connect/token is redirecting to GET endpoint?

[bruceharrison1984]

Question

I'm trying to run a basic test using the Docker compose setup, and I cannot seem to get Postman fetch an access token. The connect/token endpoint is redirect me away from POST and back to GET which results in the token request returning invalid_request.

I'm also seeing similar failures when using the browser to simply login to STS/Admin console through normal means, though the frequency seems random:

Am I totally missing something here?

Relevant parts of the log file

This log represents what happens when using Postman to retrieve and OAuth2 token:

[2022-06-15T15:03:02.0929884+00:00][INFO][54][Microsoft.AspNetCore.Hosting.Diagnostics] Request starting HTTP/1.1 GET http://sts.skoruba.local/connect/authorize?response_type=code&client_id=19ec170d-2f22-42b7-a640-bde275b2a62a&state=123&scope=openid%20patient%2F*.read&redirect_uri=https%3A%2F%2Fwww.getpostman.com%2Foauth2%2Fcallback&code_challenge=mtITMxEOcu_s7ZaO_qDw4DuX3UKomReB9LEu-Aib4IU&code_challenge_method=S256 - -
[2022-06-15T15:03:02.0973881+00:00][INFO][54][Microsoft.EntityFrameworkCore.Infrastructure] Entity Framework Core "6.0.1" initialized '"AdminIdentityDbContext"' using provider '"Microsoft.EntityFrameworkCore.SqlServer":"6.0.1"' with options: "MigrationsAssembly=Skoruba.Duende.IdentityServer.Admin.EntityFramework.Configuration "
[2022-06-15T15:03:02.1717119+00:00][INFO][54][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("1"ms) [Parameters=["@__p_0='?' (Size = 450)"], CommandType='Text', CommandTimeout='30']"\n""SELECT TOP(1) [u].[Id], [u].[AccessFailedCount], [u].[ConcurrencyStamp], [u].[Email], [u].[EmailConfirmed], [u].[LockoutEnabled], [u].[LockoutEnd], [u].[NormalizedEmail], [u].[NormalizedUserName], [u].[PasswordHash], [u].[PhoneNumber], [u].[PhoneNumberConfirmed], [u].[SecurityStamp], [u].[TwoFactorEnabled], [u].[UserName]\nFROM [Users] AS [u]\nWHERE [u].[Id] = @__p_0"
[2022-06-15T15:03:02.1786248+00:00][INFO][46][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("3"ms) [Parameters=["@__user_Id_0='?' (Size = 450)"], CommandType='Text', CommandTimeout='30']"\n""SELECT [u].[Id], [u].[ClaimType], [u].[ClaimValue], [u].[UserId]\nFROM [UserClaims] AS [u]\nWHERE [u].[UserId] = @__user_Id_0"
[2022-06-15T15:03:02.1841298+00:00][INFO][50][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("3"ms) [Parameters=["@__userId_0='?' (Size = 450)"], CommandType='Text', CommandTimeout='30']"\n""SELECT [r].[Name]\nFROM [UserRoles] AS [u]\nINNER JOIN [Roles] AS [r] ON [u].[RoleId] = [r].[Id]\nWHERE [u].[UserId] = @__userId_0"
[2022-06-15T15:03:02.1894758+00:00][INFO][46][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("3"ms) [Parameters=["@__normalizedName_0='?' (Size = 256)"], CommandType='Text', CommandTimeout='30']"\n""SELECT TOP(1) [r].[Id], [r].[ConcurrencyStamp], [r].[Name], [r].[NormalizedName]\nFROM [Roles] AS [r]\nWHERE [r].[NormalizedName] = @__normalizedName_0"
[2022-06-15T15:03:02.1926892+00:00][INFO][47][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("2"ms) [Parameters=["@__role_Id_0='?' (Size = 450)"], CommandType='Text', CommandTimeout='30']"\n""SELECT [r].[ClaimType], [r].[ClaimValue]\nFROM [RoleClaims] AS [r]\nWHERE [r].[RoleId] = @__role_Id_0"
[2022-06-15T15:03:02.1988838+00:00][DBUG][47][Duende.IdentityServer.Hosting.EndpointRouter] Request path "/connect/authorize" matched to endpoint type "Authorize"
[2022-06-15T15:03:02.1990064+00:00][DBUG][47][Duende.IdentityServer.Hosting.EndpointRouter] Endpoint enabled: "Authorize", successfully created handler: "Duende.IdentityServer.Endpoints.AuthorizeEndpoint"
[2022-06-15T15:03:02.1990321+00:00][INFO][47][Duende.IdentityServer.Hosting.IdentityServerMiddleware] Invoking IdentityServer endpoint: "Duende.IdentityServer.Endpoints.AuthorizeEndpoint" for "/connect/authorize"
[2022-06-15T15:03:02.1990481+00:00][DBUG][47][Duende.IdentityServer.Endpoints.AuthorizeEndpoint] Start authorize request
[2022-06-15T15:03:02.1991189+00:00][DBUG][47][Duende.IdentityServer.Endpoints.AuthorizeEndpoint] User in authorize request: "4de25dfb-0d91-4cfb-82a3-6b26e5ef54eb"
[2022-06-15T15:03:02.1991568+00:00][DBUG][47][Duende.IdentityServer.Validation.AuthorizeRequestValidator] Start authorize request protocol validation
[2022-06-15T15:03:02.1996984+00:00][INFO][47][Microsoft.EntityFrameworkCore.Infrastructure] Entity Framework Core "6.0.1" initialized '"IdentityServerConfigurationDbContext"' using provider '"Microsoft.EntityFrameworkCore.SqlServer":"6.0.1"' with options: "MigrationsAssembly=Skoruba.Duende.IdentityServer.Admin.EntityFramework.Configuration "
[2022-06-15T15:03:02.2055177+00:00][INFO][56][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("5"ms) [Parameters=["@__clientId_0='?' (Size = 200)"], CommandType='Text', CommandTimeout='30']"\n""SELECT [c].[Id], [c].[AbsoluteRefreshTokenLifetime], [c].[AccessTokenLifetime], [c].[AccessTokenType], [c].[AllowAccessTokensViaBrowser], [c].[AllowOfflineAccess], [c].[AllowPlainTextPkce], [c].[AllowRememberConsent], [c].[AllowedIdentityTokenSigningAlgorithms], [c].[AlwaysIncludeUserClaimsInIdToken], [c].[AlwaysSendClientClaims], [c].[AuthorizationCodeLifetime], [c].[BackChannelLogoutSessionRequired], [c].[BackChannelLogoutUri], [c].[CibaLifetime], [c].[ClientClaimsPrefix], [c].[ClientId], [c].[ClientName], [c].[ClientUri], [c].[ConsentLifetime], [c].[Created], [c].[Description], [c].[DeviceCodeLifetime], [c].[EnableLocalLogin], [c].[Enabled], [c].[FrontChannelLogoutSessionRequired], [c].[FrontChannelLogoutUri], [c].[IdentityTokenLifetime], [c].[IncludeJwtId], [c].[LastAccessed], [c].[LogoUri], [c].[NonEditable], [c].[PairWiseSubjectSalt], [c].[PollingInterval], [c].[ProtocolType], [c].[RefreshTokenExpiration], [c].[RefreshTokenUsage], [c].[RequireClientSecret], [c].[RequireConsent], [c].[RequirePkce], [c].[RequireRequestObject], [c].[SlidingRefreshTokenLifetime], [c].[UpdateAccessTokenClaimsOnRefresh], [c].[Updated], [c].[UserCodeType], [c].[UserSsoLifetime], [c0].[Id], [c0].[ClientId], [c0].[Origin], [c1].[Id], [c1].[ClientId], [c1].[GrantType], [c2].[Id], [c2].[ClientId], [c2].[Scope], [c3].[Id], [c3].[ClientId], [c3].[Type], [c3].[Value], [c4].[Id], [c4].[ClientId], [c4].[Created], [c4].[Description], [c4].[Expiration], [c4].[Type], [c4].[Value], [c5].[Id], [c5].[ClientId], [c5].[Provider], [c6].[Id], [c6].[ClientId], [c6].[PostLogoutRedirectUri], [c7].[Id], [c7].[ClientId], [c7].[Key], [c7].[Value], [c8].[Id], [c8].[ClientId], [c8].[RedirectUri]\nFROM [Clients] AS [c]\nLEFT JOIN [ClientCorsOrigins] AS [c0] ON [c].[Id] = [c0].[ClientId]\nLEFT JOIN [ClientGrantTypes] AS [c1] ON [c].[Id] = [c1].[ClientId]\nLEFT JOIN [ClientScopes] AS [c2] ON [c].[Id] = [c2].[ClientId]\nLEFT JOIN [ClientClaims] AS [c3] ON [c].[Id] = [c3].[ClientId]\nLEFT JOIN [ClientSecrets] AS [c4] ON [c].[Id] = [c4].[ClientId]\nLEFT JOIN [ClientIdPRestrictions] AS [c5] ON [c].[Id] = [c5].[ClientId]\nLEFT JOIN [ClientPostLogoutRedirectUris] AS [c6] ON [c].[Id] = [c6].[ClientId]\nLEFT JOIN [ClientProperties] AS [c7] ON [c].[Id] = [c7].[ClientId]\nLEFT JOIN [ClientRedirectUris] AS [c8] ON [c].[Id] = [c8].[ClientId]\nWHERE [c].[ClientId] = @__clientId_0\nORDER BY [c].[Id], [c0].[Id], [c1].[Id], [c2].[Id], [c3].[Id], [c4].[Id], [c5].[Id], [c6].[Id], [c7].[Id]"
[2022-06-15T15:03:02.2084594+00:00][DBUG][56][Duende.IdentityServer.EntityFramework.Stores.ClientStore] "19ec170d-2f22-42b7-a640-bde275b2a62a" found in database: True
[2022-06-15T15:03:02.2085703+00:00][DBUG][56][Duende.IdentityServer.Stores.ValidatingClientStore] client configuration validation for client "19ec170d-2f22-42b7-a640-bde275b2a62a" succeeded.
[2022-06-15T15:03:02.2086657+00:00][DBUG][56][Duende.IdentityServer.Validation.AuthorizeRequestValidator] Checking for PKCE parameters
[2022-06-15T15:03:02.2126060+00:00][INFO][49][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("3"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT [i].[Id], [i].[Created], [i].[Description], [i].[DisplayName], [i].[Emphasize], [i].[Enabled], [i].[Name], [i].[NonEditable], [i].[Required], [i].[ShowInDiscoveryDocument], [i].[Updated], [i0].[Id], [i0].[IdentityResourceId], [i0].[Type], [i1].[Id], [i1].[IdentityResourceId], [i1].[Key], [i1].[Value]\nFROM [IdentityResources] AS [i]\nLEFT JOIN [IdentityResourceClaims] AS [i0] ON [i].[Id] = [i0].[IdentityResourceId]\nLEFT JOIN [IdentityResourceProperties] AS [i1] ON [i].[Id] = [i1].[IdentityResourceId]\nWHERE [i].[Name] IN (N'openid', N'patient/*.read')\nORDER BY [i].[Id], [i0].[Id]"
[2022-06-15T15:03:02.2150511+00:00][DBUG][49][Duende.IdentityServer.EntityFramework.Stores.ResourceStore] Found ["openid", "patient/*.read"] identity scopes in database
[2022-06-15T15:03:02.2180791+00:00][INFO][56][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("2"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT [a].[Id], [a].[AllowedAccessTokenSigningAlgorithms], [a].[Created], [a].[Description], [a].[DisplayName], [a].[Enabled], [a].[LastAccessed], [a].[Name], [a].[NonEditable], [a].[RequireResourceIndicator], [a].[ShowInDiscoveryDocument], [a].[Updated], [a1].[Id], [a1].[ApiResourceId], [a1].[Created], [a1].[Description], [a1].[Expiration], [a1].[Type], [a1].[Value], [a2].[Id], [a2].[ApiResourceId], [a2].[Scope], [a3].[Id], [a3].[ApiResourceId], [a3].[Type], [a4].[Id], [a4].[ApiResourceId], [a4].[Key], [a4].[Value]\nFROM [ApiResources] AS [a]\nLEFT JOIN [ApiResourceSecrets] AS [a1] ON [a].[Id] = [a1].[ApiResourceId]\nLEFT JOIN [ApiResourceScopes] AS [a2] ON [a].[Id] = [a2].[ApiResourceId]\nLEFT JOIN [ApiResourceClaims] AS [a3] ON [a].[Id] = [a3].[ApiResourceId]\nLEFT JOIN [ApiResourceProperties] AS [a4] ON [a].[Id] = [a4].[ApiResourceId]\nWHERE EXISTS (\n    SELECT 1\n    FROM [ApiResourceScopes] AS [a0]\n    WHERE ([a].[Id] = [a0].[ApiResourceId]) AND [a0].[Scope] IN (N'openid', N'patient/*.read'))\nORDER BY [a].[Id], [a1].[Id], [a2].[Id], [a3].[Id]"
[2022-06-15T15:03:02.2205285+00:00][DBUG][47][Duende.IdentityServer.EntityFramework.Stores.ResourceStore] Found [] API resources in database
[2022-06-15T15:03:02.2225322+00:00][INFO][50][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("2"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT [a].[Id], [a].[Created], [a].[Description], [a].[DisplayName], [a].[Emphasize], [a].[Enabled], [a].[LastAccessed], [a].[Name], [a].[NonEditable], [a].[Required], [a].[ShowInDiscoveryDocument], [a].[Updated], [a0].[Id], [a0].[ScopeId], [a0].[Type], [a1].[Id], [a1].[Key], [a1].[ScopeId], [a1].[Value]\nFROM [ApiScopes] AS [a]\nLEFT JOIN [ApiScopeClaims] AS [a0] ON [a].[Id] = [a0].[ScopeId]\nLEFT JOIN [ApiScopeProperties] AS [a1] ON [a].[Id] = [a1].[ScopeId]\nWHERE [a].[Name] IN (N'openid', N'patient/*.read')\nORDER BY [a].[Id], [a0].[Id]"
[2022-06-15T15:03:02.2248579+00:00][DBUG][50][Duende.IdentityServer.EntityFramework.Stores.ResourceStore] Found [] scopes in database
[2022-06-15T15:03:02.2252488+00:00][DBUG][50][Duende.IdentityServer.Validation.AuthorizeRequestValidator] Calling into custom validator: "Duende.IdentityServer.Validation.DefaultCustomAuthorizeRequestValidator"
[2022-06-15T15:03:02.2254481+00:00][DBUG][50][Duende.IdentityServer.Endpoints.AuthorizeEndpoint] ValidatedAuthorizeRequest
AuthorizeRequestValidationLog {ClientId="19ec170d-2f22-42b7-a640-bde275b2a62a", ClientName="firely", RedirectUri="https://www.getpostman.com/oauth2/callback", AllowedRedirectUris=["https://www.getpostman.com/oauth2/callback"], SubjectId="4de25dfb-0d91-4cfb-82a3-6b26e5ef54eb", ResponseType="code", ResponseMode="query", GrantType="authorization_code", RequestedScopes="openid patient/*.read", State="123", UiLocales=null, Nonce=null, AuthenticationContextReferenceClasses=null, DisplayMode=null, PromptMode="", MaxAge=null, LoginHint=null, SessionId="DC36E50026F9F762F5DA7C5E470A0F5A", Raw={["response_type"]="code", ["client_id"]="19ec170d-2f22-42b7-a640-bde275b2a62a", ["state"]="123", ["scope"]="openid patient/*.read", ["redirect_uri"]="https://www.getpostman.com/oauth2/callback", ["code_challenge"]="mtITMxEOcu_s7ZaO_qDw4DuX3UKomReB9LEu-Aib4IU", ["code_challenge_method"]="S256"}}
[2022-06-15T15:03:02.2261076+00:00][INFO][50][Duende.IdentityServer.ResponseHandling.AuthorizeInteractionResponseGenerator] We're in the custom!
[2022-06-15T15:03:02.2268514+00:00][INFO][50][Microsoft.EntityFrameworkCore.Infrastructure] Entity Framework Core "6.0.1" initialized '"IdentityServerPersistedGrantDbContext"' using provider '"Microsoft.EntityFrameworkCore.SqlServer":"6.0.1"' with options: "MigrationsAssembly=Skoruba.Duende.IdentityServer.Admin.EntityFramework.Configuration "
[2022-06-15T15:03:02.2504180+00:00][INFO][56][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("3"ms) [Parameters=["@__key_0='?' (Size = 200)"], CommandType='Text', CommandTimeout='30']"\n""SELECT [p].[Key], [p].[ClientId], [p].[ConsumedTime], [p].[CreationTime], [p].[Data], [p].[Description], [p].[Expiration], [p].[SessionId], [p].[SubjectId], [p].[Type]\nFROM [PersistedGrants] AS [p]\nWHERE [p].[Key] = @__key_0"
[2022-06-15T15:03:02.2513288+00:00][DBUG][56][Duende.IdentityServer.EntityFramework.Stores.PersistedGrantStore] "lYKwfwZfd4QAGWFVPSQt/31lp86dGLeVMCSrFjXeioY=" found in database: True
[2022-06-15T15:03:02.2539939+00:00][DBUG][56][Duende.IdentityServer.Services.DefaultConsentService] Consent found in consent store is same as current request, consent is not required
[2022-06-15T15:03:02.2540838+00:00][DBUG][56][Duende.IdentityServer.ResponseHandling.AuthorizeResponseGenerator] Creating Authorization Code Flow response.
[2022-06-15T15:03:02.2574650+00:00][INFO][54][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("2"ms) [Parameters=["@__token_Key_0='?' (Size = 200)"], CommandType='Text', CommandTimeout='30']"\n""SELECT [p].[Key], [p].[ClientId], [p].[ConsumedTime], [p].[CreationTime], [p].[Data], [p].[Description], [p].[Expiration], [p].[SessionId], [p].[SubjectId], [p].[Type]\nFROM [PersistedGrants] AS [p]\nWHERE [p].[Key] = @__token_Key_0"
[2022-06-15T15:03:02.2788289+00:00][DBUG][54][Duende.IdentityServer.EntityFramework.Stores.PersistedGrantStore] "9BB3288E7CC55B10D4903C29E395017721AC3312734287B57F0D6753A258F8F0" not found in database
[2022-06-15T15:03:02.2843973+00:00][INFO][49][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("3"ms) [Parameters=["@p0='?' (Size = 200), @p1='?' (Size = 200), @p2='?' (DbType = DateTime2), @p3='?' (DbType = DateTime2), @p4='?' (Size = 4000), @p5='?' (Size = 200), @p6='?' (DbType = DateTime2), @p7='?' (Size = 100), @p8='?' (Size = 200), @p9='?' (Size = 50)"], CommandType='Text', CommandTimeout='30']"\n""SET NOCOUNT ON;\nINSERT INTO [PersistedGrants] ([Key], [ClientId], [ConsumedTime], [CreationTime], [Data], [Description], [Expiration], [SessionId], [SubjectId], [Type])\nVALUES (@p0, @p1, @p2, @p3, @p4, @p5, @p6, @p7, @p8, @p9);"
[2022-06-15T15:03:02.2913904+00:00][INFO][49][Duende.IdentityServer.Events.DefaultEventService] TokenIssuedSuccessEvent {ClientId="19ec170d-2f22-42b7-a640-bde275b2a62a", ClientName="firely", RedirectUri="https://www.getpostman.com/oauth2/callback", Endpoint="Authorize", SubjectId="4de25dfb-0d91-4cfb-82a3-6b26e5ef54eb", Scopes="openid patient/*.read", GrantType="authorization_code", Tokens=[Token {TokenType="code", TokenValue="****53-1"}], Category="Token", Name="Token Issued Success", EventType=Success, Id=2000, Message=null, ActivityId="0HMIER54PT6FS:00000002", TimeStamp=06/15/2022 15:03:02, ProcessId=25, LocalIpAddress="::ffff:172.20.0.5:80", RemoteIpAddress="::ffff:172.20.0.4"}
[2022-06-15T15:03:02.2915042+00:00][DBUG][49][Duende.IdentityServer.Endpoints.AuthorizeEndpoint] Authorize endpoint response
AuthorizeResponseLog {SubjectId="4de25dfb-0d91-4cfb-82a3-6b26e5ef54eb", ClientId="19ec170d-2f22-42b7-a640-bde275b2a62a", RedirectUri="https://www.getpostman.com/oauth2/callback", State="123", Scope="openid patient/*.read", Error=null, ErrorDescription=null}
[2022-06-15T15:03:02.2921187+00:00][INFO][49][Microsoft.AspNetCore.Hosting.Diagnostics] Request finished HTTP/1.1 GET http://sts.skoruba.local/connect/authorize?response_type=code&client_id=19ec170d-2f22-42b7-a640-bde275b2a62a&state=123&scope=openid%20patient%2F*.read&redirect_uri=https%3A%2F%2Fwww.getpostman.com%2Foauth2%2Fcallback&code_challenge=mtITMxEOcu_s7ZaO_qDw4DuX3UKomReB9LEu-Aib4IU&code_challenge_method=S256 - - - 302 0 - 199.1717ms
[2022-06-15T15:03:02.5616656+00:00][INFO][47][Microsoft.AspNetCore.Hosting.Diagnostics] Request starting HTTP/1.1 GET http://sts.skoruba.local/connect/token - -
[2022-06-15T15:03:02.5620092+00:00][DBUG][47][Duende.IdentityServer.Hosting.EndpointRouter] Request path "/connect/token" matched to endpoint type "Token"
[2022-06-15T15:03:02.5621716+00:00][DBUG][47][Duende.IdentityServer.Hosting.EndpointRouter] Endpoint enabled: "Token", successfully created handler: "Duende.IdentityServer.Endpoints.TokenEndpoint"
[2022-06-15T15:03:02.5622203+00:00][INFO][47][Duende.IdentityServer.Hosting.IdentityServerMiddleware] Invoking IdentityServer endpoint: "Duende.IdentityServer.Endpoints.TokenEndpoint" for "/connect/token"
[2022-06-15T15:03:02.5622507+00:00][WARN][47][Duende.IdentityServer.Endpoints.TokenEndpoint] Invalid HTTP request for token endpoint
[2022-06-15T15:03:02.5627611+00:00][INFO][47][Microsoft.AspNetCore.Hosting.Diagnostics] Request finished HTTP/1.1 GET http://sts.skoruba.local/connect/token - - - 400 - application/json;+charset=UTF-8 1.0821ms

This log represents what happens when logging in via Chrome to the Admin console fails:

06-15T15:04:19.7959258+00:00][INFO][42][Microsoft.AspNetCore.Hosting.Diagnostics] Request starting HTTP/1.1 GET http://sts.skoruba.local/connect/authorize?client_id=MyClientId&redirect_uri=https%3A%2F%2Fadmin.skoruba.local%2Fsignin-oidc&response_type=code&scope=openid%20profile%20email%20roles&code_challenge=la2HT09KHtR-xHbONVWtR4SkWeL8LPvxmr0rJauGcpA&code_challenge_method=S256&response_mode=form_post&nonce=637909022597858980.M2I1Y2IyNzgtMDRlMC00ODhmLWExMWUtZTBmYjQwZDE5ZWFjYjI2MTEyYWYtYzQ5Mi00YmFiLWI4YTUtNWUyYWFkNGU3YjU1&state=CfDJ8FZTgbh3kWlHoXOWgrYssnHUl21jB73CF0DnYGGYB7taEfkhMrFVI6mPboeDZJr0X544d-nabpD1Z35mc1ipW4d-F5rXsLJbPBF5UTls0k9NfauhndYvMu6sPvrbhgmPZMfPmyW2Occ4b4BP3DIYuiHK8WlWd_N4maqHGPh52am9r4NyiawRo8DIHOeBs0NSWZzK4QBLfSOHQEk6-77X-dfaTGi95--Xe4EXXS3c40ygPfy4drCmXW_8irPP2VZm6dDg_VY9fWGQVQOkZQFFG4ucMao0ECihG3XPE5sS_zm2nbEDSTDkbicDO4oG1lJ4OvlOjLeOwShil8eUtye8J64rdwuQrb3awkpvwJOcchJ6H30hmTetCiX0E2Lu-YX8GQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.10.0.0 - -
[2022-06-15T15:04:19.7965756+00:00][DBUG][42][Duende.IdentityServer.Hosting.EndpointRouter] Request path "/connect/authorize" matched to endpoint type "Authorize"
[2022-06-15T15:04:19.7966789+00:00][DBUG][42][Duende.IdentityServer.Hosting.EndpointRouter] Endpoint enabled: "Authorize", successfully created handler: "Duende.IdentityServer.Endpoints.AuthorizeEndpoint"
[2022-06-15T15:04:19.7967016+00:00][INFO][42][Duende.IdentityServer.Hosting.IdentityServerMiddleware] Invoking IdentityServer endpoint: "Duende.IdentityServer.Endpoints.AuthorizeEndpoint" for "/connect/authorize"
[2022-06-15T15:04:19.7967142+00:00][DBUG][42][Duende.IdentityServer.Endpoints.AuthorizeEndpoint] Start authorize request
[2022-06-15T15:04:19.7967879+00:00][DBUG][42][Duende.IdentityServer.Endpoints.AuthorizeEndpoint] User in authorize request: "4de25dfb-0d91-4cfb-82a3-6b26e5ef54eb"
[2022-06-15T15:04:19.7968236+00:00][DBUG][42][Duende.IdentityServer.Validation.AuthorizeRequestValidator] Start authorize request protocol validation
[2022-06-15T15:04:19.7974683+00:00][INFO][42][Microsoft.EntityFrameworkCore.Infrastructure] Entity Framework Core "6.0.1" initialized '"IdentityServerConfigurationDbContext"' using provider '"Microsoft.EntityFrameworkCore.SqlServer":"6.0.1"' with options: "MigrationsAssembly=Skoruba.Duende.IdentityServer.Admin.EntityFramework.Configuration "
[2022-06-15T15:04:19.8234257+00:00][INFO][40][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("5"ms) [Parameters=["@__clientId_0='?' (Size = 200)"], CommandType='Text', CommandTimeout='30']"\n""SELECT [c].[Id], [c].[AbsoluteRefreshTokenLifetime], [c].[AccessTokenLifetime], [c].[AccessTokenType], [c].[AllowAccessTokensViaBrowser], [c].[AllowOfflineAccess], [c].[AllowPlainTextPkce], [c].[AllowRememberConsent], [c].[AllowedIdentityTokenSigningAlgorithms], [c].[AlwaysIncludeUserClaimsInIdToken], [c].[AlwaysSendClientClaims], [c].[AuthorizationCodeLifetime], [c].[BackChannelLogoutSessionRequired], [c].[BackChannelLogoutUri], [c].[CibaLifetime], [c].[ClientClaimsPrefix], [c].[ClientId], [c].[ClientName], [c].[ClientUri], [c].[ConsentLifetime], [c].[Created], [c].[Description], [c].[DeviceCodeLifetime], [c].[EnableLocalLogin], [c].[Enabled], [c].[FrontChannelLogoutSessionRequired], [c].[FrontChannelLogoutUri], [c].[IdentityTokenLifetime], [c].[IncludeJwtId], [c].[LastAccessed], [c].[LogoUri], [c].[NonEditable], [c].[PairWiseSubjectSalt], [c].[PollingInterval], [c].[ProtocolType], [c].[RefreshTokenExpiration], [c].[RefreshTokenUsage], [c].[RequireClientSecret], [c].[RequireConsent], [c].[RequirePkce], [c].[RequireRequestObject], [c].[SlidingRefreshTokenLifetime], [c].[UpdateAccessTokenClaimsOnRefresh], [c].[Updated], [c].[UserCodeType], [c].[UserSsoLifetime], [c0].[Id], [c0].[ClientId], [c0].[Origin], [c1].[Id], [c1].[ClientId], [c1].[GrantType], [c2].[Id], [c2].[ClientId], [c2].[Scope], [c3].[Id], [c3].[ClientId], [c3].[Type], [c3].[Value], [c4].[Id], [c4].[ClientId], [c4].[Created], [c4].[Description], [c4].[Expiration], [c4].[Type], [c4].[Value], [c5].[Id], [c5].[ClientId], [c5].[Provider], [c6].[Id], [c6].[ClientId], [c6].[PostLogoutRedirectUri], [c7].[Id], [c7].[ClientId], [c7].[Key], [c7].[Value], [c8].[Id], [c8].[ClientId], [c8].[RedirectUri]\nFROM [Clients] AS [c]\nLEFT JOIN [ClientCorsOrigins] AS [c0] ON [c].[Id] = [c0].[ClientId]\nLEFT JOIN [ClientGrantTypes] AS [c1] ON [c].[Id] = [c1].[ClientId]\nLEFT JOIN [ClientScopes] AS [c2] ON [c].[Id] = [c2].[ClientId]\nLEFT JOIN [ClientClaims] AS [c3] ON [c].[Id] = [c3].[ClientId]\nLEFT JOIN [ClientSecrets] AS [c4] ON [c].[Id] = [c4].[ClientId]\nLEFT JOIN [ClientIdPRestrictions] AS [c5] ON [c].[Id] = [c5].[ClientId]\nLEFT JOIN [ClientPostLogoutRedirectUris] AS [c6] ON [c].[Id] = [c6].[ClientId]\nLEFT JOIN [ClientProperties] AS [c7] ON [c].[Id] = [c7].[ClientId]\nLEFT JOIN [ClientRedirectUris] AS [c8] ON [c].[Id] = [c8].[ClientId]\nWHERE [c].[ClientId] = @__clientId_0\nORDER BY [c].[Id], [c0].[Id], [c1].[Id], [c2].[Id], [c3].[Id], [c4].[Id], [c5].[Id], [c6].[Id], [c7].[Id]"
[2022-06-15T15:04:19.8264456+00:00][DBUG][40][Duende.IdentityServer.EntityFramework.Stores.ClientStore] "MyClientId" found in database: True
[2022-06-15T15:04:19.8286191+00:00][DBUG][40][Duende.IdentityServer.Stores.ValidatingClientStore] client configuration validation for client "MyClientId" succeeded.
[2022-06-15T15:04:19.8301400+00:00][DBUG][40][Duende.IdentityServer.Validation.AuthorizeRequestValidator] Checking for PKCE parameters
[2022-06-15T15:04:19.8322824+00:00][INFO][42][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("2"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT [i].[Id], [i].[Created], [i].[Description], [i].[DisplayName], [i].[Emphasize], [i].[Enabled], [i].[Name], [i].[NonEditable], [i].[Required], [i].[ShowInDiscoveryDocument], [i].[Updated], [i0].[Id], [i0].[IdentityResourceId], [i0].[Type], [i1].[Id], [i1].[IdentityResourceId], [i1].[Key], [i1].[Value]\nFROM [IdentityResources] AS [i]\nLEFT JOIN [IdentityResourceClaims] AS [i0] ON [i].[Id] = [i0].[IdentityResourceId]\nLEFT JOIN [IdentityResourceProperties] AS [i1] ON [i].[Id] = [i1].[IdentityResourceId]\nWHERE [i].[Name] IN (N'openid', N'profile', N'email', N'roles')\nORDER BY [i].[Id], [i0].[Id]"
[2022-06-15T15:04:19.8350441+00:00][DBUG][37][Duende.IdentityServer.EntityFramework.Stores.ResourceStore] Found ["roles", "openid", "profile", "email"] identity scopes in database
[2022-06-15T15:04:19.8596434+00:00][INFO][42][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("23"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT [a].[Id], [a].[AllowedAccessTokenSigningAlgorithms], [a].[Created], [a].[Description], [a].[DisplayName], [a].[Enabled], [a].[LastAccessed], [a].[Name], [a].[NonEditable], [a].[RequireResourceIndicator], [a].[ShowInDiscoveryDocument], [a].[Updated], [a1].[Id], [a1].[ApiResourceId], [a1].[Created], [a1].[Description], [a1].[Expiration], [a1].[Type], [a1].[Value], [a2].[Id], [a2].[ApiResourceId], [a2].[Scope], [a3].[Id], [a3].[ApiResourceId], [a3].[Type], [a4].[Id], [a4].[ApiResourceId], [a4].[Key], [a4].[Value]\nFROM [ApiResources] AS [a]\nLEFT JOIN [ApiResourceSecrets] AS [a1] ON [a].[Id] = [a1].[ApiResourceId]\nLEFT JOIN [ApiResourceScopes] AS [a2] ON [a].[Id] = [a2].[ApiResourceId]\nLEFT JOIN [ApiResourceClaims] AS [a3] ON [a].[Id] = [a3].[ApiResourceId]\nLEFT JOIN [ApiResourceProperties] AS [a4] ON [a].[Id] = [a4].[ApiResourceId]\nWHERE EXISTS (\n    SELECT 1\n    FROM [ApiResourceScopes] AS [a0]\n    WHERE ([a].[Id] = [a0].[ApiResourceId]) AND [a0].[Scope] IN (N'openid', N'profile', N'email', N'roles'))\nORDER BY [a].[Id], [a1].[Id], [a2].[Id], [a3].[Id]"
[2022-06-15T15:04:19.8608652+00:00][DBUG][37][Duende.IdentityServer.EntityFramework.Stores.ResourceStore] Found [] API resources in database
[2022-06-15T15:04:19.8633417+00:00][INFO][35][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("2"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT [a].[Id], [a].[Created], [a].[Description], [a].[DisplayName], [a].[Emphasize], [a].[Enabled], [a].[LastAccessed], [a].[Name], [a].[NonEditable], [a].[Required], [a].[ShowInDiscoveryDocument], [a].[Updated], [a0].[Id], [a0].[ScopeId], [a0].[Type], [a1].[Id], [a1].[Key], [a1].[ScopeId], [a1].[Value]\nFROM [ApiScopes] AS [a]\nLEFT JOIN [ApiScopeClaims] AS [a0] ON [a].[Id] = [a0].[ScopeId]\nLEFT JOIN [ApiScopeProperties] AS [a1] ON [a].[Id] = [a1].[ScopeId]\nWHERE [a].[Name] IN (N'openid', N'profile', N'email', N'roles')\nORDER BY [a].[Id], [a0].[Id]"
[2022-06-15T15:04:19.8655226+00:00][DBUG][35][Duende.IdentityServer.EntityFramework.Stores.ResourceStore] Found [] scopes in database
[2022-06-15T15:04:19.8656619+00:00][DBUG][35][Duende.IdentityServer.Validation.AuthorizeRequestValidator] Calling into custom validator: "Duende.IdentityServer.Validation.DefaultCustomAuthorizeRequestValidator"
[2022-06-15T15:04:19.8657675+00:00][DBUG][35][Duende.IdentityServer.Endpoints.AuthorizeEndpoint] ValidatedAuthorizeRequest
AuthorizeRequestValidationLog {ClientId="MyClientId", ClientName="MyClientId", RedirectUri="https://admin.skoruba.local/signin-oidc", AllowedRedirectUris=["https://admin.skoruba.local/signin-oidc"], SubjectId="4de25dfb-0d91-4cfb-82a3-6b26e5ef54eb", ResponseType="code", ResponseMode="form_post", GrantType="authorization_code", RequestedScopes="openid profile email roles", State="CfDJ8FZTgbh3kWlHoXOWgrYssnHUl21jB73CF0DnYGGYB7taEfkhMrFVI6mPboeDZJr0X544d-nabpD1Z35mc1ipW4d-F5rXsLJbPBF5UTls0k9NfauhndYvMu6sPvrbhgmPZMfPmyW2Occ4b4BP3DIYuiHK8WlWd_N4maqHGPh52am9r4NyiawRo8DIHOeBs0NSWZzK4QBLfSOHQEk6-77X-dfaTGi95--Xe4EXXS3c40ygPfy4drCmXW_8irPP2VZm6dDg_VY9fWGQVQOkZQFFG4ucMao0ECihG3XPE5sS_zm2nbEDSTDkbicDO4oG1lJ4OvlOjLeOwShil8eUtye8J64rdwuQrb3awkpvwJOcchJ6H30hmTetCiX0E2Lu-YX8GQ", UiLocales=null, Nonce="637909022597858980.M2I1Y2IyNzgtMDRlMC00ODhmLWExMWUtZTBmYjQwZDE5ZWFjYjI2MTEyYWYtYzQ5Mi00YmFiLWI4YTUtNWUyYWFkNGU3YjU1", AuthenticationContextReferenceClasses=null, DisplayMode=null, PromptMode="", MaxAge=null, LoginHint=null, SessionId="E560A2A351F87C54092E4C02D8BC8CAB", Raw={["client_id"]="MyClientId", ["redirect_uri"]="https://admin.skoruba.local/signin-oidc", ["response_type"]="code", ["scope"]="openid profile email roles", ["code_challenge"]="la2HT09KHtR-xHbONVWtR4SkWeL8LPvxmr0rJauGcpA", ["code_challenge_method"]="S256", ["response_mode"]="form_post", ["nonce"]="637909022597858980.M2I1Y2IyNzgtMDRlMC00ODhmLWExMWUtZTBmYjQwZDE5ZWFjYjI2MTEyYWYtYzQ5Mi00YmFiLWI4YTUtNWUyYWFkNGU3YjU1", ["state"]="CfDJ8FZTgbh3kWlHoXOWgrYssnHUl21jB73CF0DnYGGYB7taEfkhMrFVI6mPboeDZJr0X544d-nabpD1Z35mc1ipW4d-F5rXsLJbPBF5UTls0k9NfauhndYvMu6sPvrbhgmPZMfPmyW2Occ4b4BP3DIYuiHK8WlWd_N4maqHGPh52am9r4NyiawRo8DIHOeBs0NSWZzK4QBLfSOHQEk6-77X-dfaTGi95--Xe4EXXS3c40ygPfy4drCmXW_8irPP2VZm6dDg_VY9fWGQVQOkZQFFG4ucMao0ECihG3XPE5sS_zm2nbEDSTDkbicDO4oG1lJ4OvlOjLeOwShil8eUtye8J64rdwuQrb3awkpvwJOcchJ6H30hmTetCiX0E2Lu-YX8GQ", ["x-client-SKU"]="ID_NETSTANDARD2_0", ["x-client-ver"]="6.10.0.0"}}
[2022-06-15T15:04:19.8662538+00:00][INFO][35][Microsoft.EntityFrameworkCore.Infrastructure] Entity Framework Core "6.0.1" initialized '"AdminIdentityDbContext"' using provider '"Microsoft.EntityFrameworkCore.SqlServer":"6.0.1"' with options: "MigrationsAssembly=Skoruba.Duende.IdentityServer.Admin.EntityFramework.Configuration "
[2022-06-15T15:04:19.8696564+00:00][INFO][37][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("2"ms) [Parameters=["@__p_0='?' (Size = 450)"], CommandType='Text', CommandTimeout='30']"\n""SELECT TOP(1) [u].[Id], [u].[AccessFailedCount], [u].[ConcurrencyStamp], [u].[Email], [u].[EmailConfirmed], [u].[LockoutEnabled], [u].[LockoutEnd], [u].[NormalizedEmail], [u].[NormalizedUserName], [u].[PasswordHash], [u].[PhoneNumber], [u].[PhoneNumberConfirmed], [u].[SecurityStamp], [u].[TwoFactorEnabled], [u].[UserName]\nFROM [Users] AS [u]\nWHERE [u].[Id] = @__p_0"
[2022-06-15T15:04:19.8924772+00:00][INFO][37][Duende.IdentityServer.ResponseHandling.AuthorizeInteractionResponseGenerator] We're in the custom!
[2022-06-15T15:04:19.8927902+00:00][DBUG][37][Duende.IdentityServer.Services.DefaultConsentService] Client is configured to not require consent, no consent is required
[2022-06-15T15:04:19.8928113+00:00][DBUG][37][Duende.IdentityServer.ResponseHandling.AuthorizeResponseGenerator] Creating Authorization Code Flow response.
[2022-06-15T15:04:19.8935971+00:00][INFO][37][Microsoft.EntityFrameworkCore.Infrastructure] Entity Framework Core "6.0.1" initialized '"IdentityServerPersistedGrantDbContext"' using provider '"Microsoft.EntityFrameworkCore.SqlServer":"6.0.1"' with options: "MigrationsAssembly=Skoruba.Duende.IdentityServer.Admin.EntityFramework.Configuration "
[2022-06-15T15:04:19.8984669+00:00][INFO][31][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("4"ms) [Parameters=["@__token_Key_0='?' (Size = 200)"], CommandType='Text', CommandTimeout='30']"\n""SELECT [p].[Key], [p].[ClientId], [p].[ConsumedTime], [p].[CreationTime], [p].[Data], [p].[Description], [p].[Expiration], [p].[SessionId], [p].[SubjectId], [p].[Type]\nFROM [PersistedGrants] AS [p]\nWHERE [p].[Key] = @__token_Key_0"
[2022-06-15T15:04:19.9005062+00:00][DBUG][31][Duende.IdentityServer.EntityFramework.Stores.PersistedGrantStore] "48C9B72B7DB7EE3EF65F53BF5DB2B29F677ED529D1573C0718DA8E1774E853DE" not found in database
[2022-06-15T15:04:19.9250259+00:00][INFO][40][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("2"ms) [Parameters=["@p0='?' (Size = 200), @p1='?' (Size = 200), @p2='?' (DbType = DateTime2), @p3='?' (DbType = DateTime2), @p4='?' (Size = 4000), @p5='?' (Size = 200), @p6='?' (DbType = DateTime2), @p7='?' (Size = 100), @p8='?' (Size = 200), @p9='?' (Size = 50)"], CommandType='Text', CommandTimeout='30']"\n""SET NOCOUNT ON;\nINSERT INTO [PersistedGrants] ([Key], [ClientId], [ConsumedTime], [CreationTime], [Data], [Description], [Expiration], [SessionId], [SubjectId], [Type])\nVALUES (@p0, @p1, @p2, @p3, @p4, @p5, @p6, @p7, @p8, @p9);"
[2022-06-15T15:04:19.9295044+00:00][INFO][40][Duende.IdentityServer.Events.DefaultEventService] TokenIssuedSuccessEvent {ClientId="MyClientId", ClientName="MyClientId", RedirectUri="https://admin.skoruba.local/signin-oidc", Endpoint="Authorize", SubjectId="4de25dfb-0d91-4cfb-82a3-6b26e5ef54eb", Scopes="openid profile email roles", GrantType="authorization_code", Tokens=[Token {TokenType="code", TokenValue="****45-1"}], Category="Token", Name="Token Issued Success", EventType=Success, Id=2000, Message=null, ActivityId="0HMIER54PT6G2:00000002", TimeStamp=06/15/2022 15:04:19, ProcessId=25, LocalIpAddress="::ffff:172.20.0.5:80", RemoteIpAddress="::ffff:172.20.0.4"}
[2022-06-15T15:04:19.9296015+00:00][DBUG][40][Duende.IdentityServer.Endpoints.AuthorizeEndpoint] Authorize endpoint response
AuthorizeResponseLog {SubjectId="4de25dfb-0d91-4cfb-82a3-6b26e5ef54eb", ClientId="MyClientId", RedirectUri="https://admin.skoruba.local/signin-oidc", State="CfDJ8FZTgbh3kWlHoXOWgrYssnHUl21jB73CF0DnYGGYB7taEfkhMrFVI6mPboeDZJr0X544d-nabpD1Z35mc1ipW4d-F5rXsLJbPBF5UTls0k9NfauhndYvMu6sPvrbhgmPZMfPmyW2Occ4b4BP3DIYuiHK8WlWd_N4maqHGPh52am9r4NyiawRo8DIHOeBs0NSWZzK4QBLfSOHQEk6-77X-dfaTGi95--Xe4EXXS3c40ygPfy4drCmXW_8irPP2VZm6dDg_VY9fWGQVQOkZQFFG4ucMao0ECihG3XPE5sS_zm2nbEDSTDkbicDO4oG1lJ4OvlOjLeOwShil8eUtye8J64rdwuQrb3awkpvwJOcchJ6H30hmTetCiX0E2Lu-YX8GQ", Scope="openid profile email roles", Error=null, ErrorDescription=null}
[2022-06-15T15:04:19.9299477+00:00][INFO][40][Microsoft.AspNetCore.Hosting.Diagnostics] Request finished HTTP/1.1 GET http://sts.skoruba.local/connect/authorize?client_id=MyClientId&redirect_uri=https%3A%2F%2Fadmin.skoruba.local%2Fsignin-oidc&response_type=code&scope=openid%20profile%20email%20roles&code_challenge=la2HT09KHtR-xHbONVWtR4SkWeL8LPvxmr0rJauGcpA&code_challenge_method=S256&response_mode=form_post&nonce=637909022597858980.M2I1Y2IyNzgtMDRlMC00ODhmLWExMWUtZTBmYjQwZDE5ZWFjYjI2MTEyYWYtYzQ5Mi00YmFiLWI4YTUtNWUyYWFkNGU3YjU1&state=CfDJ8FZTgbh3kWlHoXOWgrYssnHUl21jB73CF0DnYGGYB7taEfkhMrFVI6mPboeDZJr0X544d-nabpD1Z35mc1ipW4d-F5rXsLJbPBF5UTls0k9NfauhndYvMu6sPvrbhgmPZMfPmyW2Occ4b4BP3DIYuiHK8WlWd_N4maqHGPh52am9r4NyiawRo8DIHOeBs0NSWZzK4QBLfSOHQEk6-77X-dfaTGi95--Xe4EXXS3c40ygPfy4drCmXW_8irPP2VZm6dDg_VY9fWGQVQOkZQFFG4ucMao0ECihG3XPE5sS_zm2nbEDSTDkbicDO4oG1lJ4OvlOjLeOwShil8eUtye8J64rdwuQrb3awkpvwJOcchJ6H30hmTetCiX0E2Lu-YX8GQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.10.0.0 - - - 200 - text/html;+charset=UTF-8 134.0181ms
[2022-06-15T15:04:20.0266527+00:00][INFO][40][Microsoft.AspNetCore.Hosting.Diagnostics] Request starting HTTP/1.1 GET http://sts.skoruba.local/connect/token - -
[2022-06-15T15:04:20.0269844+00:00][DBUG][40][Duende.IdentityServer.Hosting.EndpointRouter] Request path "/connect/token" matched to endpoint type "Token"
[2022-06-15T15:04:20.0272027+00:00][DBUG][40][Duende.IdentityServer.Hosting.EndpointRouter] Endpoint enabled: "Token", successfully created handler: "Duende.IdentityServer.Endpoints.TokenEndpoint"
[2022-06-15T15:04:20.0272534+00:00][INFO][40][Duende.IdentityServer.Hosting.IdentityServerMiddleware] Invoking IdentityServer endpoint: "Duende.IdentityServer.Endpoints.TokenEndpoint" for "/connect/token"
[2022-06-15T15:04:20.0272716+00:00][WARN][40][Duende.IdentityServer.Endpoints.TokenEndpoint] Invalid HTTP request for token endpoint
[2022-06-15T15:04:20.0274159+00:00][INFO][40][Microsoft.AspNetCore.Hosting.Diagnostics] Request finished HTTP/1.1 GET http://sts.skoruba.local/connect/token - - - 400 - application/json;+charset=UTF-8 0.7649ms

[bruceharrison1984]

I'm seeing the exact same behavior from https://github.com/skoruba/IdentityServer4.Admin as well, so I can only assume I am doing something incorrectly when running this locally.

Running the reference Duende container, I can retrieve a token as expected.

[bruceharrison1984]

My issue was my token and authorizer urls were set to http scheme instead of https. Once i corrected for this, I was able to retrieve a token via Postman.

Good job on this!