CODEWITHSUNDEEP
oauth-2.0identityserver3
soliloquyy
soliloquyy

Reputation: 355

IdentityServer3, implicit flow, how to obtain token?

I am trying to access token URL working with IdentityServer3. The Server is configured the following way: 

    var options = new IdentityServerOptions
        {
            LoggingOptions = new LoggingOptions
            {
                WebApiDiagnosticsIsVerbose = true,
                EnableWebApiDiagnostics = true,
                EnableHttpLogging = true,
                EnableKatanaLogging= true
            },
            Factory = new IdentityServerServiceFactory()
                .UseInMemoryClients(Clients.Get())
                .UseInMemoryScopes(Scopes.Get())
                .UseInMemoryUsers(Users.Get()),
            RequireSsl = false,
            EnableWelcomePage = false,

        };

        app.UseIdentityServer(options);

The client configuration:

 new Client
            {
                Enabled = true,
                ClientName = "JS Client",
                ClientId = "js",
                Flow = Flows.Implicit,
                RedirectUris = new List<string>
                {
                    "http://localhost:56522"
                },
                AllowedCorsOrigins = new List<string>
                {
                    "http://localhost:56522"
                },
                AllowAccessToAllScopes = true
            }

Trying to POST the following HTTP request to token endpoint:

Content-Type:application/x-www-form-urlencoded
grant_type:password
redirect_uri:http://localhost:56522
client_id:js
username:bob
password:secret
scope:api

I get Invalid client error message and log shows: Action returned 'IdentityServer3.Core.Results.TokenErrorResult'', Operation=ReflectedHttpActionDescriptor.ExecuteAsync

Any ideas what do I still miss?

Upvotes: 1

Views: 1472

Answers (1)

Scott Brady
Scott Brady

Reputation: 5598

Your request is using the password grant type, which is the OAuth Resource Owner flow, but your client is configured to use the OpenID Connect Implicit flow.

Either change your client configuration to use the Resource Owner flow, or change your request to be a valid OpenID Connect request.

For example: GET /connect/authorize?client_id=js&scope=openid api&response_type=id_token token&redirect_uri=http://localhost:56522&state=abc&nonce=xyz. This will take you to a login page.

Or better yet, use a JavaScipt library like @Jenan suggested, such as the IdentityModel oidc-client which handles these requests for you.

Upvotes: 2

Related Questions