Reputation: 12557
Using Core MVC Client with IdentityServer v3 - The client application is not known or is not authorized
I've a non core webapi and a identityserver v3. now i want to implement a asp core website.
The asp core test website runs on http://localhost:49946/
Is it possible to use a asp core site with an identityserver v3 sts server? Are there any known issues?
I tried it but i always get
The client application is not known or is not authorized.
I made sure that the redirect uri and the client id match.
Here my client config in the identityserver
return new Client
{
Enabled = true,
ClientId = "website",
ClientName = "Site",
Flow = Flows.Implicit,
AllowedScopes = new List<string>
{
Constants.StandardScopes.OpenId,
Constants.StandardScopes.Email,
Constants.StandardScopes.Profile,
Constants.StandardScopes.AllClaims,
Constants.StandardScopes.Roles,
"read","warehouseapi"
},
RedirectUris = new List<string>
{"http://localhost:49946/"
},
PostLogoutRedirectUris = new List<string>
{
"http://localhost:49946/"
}
};
Here the config for the asp core mvc client
app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
{
AuthenticationScheme = "oidc",
SignInScheme = "Cookies",
Authority = "http://localhost:7890",
RequireHttpsMetadata = false,
ClientId = "website",
ResponseType = "id_token token",
Scope = { "openid profile email warehouseapi" },
GetClaimsFromUserInfoEndpoint = true,
SaveTokens = true,
AutomaticAuthenticate = true,
AutomaticChallenge = true,
});
here the url that the client redirects to when he wants to authenticate. there you can see that redirect uri is set to http://localhost:49946/
http://localhost:7890/connect/authorize?client_id=website&redirect_uri=http%3A%2F%2Flocalhost%3A49946%2Fsignin-oidc&response_type=id_token%20token&scope=openid%20profile%20openid%20profile%20email%20warehouseapi&response_mode=form_post&nonce=636115164423104247.ZjY0MjY4OTctZWY3Ny00MGE2LTg4NDAtOWEzZWQyMmQ0NDY5YzJiOWRiNDQtYWY4Yy00MjE2LWE5ZWEtNTA3ZmU3MThkNzBi&state=CfDJ8Faq7VwoA29ApMd_ECq59Rnz2OH_juBD61Mbr40-8VxMsE4i5s5i-jNyb4LdOBYcCAvojnXLPzGy5fvm3c0eNcCnALfy2M2Pl_k0eXcxwXIlF9D_GBmPH5EwsQTXXP5jNBaPuFuxpFM-5tbdSkiqQbdpeddgO7LBPqqxlHcu3MB7e0MOBcPsVOKcTfXwUMG_cWDCoUldgu4k-CjunCTsXOnS7VWpg8ICEP8fcMM8q5GY8KfZFHoOPzu5_24SOLhAeujPF2l_YkVQJRY-QMmv-IWThjk97ewZE8Pl8uIyof38B0lRtbYeE0ChBbM4Wx5O-3yFtTVaT46gtXxqdn4lny39Te1b0SFsG5-LqzZrtTw-RZ_EMZO9wbdd4uwXoifjXg
Is this just a compatibility issue ? anything i'm overseeing?
-- Update
Thx to the hint of leastprivilege i found the solution in the log. there was a unexpected subpath /signin-oidc
In Trace I see
2016-10-08 13:07:41.450 +02:00 [Information] Start authorize request
2016-10-08 13:07:41.465 +02:00 [Information] Start authorize request protocol validation
2016-10-08 13:07:41.498 +02:00 [Error] "Invalid redirect_uri: http://localhost:49946/signin-oidc"
"{
\"ClientId\": \"website\",
\"ClientName\": \"Pluto Site\",
\"RedirectUri\": \"http://localhost:49946/signin-oidc\",
\"AllowedRedirectUris\": [
\"http://localhost:49946/\"
],
\"SubjectId\": \"unknown\",
\"Flow\": \"AuthorizationCode\",
\"RequestedScopes\": \"\",
\"Raw\": {
\"client_id\": \"website\",
\"redirect_uri\": \"http://localhost:49946/signin-oidc\",
\"response_type\": \"id_token token\",
\"scope\": \"openid profile openid profile email warehouseapi\",
\"response_mode\": \"form_post\",
\"nonce\": \"636115215901620557.ZTNkNmFmYjMtOTY4MC00ODE3LWExMmEtYTc0OWYzYzRkZmY4MDRlM2JjZjUtZGViNC00MjIyLWI1MTktOTM4Y2U2MWFkYzkw\",
\"state\": \"CfDJ8Faq7VwoA29ApMd_ECq59RmXQrEZdMEoqQ9onYQLXRTRz-ge13paqnwmi_xjJMoVpaItur0ETX08PxoOzQ-YUn--7DR1pvaxqUngPYOiS44j4t9bS4_yiu7Gb1fjU_R5OiZU2cc-0T6PzT_WgUZ48rqC-unHdJqd_NgE7D_9H9ZT1a-2J3GBZEkfh4LOCHHtfcuG06lgXTPn85fkVKcWxbqn6pTrCLRhiRfH9h41e6bvKsGTOmzJ45G9HRpEAlyo7GkgtFgrrshKNo0xDsIxXjAhxp_me_tipBEpyHT8Mo7T9G4-HTtP8FSnb7YurSWjfywOpEG136-T7wvksCEwlMGrL8k90v6prM-bwefOhCFA-8vJO1hvtKkF3wPSgeMiYg\"
}
}"
Upvotes: 1
Views: 795
Answers (1)
Reputation: 12557
In asp core there is a subpath silently appended
soo http://localhost:49946/signin-oidc had to be added to the redirect uris
Upvotes: 2
Related Questions
- How to use IdentityServer3 with ASP.NET Core Client?
- Identity Server 4 - unauthorized client
- invalid_grant error IdentityServer 3 & asp.net core
- Identity Server 3 - The client application is not known or is not authorized
- How to configure an mvc client running on .Net Framework 4.7.1 to Authenticate with IdentityServer4 (3.1) running on .Net Core
- Authentication with MVC Client 4.7.1 and IdentityServer4
- Unknown client or client not enabled Identity Server 4
- IdentityServer4 Windows Authentication and ASP.Net Core MVC Client "Hello World"
- 401 Unauthorized with IdentityServer3 In ASP.Net Core 1.1 MVC Application
- Identityserver3 - The client application is not known or is not authorized