CODEWITHSUNDEEP
identityserver3
Warren LaFrance
Warren LaFrance

Reputation: 582

Identityserver3 - The client application is not known or is not authorized

I am setting up my client application port3g to use IdentityServer3 to authenticate.

I am getting the error: The client application is not known or is not authorized. I think I have both the client and OAuth server client settings configured correctly. Does anyone see an error in either configuration

SITE: PORT3G StartUp ..

   public void ConfigureAuth(IAppBuilder app)
    {
        JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();

        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie
        });
        //port3g_implicit


        app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
        {
            ClientId = "port3g_implicit",  
            Authority = "http://localhost:22710",  // Authorization Server
            RedirectUri = "http://localhost:28037/",  // Address of this website
            ResponseType = "id_token token ",  // Added token was not in orginal code
            Scope = "openid profile offline_access read appRoles",
            PostLogoutRedirectUri = "http://localhost:28037",
            SignInAsAuthenticationType = DefaultAuthenticationTypes.ApplicationCookie
        });

    }

SITE: Webhost.OAuth 

// BEGIN PORT3G
            new Client
            {
                ClientId = "port3g_implicit",  
                ClientSecrets = new List<Secret>
                {
                    new Secret("secret".Sha256())
                },
                ClientName = "Port3G", 
                Flow = Flows.Implicit,
                AllowedScopes = new List<string>
                {
                    Constants.StandardScopes.OpenId,
                    Constants.StandardScopes.Profile,Constants.StandardScopes.AllClaims ,
                   "read","appRoles"
                },
                RedirectUris = new List<string>
                {
                    "http://localhost:28037/",
                     "http://localhost:28037/"
                },
                PostLogoutRedirectUris = new List<string>
                {
                    "http://localhost:28037/"
                },
                Enabled = true
            }
            // END PORT3G

Upvotes: 0

Views: 3215

Answers (2)

Shetty
Shetty

Reputation: 1892

There is a space at the end of your response type 

 ResponseType = "id_token token ",  // Added token was not in orginal code

Remove it and try. Also remove offline_access scope

Upvotes: 1

Rob Davis
Rob Davis

Reputation: 1319

Did you turn on IdentityServer logging? It can be incredibly helpful in diagnosing these sorts of issues.

In this specific case, it is likely because you are asking for offline_access which is not allowed with the implicit flow. Try removing that identifier from the string assigned to scope. When you turn logging on, you will probably see the following line which indicates this issue:

[Error] Requested scope not allowed: "offline_access"

Upvotes: 3

Related Questions