CODEWITHSUNDEEP
identityserver3
Yusbel Garcia
Yusbel Garcia

Reputation: 197

IdentityServer3 - ScopeSecretValidator when using reference token

After receiving the access token (reference access token) my api middleware make a call to the instropection end point to get the jwt token. Unfortunate I'm getting a json response with an error message unauthortize.

2016-08-24 13:33:39.505 -04:00 [Debug] Start scope validation 2016-08-24 13:33:39.505 -04:00 [Debug] Start parsing Basic Authentication secret 2016-08-24 13:33:39.505 -04:00 [Debug] Parser found secret: "BasicAuthenticationSecretParser" 2016-08-24 13:33:39.505 -04:00 [Information] Secret id found: "webapp123.hybric.flow" 2016-08-24 13:33:39.507 -04:00 [Information] No scope with that name found. aborting 2016-08-24 13:33:39.507 -04:00 [Warning] Scope unauthorized to call introspection endpoint. aborting.

look like we are searching for the scopes requested by the client application using the client application id passed to the instropection endpoint. Question:

Is his correct? Can the Id3 remember the scopes requested by the client? Can I call the instrospection endpint using the api ClientId? - I don;t want to use the client id of the client application that requested the reference token.

Code bellow:

var scope = (await _scopes.FindScopesAsync(new[] { parsedSecret.Id })).FirstOrDefault();

Upvotes: 0

Views: 334

Answers (1)

Shetty
Shetty

Reputation: 1892

ntrospection endpoint is for validation of token and not to get Jwt. To call Introspection end point you need to pass "Scope" and "Scope secret" in the request for authentication not client id. If you send the reference token to instrospection endpoint with valid scope name and secret you will get the claims in the response.

 public async Task ValidateValidReferenceTokenUsingIntrospectionEndPoint()
            {
                var tokenResponse = await GetTokenResponseForClientCredentialsFlow(IdsModel.AccessTokenType.Reference);

                var introspectionClient = new IntrospectionClient(
                   IntrospectionEndpoint,
                   "Api1",  // scope name, scope secret
                   "Api1Secret");

                var response = await introspectionClient.SendAsync(new IntrospectionRequest
                {
                    Token = tokenResponse.AccessToken
                });

                var jsonResult = JsonConvert.DeserializeObject<Dictionary<string, object>>(response.Raw);

                response.IsActive.Should().Be(true);
                response.IsError.Should().Be(false);


                jsonResult.Should().Contain("iss", ValidIssuer);
                jsonResult.Should().Contain("aud", ValidAudience);
                jsonResult.Should().Contain("client_id", "referenceTokenClient");
jsonResult.Should().Contain("client_claim1", "claim1value");
                jsonResult.Should().Contain("active", true);
            }

Upvotes: 0

Related Questions