToken.
10/30/23 11:00:01 923      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ValidateTokenContext was marked as rejected by OpenIddict.Validation.OpenIddictValidationHandlers+Protection+ValidateIdentityModelToken.
10/30/23 11:00:01 923      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+ValidateAccessToken.
10/30/23 11:00:01 923      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was marked as rejected by OpenIddict.Validation.OpenIddictValidationHandlers+ValidateAccessToken.
10/30/23 11:00:01 923      INFO      OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler  - OpenIddict.Validation.AspNetCore was not authenticated. Failure message: An error occurred while authenticating the current request.
10/30/23 11:00:01 923      INFO      Microsoft.AspNetCore.Authorization.DefaultAuthorizationService  - Authorization failed. These requirements were not met:
DenyAnonymousAuthorizationRequirement: Requires an authenticated user.
10/30/23 11:00:01 923      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ResolveHostChallengeProperties.
10/30/23 11:00:01 923      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+AttachHostChallengeError.
10/30/23 11:00:01 923      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+AttachDefaultChallengeError.
10/30/23 11:00:01 923      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+AttachCustomChallengeParameters.
10/30/23 11:00:01 923      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+AttachHttpResponseCode`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 923      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+AttachCacheControlHeader`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 923      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+AttachWwwAuthenticateHeader`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 923      INFO      OpenIddict.Validation.OpenIddictValidationDispatcher  - The response was successfully returned as a challenge response: {
  "error": "invalid_token",
  "error_description": "The specified token is invalid.",
  "error_uri": "https://documentation.openiddict.com/errors/ID2004"
}.
10/30/23 11:00:01 923      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ProcessChallengeErrorResponse`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 923      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was marked as handled by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ProcessChallengeErrorResponse`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 923      INFO      OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler  - AuthenticationScheme: OpenIddict.Validation.AspNetCore was challenged.
10/30/23 11:00:01 923      DEBUG     Microsoft.AspNetCore.Server.Kestrel.Connections  - Connection id "0HMUPE841J1PC" completed keep alive response.
10/30/23 11:00:01 923      INFO      Microsoft.AspNetCore.Hosting.Diagnostics  - Request finished HTTP/1.1 POST https://localhost:7224/api/v1/Gage/ application/json;+charset=utf-8 - - 401 0 - 17.4133ms
10/30/23 11:00:01 923      DEBUG     Microsoft.AspNetCore.Server.Kestrel  - Connection id "0HMUPE841J1PC", Request id "0HMUPE841J1PC:00000002": started reading request body.
10/30/23 11:00:01 923      DEBUG     Microsoft.AspNetCore.Server.Kestrel  - Connection id "0HMUPE841J1PC", Request id "0HMUPE841J1PC:00000002": done reading request body.
10/30/23 11:00:01 954      INFO      Microsoft.AspNetCore.Hosting.Diagnostics  - Request starting HTTP/1.1 PUT https://localhost:7224/api/v1/Gage/ application/json;+charset=utf-8 -
10/30/23 11:00:01 954      TRACE     Microsoft.AspNetCore.HostFiltering.HostFilteringMiddleware  - All hosts are allowed.
10/30/23 11:00:01 954      DEBUG     Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware  - PUT requests are not supported
10/30/23 11:00:01 954      DEBUG     Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware  - PUT requests are not supported
10/30/23 11:00:01 954      DEBUG     Microsoft.AspNetCore.Routing.Matching.DfaMatcher  - 1 candidate(s) found for the request path '/api/v1/Gage/'
10/30/23 11:00:01 954      DEBUG     Microsoft.AspNetCore.Routing.Matching.DfaMatcher  - Endpoint 'Gt.ApiControllers.GageController.Put (Gt.ApiControllers)' with route pattern 'api/v{version:apiVersion}/Gage' is valid for the request path '/api/v1/Gage/'
10/30/23 11:00:01 954      DEBUG     Microsoft.AspNetCore.Routing.EndpointRoutingMiddleware  - Request matched endpoint 'Gt.ApiControllers.GageController.Put (Gt.ApiControllers)'
10/30/23 11:00:01 954      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessRequestContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ResolveRequestUri.
10/30/23 11:00:01 954      DEBUG     Microsoft.AspNetCore.Authentication.Certificate.CertificateAuthenticationHandler  - No client certificate found.
10/30/23 11:00:01 954      DEBUG     Microsoft.AspNetCore.Authentication.Certificate.CertificateAuthenticationHandler  - AuthenticationScheme: Certificate was not authenticated.
10/30/23 11:00:01 954      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ValidateHostHeader.
10/30/23 11:00:01 954      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+EvaluateValidatedTokens.
10/30/23 11:00:01 954      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromAuthorizationHeader.
10/30/23 11:00:01 954      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromBodyForm.
10/30/23 11:00:01 954      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromQueryString.
10/30/23 11:00:01 954      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+ValidateRequiredTokens.
10/30/23 11:00:01 954      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+ResolveServerConfiguration.
10/30/23 11:00:01 954      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ValidateTokenContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Protection+ResolveTokenValidationParameters.
10/30/23 11:00:01 954      TRACE     OpenIddict.Validation.OpenIddictValidationDispatcher  - An error occurred while validating the token 'eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZDQkMtSFM1MTIiLCJraWQiOiJPRkZBTkhOUklVT0pIQ0dDR0E0QlpFQ1UxUUZDVVJISlFaWFNCSk0yIiwidHlwIjoiYXQrand0IiwiY3R5IjoiSldUIn0.Elr40DUn4foNw-O8PtODWH6RBgc0hC_-g50eY0IyvcKU_waTgh4JRPG-JAzO215nc8F3ickxum2c8scOs6z3h0YpzFbDuB5pRNbx5CxVFcskpnpNOQF-esMyCFes-AtBBEaRsr88uucE7FRXnDnAsWKKRxKm1MiwXralEHfA1je5YxxasNatvRfCzjUENDDj01kYjfoQUHrkpeHbcx40SKpD0isaipl67636WDppUCuLlzN8_wcoDt90JmNj4g-5pNM_V_nqfyGuxKX7jLso-Tovyzou0ogzsH1smeOcE6eiiHdhKnddG3Pf5l7XVtspcZL1n3AipEw-pq3sglIqYQ.imj_GJx6vP2k3hpIDPs8wQ.30RjVM7VvPFj_YDBLEmOTEKyhk5iWWzLdF5lGzkv-jx5_4P1UhSPiHAd2Jv3GCKaURR1Ax_J0sRKgVlCtJAH4VsidvXj3F_kdGOA6QbQWBReX6hykUibMsJ6cl8sjqINLzB-UOJKNrr21Y1cxRanXqIP6BZI0dpJsXu-3Czj66Gf_A6ggJHufz2UL7Q6ASXIGZiEO8t0JXd8n_7d2elohHYbyZYx-0owEzQzHz8B8_uK6HFPFjUljp18Ek7E0B8rkPuRZtT7TWl6l1KBtR1oBjH4IH3cO4QY6oN2tLqYyb1ToZShjF7gNP2BffMBDtHS-sKDCo4ZYvhkzBmhETgYMWMlHa9Dz7rgejsUBk_YtiQ8wn_ZpiSSLcNJmkGmpYDZAoGzYX4Fd60q3sNuA3biZFkRfuFnFUFFcBGtCSsHewZzNxW7SktQ3VbPqZHfE4Ibp5PiIuh9jpKDZ5968MEEYfFb6XaonB_CxR8kjUX0n-rxFMKQGtq7Aa4Lax8fm9c5x84ucDdGWJy-ydOcGIZykRt8rnzyD04J12JycaZYU0tdlXV8rCL9oZEUQJ8aD91Tlj6SeRxrE-3s3KLqXg3NV2117xmP18bLR3HFZx5SXiwycREEkOVhTamUsP_2p-TZY06aAlL6m-bOQe4gGeIMxDUgKdynXMyU0zTR3Ke3IxcZC_JO80SHIdm6YwR6LadzefmPMZTRWygCylXv-Ztx4X2-40Fh_A--TEKt7v6TESDPH2jL90ghZn8jdEUmt-QBQB6O3nKaJsej_L_al-jODBoye0K-2M1A-Ik1_q4b1iwwsLFcAPvTtCC9TqVncMXLGj2Lb0uXNGesQGMdK5DgJlatcMmf07dmO3GJWlHlc-KaMVstwntw9Avb-lFcZLF0nogMSdPUn2HGm7Dmmb7JKa9gQtxKW_NENbCRIhLlEGccqutIQbeqxkNPN2eBs7v8cJCYgZt3LFaleUTAUROeyG1jYWZLBy90-0ABKZt5ts5e1WmQ1kWIJMR5ktRAxE2jitpKyimACNkhbBzoKHA69wv_DM5pCAVjiky4bB8u4M6E1gS_d4lTMwWC2g71twPgP_cFr2cFfdt2jIUCSwgcdeZI72SlAsidxv1HG4bC2cr-imMQe7afkaOmn49bbZK_ikyRadnAjrQkZO6fat_kReAKvk6zVaNjDddoUR5pplCqdSWQZxLYzOc4WnahBBZRqHe5NoKb7Oh55JfLkIjuiqb09KyenQ_9n7Pk9za8HwbH4SIjDu9S_gfxZzSlvJpQ.mYfYo_uBykeL5aXEOQZrViFC6I21BjnNxa8XH2tl4f8'.
10/30/23 11:00:01 954      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ValidateTokenContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Protection+ValidateIdentityModelToken.
10/30/23 11:00:01 954      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ValidateTokenContext was marked as rejected by OpenIddict.Validation.OpenIddictValidationHandlers+Protection+ValidateIdentityModelToken.
10/30/23 11:00:01 954      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+ValidateAccessToken.
10/30/23 11:00:01 954      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was marked as rejected by OpenIddict.Validation.OpenIddictValidationHandlers+ValidateAccessToken.
10/30/23 11:00:01 954      INFO      OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler  - OpenIddict.Validation.AspNetCore was not authenticated. Failure message: An error occurred while authenticating the current request.
10/30/23 11:00:01 954      INFO      Microsoft.AspNetCore.Authorization.DefaultAuthorizationService  - Authorization failed. These requirements were not met:
DenyAnonymousAuthorizationRequirement: Requires an authenticated user.
10/30/23 11:00:01 954      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ResolveHostChallengeProperties.
10/30/23 11:00:01 954      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+AttachHostChallengeError.
10/30/23 11:00:01 954      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+AttachDefaultChallengeError.
10/30/23 11:00:01 954      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+AttachCustomChallengeParameters.
10/30/23 11:00:01 954      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+AttachHttpResponseCode`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 954      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+AttachCacheControlHeader`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 954      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+AttachWwwAuthenticateHeader`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 954      INFO      OpenIddict.Validation.OpenIddictValidationDispatcher  - The response was successfully returned as a challenge response: {
  "error": "invalid_token",
  "error_description": "The specified token is invalid.",
  "error_uri": "https://documentation.openiddict.com/errors/ID2004"
}.
10/30/23 11:00:01 954      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ProcessChallengeErrorResponse`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 954      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was marked as handled by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ProcessChallengeErrorResponse`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 954      INFO      OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler  - AuthenticationScheme: OpenIddict.Validation.AspNetCore was challenged.
10/30/23 11:00:01 954      DEBUG     Microsoft.AspNetCore.Server.Kestrel.Connections  - Connection id "0HMUPE841J1PC" completed keep alive response.
10/30/23 11:00:01 954      INFO      Microsoft.AspNetCore.Hosting.Diagnostics  - Request finished HTTP/1.1 PUT https://localhost:7224/api/v1/Gage/ application/json;+charset=utf-8 - - 401 0 - 11.3236ms
10/30/23 11:00:01 954      DEBUG     Microsoft.AspNetCore.Server.Kestrel  - Connection id "0HMUPE841J1PC", Request id "0HMUPE841J1PC:00000003": started reading request body.
10/30/23 11:00:01 954      DEBUG     Microsoft.AspNetCore.Server.Kestrel  - Connection id "0HMUPE841J1PC", Request id "0HMUPE841J1PC:00000003": done reading request body.
10/30/23 11:00:01 954      INFO      Microsoft.AspNetCore.Hosting.Diagnostics  - Request starting HTTP/1.1 GET https://localhost:7224/api/v1/Gage/0 - -
10/30/23 11:00:01 954      TRACE     Microsoft.AspNetCore.HostFiltering.HostFilteringMiddleware  - All hosts are allowed.
10/30/23 11:00:01 954      DEBUG     Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware  - The request path  does not match the path filter
10/30/23 11:00:01 954      DEBUG     Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware  - The request path /api/v1/Gage/0 does not match a supported file type
10/30/23 11:00:01 954      DEBUG     Microsoft.AspNetCore.Routing.Matching.DfaMatcher  - 2 candidate(s) found for the request path '/api/v1/Gage/0'
10/30/23 11:00:01 954      DEBUG     Microsoft.AspNetCore.Routing.Matching.DfaMatcher  - Endpoint 'Gt.ApiControllers.GageController.GetGage (Gt.ApiControllers)' with route pattern 'api/v{version:apiVersion}/Gage/{id}' is valid for the request path '/api/v1/Gage/0'
10/30/23 11:00:01 954      DEBUG     Microsoft.AspNetCore.Routing.Matching.DfaMatcher  - Endpoint 'Fallback {*path:nonfile}' with route pattern '{*path:nonfile}' is valid for the request path '/api/v1/Gage/0'
10/30/23 11:00:01 954      DEBUG     Microsoft.AspNetCore.Routing.EndpointRoutingMiddleware  - Request matched endpoint 'Gt.ApiControllers.GageController.GetGage (Gt.ApiControllers)'
10/30/23 11:00:01 954      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessRequestContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ResolveRequestUri.
10/30/23 11:00:01 954      DEBUG     Microsoft.AspNetCore.Authentication.Certificate.CertificateAuthenticationHandler  - No client certificate found.
10/30/23 11:00:01 954      DEBUG     Microsoft.AspNetCore.Authentication.Certificate.CertificateAuthenticationHandler  - AuthenticationScheme: Certificate was not authenticated.
10/30/23 11:00:01 954      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ValidateHostHeader.
10/30/23 11:00:01 954      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+EvaluateValidatedTokens.
10/30/23 11:00:01 954      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromAuthorizationHeader.
10/30/23 11:00:01 954      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromBodyForm.
10/30/23 11:00:01 954      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromQueryString.
10/30/23 11:00:01 954      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+ValidateRequiredTokens.
10/30/23 11:00:01 954      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+ResolveServerConfiguration.
10/30/23 11:00:01 954      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ValidateTokenContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Protection+ResolveTokenValidationParameters.
10/30/23 11:00:01 954      TRACE     OpenIddict.Validation.OpenIddictValidationDispatcher  - An error occurred while validating the token 'eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZDQkMtSFM1MTIiLCJraWQiOiJPRkZBTkhOUklVT0pIQ0dDR0E0QlpFQ1UxUUZDVVJISlFaWFNCSk0yIiwidHlwIjoiYXQrand0IiwiY3R5IjoiSldUIn0.Elr40DUn4foNw-O8PtODWH6RBgc0hC_-g50eY0IyvcKU_waTgh4JRPG-JAzO215nc8F3ickxum2c8scOs6z3h0YpzFbDuB5pRNbx5CxVFcskpnpNOQF-esMyCFes-AtBBEaRsr88uucE7FRXnDnAsWKKRxKm1MiwXralEHfA1je5YxxasNatvRfCzjUENDDj01kYjfoQUHrkpeHbcx40SKpD0isaipl67636WDppUCuLlzN8_wcoDt90JmNj4g-5pNM_V_nqfyGuxKX7jLso-Tovyzou0ogzsH1smeOcE6eiiHdhKnddG3Pf5l7XVtspcZL1n3AipEw-pq3sglIqYQ.imj_GJx6vP2k3hpIDPs8wQ.30RjVM7VvPFj_YDBLEmOTEKyhk5iWWzLdF5lGzkv-jx5_4P1UhSPiHAd2Jv3GCKaURR1Ax_J0sRKgVlCtJAH4VsidvXj3F_kdGOA6QbQWBReX6hykUibMsJ6cl8sjqINLzB-UOJKNrr21Y1cxRanXqIP6BZI0dpJsXu-3Czj66Gf_A6ggJHufz2UL7Q6ASXIGZiEO8t0JXd8n_7d2elohHYbyZYx-0owEzQzHz8B8_uK6HFPFjUljp18Ek7E0B8rkPuRZtT7TWl6l1KBtR1oBjH4IH3cO4QY6oN2tLqYyb1ToZShjF7gNP2BffMBDtHS-sKDCo4ZYvhkzBmhETgYMWMlHa9Dz7rgejsUBk_YtiQ8wn_ZpiSSLcNJmkGmpYDZAoGzYX4Fd60q3sNuA3biZFkRfuFnFUFFcBGtCSsHewZzNxW7SktQ3VbPqZHfE4Ibp5PiIuh9jpKDZ5968MEEYfFb6XaonB_CxR8kjUX0n-rxFMKQGtq7Aa4Lax8fm9c5x84ucDdGWJy-ydOcGIZykRt8rnzyD04J12JycaZYU0tdlXV8rCL9oZEUQJ8aD91Tlj6SeRxrE-3s3KLqXg3NV2117xmP18bLR3HFZx5SXiwycREEkOVhTamUsP_2p-TZY06aAlL6m-bOQe4gGeIMxDUgKdynXMyU0zTR3Ke3IxcZC_JO80SHIdm6YwR6LadzefmPMZTRWygCylXv-Ztx4X2-40Fh_A--TEKt7v6TESDPH2jL90ghZn8jdEUmt-QBQB6O3nKaJsej_L_al-jODBoye0K-2M1A-Ik1_q4b1iwwsLFcAPvTtCC9TqVncMXLGj2Lb0uXNGesQGMdK5DgJlatcMmf07dmO3GJWlHlc-KaMVstwntw9Avb-lFcZLF0nogMSdPUn2HGm7Dmmb7JKa9gQtxKW_NENbCRIhLlEGccqutIQbeqxkNPN2eBs7v8cJCYgZt3LFaleUTAUROeyG1jYWZLBy90-0ABKZt5ts5e1WmQ1kWIJMR5ktRAxE2jitpKyimACNkhbBzoKHA69wv_DM5pCAVjiky4bB8u4M6E1gS_d4lTMwWC2g71twPgP_cFr2cFfdt2jIUCSwgcdeZI72SlAsidxv1HG4bC2cr-imMQe7afkaOmn49bbZK_ikyRadnAjrQkZO6fat_kReAKvk6zVaNjDddoUR5pplCqdSWQZxLYzOc4WnahBBZRqHe5NoKb7Oh55JfLkIjuiqb09KyenQ_9n7Pk9za8HwbH4SIjDu9S_gfxZzSlvJpQ.mYfYo_uBykeL5aXEOQZrViFC6I21BjnNxa8XH2tl4f8'.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ValidateTokenContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Protection+ValidateIdentityModelToken.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ValidateTokenContext was marked as rejected by OpenIddict.Validation.OpenIddictValidationHandlers+Protection+ValidateIdentityModelToken.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+ValidateAccessToken.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was marked as rejected by OpenIddict.Validation.OpenIddictValidationHandlers+ValidateAccessToken.
10/30/23 11:00:01 970      INFO      OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler  - OpenIddict.Validation.AspNetCore was not authenticated. Failure message: An error occurred while authenticating the current request.
10/30/23 11:00:01 970      INFO      Microsoft.AspNetCore.Authorization.DefaultAuthorizationService  - Authorization failed. These requirements were not met:
DenyAnonymousAuthorizationRequirement: Requires an authenticated user.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ResolveHostChallengeProperties.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+AttachHostChallengeError.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+AttachDefaultChallengeError.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+AttachCustomChallengeParameters.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+AttachHttpResponseCode`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+AttachCacheControlHeader`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+AttachWwwAuthenticateHeader`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 970      INFO      OpenIddict.Validation.OpenIddictValidationDispatcher  - The response was successfully returned as a challenge response: {
  "error": "invalid_token",
  "error_description": "The specified token is invalid.",
  "error_uri": "https://documentation.openiddict.com/errors/ID2004"
}.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ProcessChallengeErrorResponse`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was marked as handled by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ProcessChallengeErrorResponse`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 970      INFO      OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler  - AuthenticationScheme: OpenIddict.Validation.AspNetCore was challenged.
10/30/23 11:00:01 970      DEBUG     Microsoft.AspNetCore.Server.Kestrel.Connections  - Connection id "0HMUPE841J1PC" completed keep alive response.
10/30/23 11:00:01 970      INFO      Microsoft.AspNetCore.Hosting.Diagnostics  - Request finished HTTP/1.1 GET https://localhost:7224/api/v1/Gage/0 - - - 401 0 - 6.6410ms
10/30/23 11:00:01 970      INFO      Microsoft.AspNetCore.Hosting.Diagnostics  - Request starting HTTP/1.1 DELETE https://localhost:7224/api/v1/Gage/0 - -
10/30/23 11:00:01 970      TRACE     Microsoft.AspNetCore.HostFiltering.HostFilteringMiddleware  - All hosts are allowed.
10/30/23 11:00:01 970      DEBUG     Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware  - DELETE requests are not supported
10/30/23 11:00:01 970      DEBUG     Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware  - DELETE requests are not supported
10/30/23 11:00:01 970      DEBUG     Microsoft.AspNetCore.Routing.Matching.DfaMatcher  - 1 candidate(s) found for the request path '/api/v1/Gage/0'
10/30/23 11:00:01 970      DEBUG     Microsoft.AspNetCore.Routing.Matching.DfaMatcher  - Endpoint 'Gt.ApiControllers.GageController.Delete (Gt.ApiControllers)' with route pattern 'api/v{version:apiVersion}/Gage/{id}' is valid for the request path '/api/v1/Gage/0'
10/30/23 11:00:01 970      DEBUG     Microsoft.AspNetCore.Routing.EndpointRoutingMiddleware  - Request matched endpoint 'Gt.ApiControllers.GageController.Delete (Gt.ApiControllers)'
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessRequestContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ResolveRequestUri.
10/30/23 11:00:01 970      DEBUG     Microsoft.AspNetCore.Authentication.Certificate.CertificateAuthenticationHandler  - No client certificate found.
10/30/23 11:00:01 970      DEBUG     Microsoft.AspNetCore.Authentication.Certificate.CertificateAuthenticationHandler  - AuthenticationScheme: Certificate was not authenticated.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ValidateHostHeader.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+EvaluateValidatedTokens.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromAuthorizationHeader.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromBodyForm.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromQueryString.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+ValidateRequiredTokens.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+ResolveServerConfiguration.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ValidateTokenContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Protection+ResolveTokenValidationParameters.
10/30/23 11:00:01 970      TRACE     OpenIddict.Validation.OpenIddictValidationDispatcher  - An error occurred while validating the token 'eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZDQkMtSFM1MTIiLCJraWQiOiJPRkZBTkhOUklVT0pIQ0dDR0E0QlpFQ1UxUUZDVVJISlFaWFNCSk0yIiwidHlwIjoiYXQrand0IiwiY3R5IjoiSldUIn0.Elr40DUn4foNw-O8PtODWH6RBgc0hC_-g50eY0IyvcKU_waTgh4JRPG-JAzO215nc8F3ickxum2c8scOs6z3h0YpzFbDuB5pRNbx5CxVFcskpnpNOQF-esMyCFes-AtBBEaRsr88uucE7FRXnDnAsWKKRxKm1MiwXralEHfA1je5YxxasNatvRfCzjUENDDj01kYjfoQUHrkpeHbcx40SKpD0isaipl67636WDppUCuLlzN8_wcoDt90JmNj4g-5pNM_V_nqfyGuxKX7jLso-Tovyzou0ogzsH1smeOcE6eiiHdhKnddG3Pf5l7XVtspcZL1n3AipEw-pq3sglIqYQ.imj_GJx6vP2k3hpIDPs8wQ.30RjVM7VvPFj_YDBLEmOTEKyhk5iWWzLdF5lGzkv-jx5_4P1UhSPiHAd2Jv3GCKaURR1Ax_J0sRKgVlCtJAH4VsidvXj3F_kdGOA6QbQWBReX6hykUibMsJ6cl8sjqINLzB-UOJKNrr21Y1cxRanXqIP6BZI0dpJsXu-3Czj66Gf_A6ggJHufz2UL7Q6ASXIGZiEO8t0JXd8n_7d2elohHYbyZYx-0owEzQzHz8B8_uK6HFPFjUljp18Ek7E0B8rkPuRZtT7TWl6l1KBtR1oBjH4IH3cO4QY6oN2tLqYyb1ToZShjF7gNP2BffMBDtHS-sKDCo4ZYvhkzBmhETgYMWMlHa9Dz7rgejsUBk_YtiQ8wn_ZpiSSLcNJmkGmpYDZAoGzYX4Fd60q3sNuA3biZFkRfuFnFUFFcBGtCSsHewZzNxW7SktQ3VbPqZHfE4Ibp5PiIuh9jpKDZ5968MEEYfFb6XaonB_CxR8kjUX0n-rxFMKQGtq7Aa4Lax8fm9c5x84ucDdGWJy-ydOcGIZykRt8rnzyD04J12JycaZYU0tdlXV8rCL9oZEUQJ8aD91Tlj6SeRxrE-3s3KLqXg3NV2117xmP18bLR3HFZx5SXiwycREEkOVhTamUsP_2p-TZY06aAlL6m-bOQe4gGeIMxDUgKdynXMyU0zTR3Ke3IxcZC_JO80SHIdm6YwR6LadzefmPMZTRWygCylXv-Ztx4X2-40Fh_A--TEKt7v6TESDPH2jL90ghZn8jdEUmt-QBQB6O3nKaJsej_L_al-jODBoye0K-2M1A-Ik1_q4b1iwwsLFcAPvTtCC9TqVncMXLGj2Lb0uXNGesQGMdK5DgJlatcMmf07dmO3GJWlHlc-KaMVstwntw9Avb-lFcZLF0nogMSdPUn2HGm7Dmmb7JKa9gQtxKW_NENbCRIhLlEGccqutIQbeqxkNPN2eBs7v8cJCYgZt3LFaleUTAUROeyG1jYWZLBy90-0ABKZt5ts5e1WmQ1kWIJMR5ktRAxE2jitpKyimACNkhbBzoKHA69wv_DM5pCAVjiky4bB8u4M6E1gS_d4lTMwWC2g71twPgP_cFr2cFfdt2jIUCSwgcdeZI72SlAsidxv1HG4bC2cr-imMQe7afkaOmn49bbZK_ikyRadnAjrQkZO6fat_kReAKvk6zVaNjDddoUR5pplCqdSWQZxLYzOc4WnahBBZRqHe5NoKb7Oh55JfLkIjuiqb09KyenQ_9n7Pk9za8HwbH4SIjDu9S_gfxZzSlvJpQ.mYfYo_uBykeL5aXEOQZrViFC6I21BjnNxa8XH2tl4f8'.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ValidateTokenContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Protection+ValidateIdentityModelToken.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ValidateTokenContext was marked as rejected by OpenIddict.Validation.OpenIddictValidationHandlers+Protection+ValidateIdentityModelToken.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+ValidateAccessToken.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was marked as rejected by OpenIddict.Validation.OpenIddictValidationHandlers+ValidateAccessToken.
10/30/23 11:00:01 970      INFO      OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler  - OpenIddict.Validation.AspNetCore was not authenticated. Failure message: An error occurred while authenticating the current request.
10/30/23 11:00:01 970      INFO      Microsoft.AspNetCore.Authorization.DefaultAuthorizationService  - Authorization failed. These requirements were not met:
DenyAnonymousAuthorizationRequirement: Requires an authenticated user.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ResolveHostChallengeProperties.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+AttachHostChallengeError.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+AttachDefaultChallengeError.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+AttachCustomChallengeParameters.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+AttachHttpResponseCode`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+AttachCacheControlHeader`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+AttachWwwAuthenticateHeader`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 970      INFO      OpenIddict.Validation.OpenIddictValidationDispatcher  - The response was successfully returned as a challenge response: {
  "error": "invalid_token",
  "error_description": "The specified token is invalid.",
  "error_uri": "https://documentation.openiddict.com/errors/ID2004"
}.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ProcessChallengeErrorResponse`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was marked as handled by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ProcessChallengeErrorResponse`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 970      INFO      OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler  - AuthenticationScheme: OpenIddict.Validation.AspNetCore was challenged.
10/30/23 11:00:01 970      DEBUG     Microsoft.AspNetCore.Server.Kestrel.Connections  - Connection id "0HMUPE841J1PC" completed keep alive response.
10/30/23 11:00:01 970      INFO      Microsoft.AspNetCore.Hosting.Diagnostics  - Request finished HTTP/1.1 DELETE https://localhost:7224/api/v1/Gage/0 - - - 401 0 - 5.4508ms
10/30/23 11:00:01 970      INFO      Microsoft.AspNetCore.Hosting.Diagnostics  - Request starting HTTP/1.1 GET https://localhost:7224/api/v1/Gage/0 - -
10/30/23 11:00:01 970      TRACE     Microsoft.AspNetCore.HostFiltering.HostFilteringMiddleware  - All hosts are allowed.
10/30/23 11:00:01 970      DEBUG     Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware  - The request path  does not match the path filter
10/30/23 11:00:01 970      DEBUG     Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware  - The request path /api/v1/Gage/0 does not match a supported file type
10/30/23 11:00:01 970      DEBUG     Microsoft.AspNetCore.Routing.Matching.DfaMatcher  - 2 candidate(s) found for the request path '/api/v1/Gage/0'
10/30/23 11:00:01 970      DEBUG     Microsoft.AspNetCore.Routing.Matching.DfaMatcher  - Endpoint 'Gt.ApiControllers.GageController.GetGage (Gt.ApiControllers)' with route pattern 'api/v{version:apiVersion}/Gage/{id}' is valid for the request path '/api/v1/Gage/0'
10/30/23 11:00:01 970      DEBUG     Microsoft.AspNetCore.Routing.Matching.DfaMatcher  - Endpoint 'Fallback {*path:nonfile}' with route pattern '{*path:nonfile}' is valid for the request path '/api/v1/Gage/0'
10/30/23 11:00:01 970      DEBUG     Microsoft.AspNetCore.Routing.EndpointRoutingMiddleware  - Request matched endpoint 'Gt.ApiControllers.GageController.GetGage (Gt.ApiControllers)'
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessRequestContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ResolveRequestUri.
10/30/23 11:00:01 970      DEBUG     Microsoft.AspNetCore.Authentication.Certificate.CertificateAuthenticationHandler  - No client certificate found.
10/30/23 11:00:01 970      DEBUG     Microsoft.AspNetCore.Authentication.Certificate.CertificateAuthenticationHandler  - AuthenticationScheme: Certificate was not authenticated.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ValidateHostHeader.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+EvaluateValidatedTokens.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromAuthorizationHeader.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromBodyForm.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromQueryString.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+ValidateRequiredTokens.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+ResolveServerConfiguration.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ValidateTokenContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Protection+ResolveTokenValidationParameters.
10/30/23 11:00:01 970      TRACE     OpenIddict.Validation.OpenIddictValidationDispatcher  - An error occurred while validating the token 'eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZDQkMtSFM1MTIiLCJraWQiOiJPRkZBTkhOUklVT0pIQ0dDR0E0QlpFQ1UxUUZDVVJISlFaWFNCSk0yIiwidHlwIjoiYXQrand0IiwiY3R5IjoiSldUIn0.Elr40DUn4foNw-O8PtODWH6RBgc0hC_-g50eY0IyvcKU_waTgh4JRPG-JAzO215nc8F3ickxum2c8scOs6z3h0YpzFbDuB5pRNbx5CxVFcskpnpNOQF-esMyCFes-AtBBEaRsr88uucE7FRXnDnAsWKKRxKm1MiwXralEHfA1je5YxxasNatvRfCzjUENDDj01kYjfoQUHrkpeHbcx40SKpD0isaipl67636WDppUCuLlzN8_wcoDt90JmNj4g-5pNM_V_nqfyGuxKX7jLso-Tovyzou0ogzsH1smeOcE6eiiHdhKnddG3Pf5l7XVtspcZL1n3AipEw-pq3sglIqYQ.imj_GJx6vP2k3hpIDPs8wQ.30RjVM7VvPFj_YDBLEmOTEKyhk5iWWzLdF5lGzkv-jx5_4P1UhSPiHAd2Jv3GCKaURR1Ax_J0sRKgVlCtJAH4VsidvXj3F_kdGOA6QbQWBReX6hykUibMsJ6cl8sjqINLzB-UOJKNrr21Y1cxRanXqIP6BZI0dpJsXu-3Czj66Gf_A6ggJHufz2UL7Q6ASXIGZiEO8t0JXd8n_7d2elohHYbyZYx-0owEzQzHz8B8_uK6HFPFjUljp18Ek7E0B8rkPuRZtT7TWl6l1KBtR1oBjH4IH3cO4QY6oN2tLqYyb1ToZShjF7gNP2BffMBDtHS-sKDCo4ZYvhkzBmhETgYMWMlHa9Dz7rgejsUBk_YtiQ8wn_ZpiSSLcNJmkGmpYDZAoGzYX4Fd60q3sNuA3biZFkRfuFnFUFFcBGtCSsHewZzNxW7SktQ3VbPqZHfE4Ibp5PiIuh9jpKDZ5968MEEYfFb6XaonB_CxR8kjUX0n-rxFMKQGtq7Aa4Lax8fm9c5x84ucDdGWJy-ydOcGIZykRt8rnzyD04J12JycaZYU0tdlXV8rCL9oZEUQJ8aD91Tlj6SeRxrE-3s3KLqXg3NV2117xmP18bLR3HFZx5SXiwycREEkOVhTamUsP_2p-TZY06aAlL6m-bOQe4gGeIMxDUgKdynXMyU0zTR3Ke3IxcZC_JO80SHIdm6YwR6LadzefmPMZTRWygCylXv-Ztx4X2-40Fh_A--TEKt7v6TESDPH2jL90ghZn8jdEUmt-QBQB6O3nKaJsej_L_al-jODBoye0K-2M1A-Ik1_q4b1iwwsLFcAPvTtCC9TqVncMXLGj2Lb0uXNGesQGMdK5DgJlatcMmf07dmO3GJWlHlc-KaMVstwntw9Avb-lFcZLF0nogMSdPUn2HGm7Dmmb7JKa9gQtxKW_NENbCRIhLlEGccqutIQbeqxkNPN2eBs7v8cJCYgZt3LFaleUTAUROeyG1jYWZLBy90-0ABKZt5ts5e1WmQ1kWIJMR5ktRAxE2jitpKyimACNkhbBzoKHA69wv_DM5pCAVjiky4bB8u4M6E1gS_d4lTMwWC2g71twPgP_cFr2cFfdt2jIUCSwgcdeZI72SlAsidxv1HG4bC2cr-imMQe7afkaOmn49bbZK_ikyRadnAjrQkZO6fat_kReAKvk6zVaNjDddoUR5pplCqdSWQZxLYzOc4WnahBBZRqHe5NoKb7Oh55JfLkIjuiqb09KyenQ_9n7Pk9za8HwbH4SIjDu9S_gfxZzSlvJpQ.mYfYo_uBykeL5aXEOQZrViFC6I21BjnNxa8XH2tl4f8'.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ValidateTokenContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Protection+ValidateIdentityModelToken.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ValidateTokenContext was marked as rejected by OpenIddict.Validation.OpenIddictValidationHandlers+Protection+ValidateIdentityModelToken.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+ValidateAccessToken.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was marked as rejected by OpenIddict.Validation.OpenIddictValidationHandlers+ValidateAccessToken.
10/30/23 11:00:01 970      INFO      OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler  - OpenIddict.Validation.AspNetCore was not authenticated. Failure message: An error occurred while authenticating the current request.
10/30/23 11:00:01 970      INFO      Microsoft.AspNetCore.Authorization.DefaultAuthorizationService  - Authorization failed. These requirements were not met:
DenyAnonymousAuthorizationRequirement: Requires an authenticated user.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ResolveHostChallengeProperties.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+AttachHostChallengeError.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+AttachDefaultChallengeError.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+AttachCustomChallengeParameters.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+AttachHttpResponseCode`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+AttachCacheControlHeader`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+AttachWwwAuthenticateHeader`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 970      INFO      OpenIddict.Validation.OpenIddictValidationDispatcher  - The response was successfully returned as a challenge response: {
  "error": "invalid_token",
  "error_description": "The specified token is invalid.",
  "error_uri": "https://documentation.openiddict.com/errors/ID2004"
}.
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ProcessChallengeErrorResponse`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 970      DEBUG     OpenIddict.Validation.OpenIddictValidationDispatcher  - The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was marked as handled by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ProcessChallengeErrorResponse`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=4.9.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
10/30/23 11:00:01 970      INFO      OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler  - AuthenticationScheme: OpenIddict.Validation.AspNetCore was challenged.
10/30/23 11:00:01 970      DEBUG     Microsoft.AspNetCore.Server.Kestrel.Connections  - Connection id "0HMUPE841J1PC" completed keep alive response.
10/30/23 11:00:01 970      INFO      Microsoft.AspNetCore.Hosting.Diagnostics  - Request finished HTTP/1.1 GET https://localhost:7224/api/v1/Gage/0 - - - 401 0 - 4.9885ms
kevinchalet commented 1 year ago

Unfortunately, these logs don't include the inner exceptions (the error details returned by IdentityModel are not present). Try to configure NLog to preserve them or use a different logging sink.

dgxhubbard commented 1 year ago

ok will take a bit thanks

kevinchalet commented 1 year ago

Note: I edited your recent posts to make them more readable. In your future posts, please wrap your code blocks by triple backticks to ensure they are easy to read 😃

dgxhubbard commented 1 year ago

will do thanks

dgxhubbard commented 1 year ago

I have the logging set for Trace. I get to the api with the access token but the the user cannot be autenticated. Below is new code for identity provider, web api and the client. The only thing I see in the log is below. I tried using custom cookie events but the ValidatePrincipal is not called. So I am stumped. I have been using Dantooine as an example. Any help you can provide is appreciated.

                builder.Services.AddAuthentication ( CookieAuthenticationDefaults.AuthenticationScheme )
                    .AddCookie ( options =>
                    {
                        options.EventsType = typeof ( CustomCookieAuthenticationEvents );
                    } );

                builder.Services.AddScoped<CustomCookieAuthenticationEvents> ();

Log

11/03/23 10:14:57 017      INFO      Gt.WebApi                  - Encrypton Cert gtcertserverEncryption.pfx
11/03/23 10:14:57 017      INFO      Gt.WebApi                  - Signing Cert gtcertserverSigning.pfx
11/03/23 10:14:57 637      INFO      Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager  - User profile is available. Using `C:\Users\dhubb\AppData\Local\ASP.NET\DataProtection-Keys` as key repository and Windows DPAPI to encrypt keys at rest.
11/03/23 10:14:57 902      WARN      Microsoft.AspNetCore.Server.Kestrel  - Overriding address(es) `https://localhost:7224`. Binding to endpoints defined via IConfiguration and/or UseKestrel() instead.
11/03/23 10:14:57 924      INFO      Microsoft.Hosting.Lifetime  - Now listening on: https://127.0.0.1:7224
11/03/23 10:14:57 924      INFO      Microsoft.Hosting.Lifetime  - Application started. Press Ctrl+C to shut down.
11/03/23 10:14:57 924      INFO      Microsoft.Hosting.Lifetime  - Hosting environment: Development
11/03/23 10:14:57 924      INFO      Microsoft.Hosting.Lifetime  - Content root path: C:\Repository\GtApi\bin\Debug
11/03/23 10:15:37 237      INFO      Microsoft.AspNetCore.Hosting.Diagnostics  - Request starting HTTP/1.1 GET https://localhost:7224/api/v1/Gage/ - -
11/03/23 10:15:37 339      INFO      Microsoft.AspNetCore.Authorization.DefaultAuthorizationService  - Authorization failed. These requirements were not met:
DenyAnonymousAuthorizationRequirement: Requires an authenticated user.
11/03/23 10:15:37 346      INFO      Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler  - AuthenticationScheme: Cookies was challenged.
11/03/23 10:15:37 346      INFO      Microsoft.AspNetCore.Hosting.Diagnostics  - Request finished HTTP/1.1 GET https://localhost:7224/api/v1/Gage/ - - - 302 0 - 113.8606ms
11/03/23 10:15:37 346      INFO      Microsoft.AspNetCore.Hosting.Diagnostics  - Request starting HTTP/1.1 GET https://localhost:7224/Account/Login?ReturnUrl=%2Fapi%2Fv1%2FGage%2F - -
11/03/23 10:15:37 346      INFO      Microsoft.AspNetCore.Routing.EndpointMiddleware  - Executing endpoint `Fallback {*path:nonfile}`
11/03/23 10:15:37 362      INFO      Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware  - Sending file. Request path: `/index.html`. Physical path: `C:\Repository\GtApi\Source\Web\Apps\Gt.WebApi\Client\wwwroot\index.html`
11/03/23 10:15:37 362      INFO      Microsoft.AspNetCore.Routing.EndpointMiddleware  - Executed endpoint `Fallback {*path:nonfile}`
11/03/23 10:15:37 362      INFO      Microsoft.AspNetCore.Hosting.Diagnostics  - Request finished HTTP/1.1 GET https://localhost:7224/Account/Login?ReturnUrl=%2Fapi%2Fv1%2FGage%2F - - - 200 1219 text/html 17.7664ms

Identity Provider

                var builder = WebApplication.CreateBuilder ( args );

                builder.Services.AddDbContext<AppDbContext> ( options =>
                {
                    var sqliteBuilder = new SQLiteConnectionStringBuilder ( connectionString );

                    sqliteBuilder.FailIfMissing = false;
                    sqliteBuilder.MaxPoolSize = 100;
                    sqliteBuilder.BinaryGUID = false;
                    sqliteBuilder.JournalMode = JournalMode.Off;
                    sqliteBuilder.Synchronous = SynchronizationMode.Normal;
                    sqliteBuilder.Pooling = true;

                    sqliteBuilder.LicenseKey = Gt.Model.GtContextFactory.SqliteKey;
                    connectionString = sqliteBuilder.ToString ();

                    options.UseSQLite ( connectionString );

                    // Register the entity sets needed by OpenIddict.
                    options.UseOpenIddict ();
                } );

                var ipAddress = IPAddress.Parse ( "127.0.0.1" );

                builder.WebHost.ConfigureKestrel (
                    options => 
                    {
                        var port = ports.IdpPort;
                        var pfxFilePath = certificates.EncryptionCert;
                        var pfxPassword = certificates.EncryptionPassword;

                        options.Listen (
                            ipAddress, port,

                            listenOptions => 
                            {
                                // Configure Kestrel to use a certificate from a local .PFX file for hosting HTTPS
                                listenOptions.UseHttps ( pfxFilePath, pfxPassword );
                            } );
                    } );

                // Add services to the container
                builder.Services.AddControllersWithViews ();

                builder.Services.AddOpenIddict ()

                    // Register the OpenIddict Core. components
                    .AddCore ( options =>
                    {
                        options.UseEntityFrameworkCore ()
                            .UseDbContext<AppDbContext> ();
                    } )

                    // Register the OpenIddict server components
                    .AddServer ( options =>
                    {
                        options
                            .SetAuthorizationEndpointUris ( "/connect/authorize" )
                            .SetTokenEndpointUris ( "/connect/token" )
                            .SetUserinfoEndpointUris ( "/connect/userinfo" );

                        options
                            .AllowAuthorizationCodeFlow ()
                            //.RequireProofKeyForCodeExchange ()
                            .AllowPasswordFlow ()
                            .AllowRefreshTokenFlow ()
                            .AllowClientCredentialsFlow ();

                        var xEncrypt = new X509Certificate2 ( File.ReadAllBytes ( certificates.EncryptionCert ), certificates.EncryptionPassword );
                        var xSigning = new X509Certificate2 ( File.ReadAllBytes ( certificates.SigningCert ), certificates.SigningPassword );

                        // Register the signing and encryption credentials used to protect
                        // sensitive data like the state tokens produced by OpenIddict.
                        options.AddEncryptionCertificate ( xEncrypt )
                               .AddSigningCertificate ( xSigning );

                        /*
                        // Register the signing and encryption credentials.
                        options.AddDevelopmentEncryptionCertificate ()
                               .AddDevelopmentSigningCertificate ();
                        */

                        // Register the ASP.NET Core. host and configure the ASP.NET Core.-specific options
                        options
                            .UseAspNetCore ()
                            .EnableTokenEndpointPassthrough ()
                            .EnableAuthorizationEndpointPassthrough ()
                            .EnableUserinfoEndpointPassthrough ();

                    } )

                // Register the OpenIddict validation components
                .AddValidation ( options =>
                {
                    // Import the configuration from the local OpenIddict server instance
                    options.UseLocalServer ();

                    // Register the ASP.NET Core. host
                    options.UseAspNetCore ();
                } );

                builder.Services.AddAuthorization ()
                    .AddAuthentication ( options =>
                    {
                        options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                    } )

                    .AddCookie ( options =>
                    {
                        options.LoginPath = "/login";
                        options.LogoutPath = "/logout";
                        options.ExpireTimeSpan = TimeSpan.FromMinutes ( 50 );
                        options.SlidingExpiration = false;
                    } );

                builder.Services.AddScoped<UserManager, UserManager> ();

                builder.Services.AddScoped ( sp =>
                {
                    var client = new HttpClient ();
                    client.BaseAddress = new Uri ( "https://localhost" + ":" + ports.IdpPort );
                    return client;
                } );

                builder.Services.AddRazorPages ();

                // NLog: Setup NLog for Dependency injection
                builder.Logging.ClearProviders ();
                builder.Logging.SetMinimumLevel ( Microsoft.Extensions.Logging.LogLevel.Trace );
                builder.Host.UseNLog ();

                var app = builder.Build ();

                // Configure the HTTP request pipeline.
                if ( !app.Environment.IsDevelopment () )
                {
                    app.UseExceptionHandler ( "/Error" );
                    // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
                    app.UseHsts ();
                }

                app.UseHttpsRedirection ();
                app.UseStaticFiles ();
                app.UseRouting ();
                app.UseHttpsRedirection ();

                // Create new application registrations matching the values configured in Zirku.Client and Zirku.Api1.
                // Note: in a real world application, this step should be part of a setup script.
                using ( var scope = app.Services.CreateAsyncScope () )
                {
                    var context = scope.ServiceProvider.GetRequiredService<AppDbContext> ();
                    context.Database.Migrate ();

                    CreateApplicationsAsync().GetAwaiter ().GetResult ();
                    CreateScopesAsync().GetAwaiter ().GetResult ();

                    async Task CreateApplicationsAsync ()
                    {
                        var manager = scope.ServiceProvider.GetRequiredService<IOpenIddictApplicationManager> ();

                        if ( await manager.FindByClientIdAsync ( "core_api_client" ) is null )
                        {
                            await manager.CreateAsync ( new OpenIddictApplicationDescriptor
                            {
                                ClientId = "core_api_client",
                                ConsentType = ConsentTypes.Implicit,

                                RedirectUris =
                            {
                                new Uri("http://localhost:7000/"),
                            },
                                Permissions =
                            {
                                Permissions.Endpoints.Authorization,
                                Permissions.Endpoints.Token,
                                Permissions.GrantTypes.AuthorizationCode,
                                Permissions.GrantTypes.RefreshToken,
                                Permissions.ResponseTypes.Code,
                                Permissions.Prefixes.Scope + "gtapi"
                            }

                            } );
                        }

                        if ( await manager.FindByClientIdAsync ( "core_api_console" ) is null )
                        {
                            await manager.CreateAsync ( new OpenIddictApplicationDescriptor
                            {
                                ClientId = "core_api_console",
                                ClientSecret = "E2B00F84-82D2-4D43-B081-B4B88283175A",
                                DisplayName = "My client application",
                                Permissions =
                            {
                                Permissions.Endpoints.Token,
                                Permissions.GrantTypes.ClientCredentials
                            }
                            } );
                        }
                    }

                    async Task CreateScopesAsync ()
                    {
                        var manager = scope.ServiceProvider.GetRequiredService<IOpenIddictScopeManager> ();

                        if ( await manager.FindByNameAsync ( "gtapi" ) is null )
                        {
                            await manager.CreateAsync ( new OpenIddictScopeDescriptor
                            {
                                Name = "gtapi",
                                Resources =
                            {
                                "resource_server_1"
                            }
                            } );
                        }

                    }

                }

                app.UseAuthentication ();
                app.UseAuthorization ();

                app.MapRazorPages ();
                app.MapControllers ();

                app.Run ();

Web Api

                var builder = WebApplication.CreateBuilder ( new WebApplicationOptions
                {
                    Args = args,
                    ContentRootPath = path
                } );

                var ipAddress = IPAddress.Parse ( "127.0.0.1" );

                builder.WebHost.ConfigureKestrel (
                    options =>
                    {
                        var port = ports.ApiPort;
                        var pfxFilePath = certificates.EncryptionCert;
                        var pfxPassword = certificates.EncryptionPassword;

                        options.Listen (
                            ipAddress, port,
                            listenOptions =>
                            {
                                // Configure Kestrel to use a certificate from a local .PFX file for hosting HTTPS
                                listenOptions.UseHttps ( pfxFilePath, pfxPassword );
                            } );
                    } );

                // Register the OpenIddict validation components.
                builder.Services.AddOpenIddict ()
                    .AddValidation ( options =>
                    {
                        // Note: the validation handler uses OpenID Connect discovery
                        // to retrieve the issuer signing keys used to validate tokens.
                        options.SetIssuer ( "https://localhost" + ":" + ports.IdpPort );
                        options.AddAudiences ( "resource_server_1" );

                        var xEncrypt = new X509Certificate2 ( File.ReadAllBytes ( certificates.EncryptionCert ), certificates.EncryptionPassword );

                        // Register the signing and encryption credentials used to protect
                        // sensitive data like the state tokens produced by OpenIddict.
                        options.AddEncryptionCertificate ( xEncrypt );

                        // Register the System.Net.Http integration.
                        options.UseSystemNetHttp ();

                        // Register the ASP.NET Core host.
                        options.UseAspNetCore ();
                    } );

                builder.Services.AddAuthorization ()
                    .AddAuthentication ( options =>
                    {
                        options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                    } )

                    .AddCookie ();

                /*
                builder.Services.AddAuthentication ( CookieAuthenticationDefaults.AuthenticationScheme )
                    .AddCookie ( options =>
                    {
                        options.EventsType = typeof ( CustomCookieAuthenticationEvents );
                    } );

                builder.Services.AddScoped<CustomCookieAuthenticationEvents> ();
                */

                builder.Host.UseWindowsService ();

                builder.Services.AddWindowsService ( options =>
                {
                    options.ServiceName = "Gt.WebApi";
                } );

                builder.Services.AddTransient<CertificateAuthenticationService> ();
                builder.Services.ConfigureAuthetication ();

                // Add services to the container.
                builder.Services.AddControllersWithViews ();
                builder.Services.AddRazorPages ();
                builder.Services.AddServerSideBlazor ();

                var apiAssembly = typeof ( Gt.ApiControllers.GageController ).Assembly;

                builder.Services.AddControllers ().
                    AddJsonOptions ( options =>
                    {
                        options.JsonSerializerOptions.PropertyNamingPolicy = null;
                        options.JsonSerializerOptions.ReferenceHandler = System.Text.Json.Serialization.ReferenceHandler.Preserve;

                    } ).
                    AddApplicationPart ( apiAssembly );

                // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
                builder.Services.AddEndpointsApiExplorer ();
                builder.Services.AddSwaggerGen ();

                builder.Services.AddApiVersioning ( opt =>
                {
                    opt.DefaultApiVersion = new Microsoft.AspNetCore.Mvc.ApiVersion ( 1, 0 );
                    opt.AssumeDefaultVersionWhenUnspecified = true;
                    opt.ReportApiVersions = true;
                    opt.ApiVersionReader =
                        ApiVersionReader.Combine ( new UrlSegmentApiVersionReader (),
                                                   new HeaderApiVersionReader ( "x-api-version" ),
                                                   new MediaTypeApiVersionReader ( "x-api-version" ) );
                } );

                // NLog: Setup NLog for Dependency injection
                builder.Logging.ClearProviders ();
                builder.Logging.SetMinimumLevel ( Microsoft.Extensions.Logging.LogLevel.Trace );
                builder.Host.UseNLog ();
                builder.Logging.AddConsole ();

                builder.Services.AddScoped ( sp => new HttpClient { BaseAddress = new Uri ( "https://localhost:" + ports.ApiPort ) } );
                builder.Services.AddLocalization ();

                builder.Services.AddScoped<UserManager, UserManager> ();

                var app = builder.Build ();

                app.UseSwagger ();
                app.UseSwaggerUI ( c =>
                {
                    c.SwaggerEndpoint ( "/swagger/v1/swagger.json", "GAGEtrak Web API V1" );
                } );

                // Configure the HTTP request pipeline.
                if ( app.Environment.IsDevelopment () )
                {
                    app.UseDeveloperExceptionPage ();

                    app.UseWebAssemblyDebugging ();
                }
                else
                {
                    app.UseExceptionHandler ( "/Error" );
                    // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
                    app.UseHsts ();
                }

                app.UseHttpsRedirection ();

                app.UseBlazorFrameworkFiles ();
                app.UseStaticFiles ();

                app.UseRouting ();

                app.UseAuthentication ();
                app.UseAuthorization ();

                app.MapRazorPages ();
                app.MapControllers ();
                app.MapFallbackToFile ( "index.html" );

                app.Run ();

Client

                var host = new HostBuilder ()
                    .ConfigureLogging ( options => options.AddDebug () )
                    .ConfigureServices ( services =>
                    {
                        services.AddDbContext<AppDbContext> ( options =>
                        {
                            options.UseSqlite ( connectionString );
                            options.UseOpenIddict ();
                        } );

                        services.AddOpenIddict ()

                            // Register the OpenIddict core components.
                            .AddCore ( options =>
                            {
                                // Configure OpenIddict to use the Entity Framework Core stores and models.
                                // Note: call ReplaceDefaultEntities() to replace the default OpenIddict entities.
                                options.UseEntityFrameworkCore ()
                                       .UseDbContext<AppDbContext> ();
                            } )

                            // Register the OpenIddict client components.
                            .AddClient ( options =>
                            {
                                // Note: this sample uses the authorization code flow,
                                // but you can enable the other flows if necessary.
                                options.AllowAuthorizationCodeFlow ()
                                       .AllowRefreshTokenFlow ();

                                var xEncrypt = new X509Certificate2 ( File.ReadAllBytes ( certificates.EncryptionCert ), certificates.EncryptionPassword );
                                var xSigning = new X509Certificate2 ( File.ReadAllBytes ( certificates.SigningCert ), certificates.SigningPassword );

                                // Register the signing and encryption credentials used to protect
                                // sensitive data like the state tokens produced by OpenIddict.
                                options.AddEncryptionCertificate ( xEncrypt )
                                       .AddSigningCertificate ( xSigning );

                                /*
                                // Register the signing and encryption credentials.
                                options.AddDevelopmentEncryptionCertificate ()
                                       .AddDevelopmentSigningCertificate ();
                                */

                                // Add the operating system integration.
                                options.UseSystemIntegration ()
                                       .SetAllowedEmbeddedWebServerPorts ( 7000 );

                                // Register the System.Net.Http integration and use the identity of the current
                                // assembly as a more specific user agent, which can be useful when dealing with
                                // providers that use the user agent as a way to throttle requests (e.g Reddit).
                                options.UseSystemNetHttp ()
                                       .SetProductInformation ( typeof ( Program ).Assembly );

                                // Add a client registration matching the client application definition in the server project.
                                options.AddRegistration ( new OpenIddictClientRegistration
                                {
                                    Issuer = new Uri ( "https://localhost:7296/", UriKind.Absolute ),

                                    ClientId = "core_api_client",
                                    RedirectUri = new Uri ( "http://localhost:7000/", UriKind.Absolute ),

                                    Scopes = { Scopes.OpenId, "gtapi" }
                                } );
                            } );

                        // Register the worker responsible for creating the database used to store tokens
                        // and adding the registry entries required to register the custom URI scheme.
                        //
                        // Note: in a real world application, this step should be part of a setup script.
                        services.AddHostedService<Worker> ();

                        // Register the background service responsible for handling the console interactions.
                        services.AddHostedService<InteractiveService> ();
                    } )
                    .UseConsoleLifetime ()
                    .Build ();

                await host.RunAsync ();

Interactive Service on Client

                Console.WriteLine ( "Press any key to start the authentication process." );
                await Task.Run ( Console.ReadKey ).WaitAsync ( stoppingToken );

                string accessToken = null;

                try
                {
                    // Ask OpenIddict to initiate the authentication flow (typically, by starting the system browser).
                    var result = await _service.ChallengeInteractivelyAsync ( new ()
                    {
                        CancellationToken = stoppingToken
                    } );

                    Console.WriteLine ( "System browser launched." );

                    // Wait for the user to complete the authorization process.
                    var res = await _service.AuthenticateInteractivelyAsync ( new ()
                    {
                        Nonce = result.Nonce
                    } );

                    accessToken = res.BackchannelAccessToken ?? res.FrontchannelAccessToken;

                }

                catch ( OperationCanceledException )
                {
                    Console.WriteLine ( "The authentication process was aborted." );
                    throw;
                }

                catch ( ProtocolException exception ) when ( exception.Error is Errors.AccessDenied )
                {
                    Console.WriteLine ( "The authorization was denied by the end user." );
                    throw;
                }

                catch ( Exception ex )
                {
                    Console.WriteLine ( "An error occurred while trying to authenticate the user." );
                    throw;
                }

                // initialize web utils
                var baseUrl = WebUtils.BaseUrl;
                WebUtils.Initialize ( baseUrl, accessToken );

                var url = WebUtils.GageApiUrl;

                var response = await WebUtils.Client.GetAsync ( url );

                var txt = response.Content.ReadAsStringAsync ();

                List<GageDto> items;
                if ( response.IsSuccessStatusCode )
                {
                    items = response.Content.ReadAsAsync<List<GageDto>> ().Result;
                }
                else
                {
                    Console.WriteLine ( "Internal server Error" );
                }

HttpClient Setup

        public static void Initialize ( string baseUrl, string accessToken )
        {
            if ( baseUrl == null )
                throw new InvalidOperationException ( "baseUrl required" );

            Client = new HttpClient ();

            Client.BaseAddress = new Uri ( baseUrl );
            Client.DefaultRequestHeaders.Accept.Clear ();
            Client.DefaultRequestHeaders.Add ( "Accept", "application/json" );

            Client.DefaultRequestHeaders.Accept.Add ( new MediaTypeWithQualityHeaderValue ( "application/json" ) );
            Client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue ( "Bearer", accessToken );

        }
kevinchalet commented 1 year ago

The new logs indicate the OpenIddict validation handler is not called at all, which is not surprising since you're using cookie authentication instead of token authentication in your Web API project. Is there a particular reason for doing that?

Assuming that is just a mistake, remove the cookie stuff from the Web API project and decorate your API controller with [Authorize(AuthenticationSchemes = OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme)] to force it to use token authentication.

dgxhubbard commented 1 year ago

That did trick thank you very much!!

kevinchalet commented 1 year ago

Glad to hear it's working 🎉

Thanks for sponsoring the project! ❤️

dgxhubbard commented 1 year ago

Your welcome!

kevinchalet commented 11 months ago

Doing some housecleaning, but feel free to reopen if you have additional questions.