Reputation: 11186
Configuration for getting JWT from IdentityServer with Aurelia-Auth
I am having trouble getting an JWT from IdentityServer3. I am using aurelia with aurelia-auth.
The error I am getting from IdentityServer is "The client application is not known or is not authorized."
Was wondering what I am missing in the configuration? Configuration is below
//Server Clients
public static class Clients
{
public static IEnumerable<Client> Get()
{
return new List<Client> {
new Client {
ClientName = "AureliaApplication",
Enabled = true,
ClientId = "aureliaClient",
AllowAccessToAllScopes = true,
Flow = Flows.ResourceOwner,
AccessTokenType = AccessTokenType.Jwt,
AccessTokenLifetime = 3600
}
};
}
}
//Aurelia-Auth Provider Config
var config = {
providers: {
IdentityServerV3: {
name:'IdentityServerV3',
url: '/auth/IdentityServerV3',
authorizationEndpoint: 'https://localhost:44300/core/connect/authorize',
redirectUri: window.location.origin || window.location.protocol + '//' + window.location.host,
scope: ['openid'],
scopePrefix: 'openid',
scopeDelimiter: '&',
display: 'popup',
type: '2.0',
clientId: 'aureliaClient',
popupOptions: { width: 1020, height: 618 }
}
}
}
export default config;
Upvotes: 3
Views: 1598
Answers (1)
Reputation: 26
You need to configure the scope of the client in the IdentityServer
new Client
{
ClientId = "Aurelia Client",
ClientName = "aureliaClient",
ClientSecrets = new List<Secret> {
new Secret(Constants.IdentitySecret.Sha256())
},
Flow = Flows.Hybrid,
RequireConsent = true,
AllowRememberConsent = true,
RedirectUris = new List<string> {
"http://localhost:9000"
},
PostLogoutRedirectUris = new List<string> {
"http://localhost:9000"
},
AllowedScopes = new List<string> {
Constants.StandardScopes.OpenId,
Constants.StandardScopes.Profile,
Constants.StandardScopes.Roles,
"apiAccess"
}
}
The Aurelia config has to have to correct url to the different IdentityServer endpoint. These endpoints can usually be found in the openid-configuration of the server (in this example it would be : https://localhost:44301/core/.well-known/openid-configuration). The same scope as define in the client configuration in the IdentityServer
var config = {
baseUrl : 'https://localhost:44301/core',
tokenName : 'id_token',
profileUrl: '/connect/userinfo',
unlinkUrl : '/connect/endsession',
logoutRedirect: '/',
loginRedirect : '#/',
providers : {
identSrv : {
name: 'identSrv',
url: '/connect/token',
authorizationEndpoint: 'https://localhost:44301/core/connect/authorize/',
redirectUri: window.location.origin || window.location.protocol + '//' + window.location.host,
scope: ['profile', 'apiAccess','openid', 'roles'],
responseType :'code id_token token',
scopePrefix: '',
scopeDelimiter: ' ',
requiredUrlParams: ['scope', 'nonce'],
optionalUrlParams: ['display'],
state: 'session_state',
display: 'popup',
type: '2.0',
clientId: 'jsClient',
flow: 'hybrid',
nonce : function(){
var val = ((Date.now() + Math.random()) * Math.random()).toString().replace(".", "");
return encodeURIComponent(val);
},
popupOptions: { width: 452, height: 633 }
}
}
Scott actually found the solution (I'm just using it to answer) and you can find an example on his github https://github.com/devscott/identityServer3Example
Upvotes: 1
Related Questions
- JWT Token .NET Core Identity Server problem
- Handling authorization with IdentityServer4
- Identity Server 4 custom token endpoint, get signingcredential at runtime
- IdentityServer4 requesting a JWT / Access Bearer Token using the password grant in asp.net core
- Claims Identity .NET CORE 3.0 API JWT
- Implement JwtBearer Authentication in NSwag SwaggerUi
- Authorization Not working with identityserver4 when using docker
- How do I add Jwt authentication from IdentityServer4 and Auth0 in an ASP.NET Core 2.0 web api?
- Dotnet core 2.0 Use Identity with JwtBearer Authentication
- IdentityServer3 - Client and Secret