IdentityServer3 PostMan invalid_client

Question

I've set up an an instance of IdentityServer3 running in IIS.

        var validators = new List>
        {
            new Registration(),
            new Registration()
        };

        // .Register() is an extension method that setups that setups the
        // IdentityServerServiceFactory
        var factory = new EntityFrameworkServiceOptions()
                    .Register()
                    .UseInMemoryUsers(Users.Get());
        factory.SecretValidators = validators;

        app.Map($"/{IdentityServer.Path}", server =>
        {
            server.UseIdentityServer(new IdentityServerOptions()
            {
                RequireSsl = false,
                SiteName = siteName,
                SigningCertificate = Certificate.Load(),
                Factory = factory,

                // Currently does nothing. There are no plugins.
                PluginConfiguration = ConfigurePlugins,
                AuthenticationOptions = new AuthenticationOptions()
                {
                    EnablePostSignOutAutoRedirect = true,

                    // Currently does nothing. There are no IdentityProviders setup
                    IdentityProviders = ConfigureIdentityProviders
                }
            });
        });

I've setup a Client in EF database for Client Credentials Flow. So there is a client in the Client table, I've given the client access to a scope in the ClientScopes table, and I've given the client a secret in the ClientSecrets table.

The pertinent values stored in the database are (all values not listed are the IdentityServer3 defaults):

ClientId = 'client'
Flow = 'ClientCredentials [3]'
ClientScope = 'api'
ClientSecret = 'secret'.Sha256()

I'm trying to get a new token from Postman:

The IdentityServer is running on a test server which is why I don't have "Request access token locally" selected.

When I click "Request Token" I get the following error logged:

2016-09-16 16:18:28.470 -05:00 [Debug] Start client validation
2016-09-16 16:18:28.470 -05:00 [Debug] Start parsing Basic Authentication secret
2016-09-16 16:18:28.470 -05:00 [Debug] Parser found secret: "BasicAuthenticationSecretParser"
w3wp.exe Information: 0 : 2016-09-16 16:18:28.470 -05:00 [Information] Secret id found: "client"
2016-09-16 16:18:28.470 -05:00 [Debug] No matching hashed secret found.
w3wp.exe Information: 0 : 2016-09-16 16:18:28.470 -05:00 [Information] Secret validators could not validate secret
w3wp.exe Information: 0 : 2016-09-16 16:18:28.470 -05:00 [Information] Client validation failed.
w3wp.exe Information: 0 : 2016-09-16 16:18:28.470 -05:00 [Information] End token request
w3wp.exe Information: 0 : 2016-09-16 16:18:28.470 -05:00 [Information] Returning error: invalid_client

I'm not really sure why the validators cannot validate the secret. It's saved in the database as Sha256 and IdentityServer can parse and validate Sha256.

UPDATE: I got it to work doing a POST from Postman and filling out the appropriate x-www-form-urlencoded fields, but I still haven't figured out how to get it to work using the Authorization tab and "Get New Access Token" feature of Postman. Can that not be used to get access tokens from IdentityServer3?

Rabid Penguin · Accepted Answer

I've got it working, but NOT using the "Get New Access Token" feature of Postman. I couldn't figure out why that wasn't working :p Instead I just posted to the token URL which gave me an access token, then I was able to use that in subsequent calls to my services.

POST: https://{{server}}/connect/token
client_id:
client_secret:
grant_type: client_credentials
scope:

Then to use it in your server calls add the following to your header:

Authorization: Bearer [access_token]

IdentityServer3 PostMan invalid_client

Answers (2)

Related Questions