Reputation: 3539
Angular 4 could not authenticate with IdentityServer4
Trying to authenticate user with IdentityServer4 with ResourceOwnerPassword grant type.
My application look very similar to Angular SPA Web API - Explanation. The issue is - whenever I making a POST request to http://localhost:49950/connect/token to request token I get an 400 Bad Request as a result.
In IdentityServer4 logs I see:
Request starting HTTP/1.1 POST http://localhost:49950/connect/token application/x-www-form-urlencode 166 Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 POST http://localhost:49950/connect/token application/x-www-form-urlencode 166
...
...
CORS request made for path: /connect/token from origin: http://localhost:5000
...
Client list checked and origin: http://localhost:5000 is allowed
...
CorsPolicyService allowed origin: http://localhost:5000
...
Request path /connect/token matched to endpoint type Token
...
Mapping found for endpoint: Token, creating handler: IdentityServer4.Endpoints.TokenEndpoint
...
Invoking IdentityServer endpoint: IdentityServer4.Endpoints.TokenEndpoint for /connect/token
...
Invalid HTTP request for token endpoint
IdentityServer4.Endpoints.TokenEndpoint:Warning: Invalid HTTP request for token endpoint Application Insights Telemetry (unconfigured): {"name":"Microsoft.ApplicationInsights.Dev.Message","time":"2017-07-27T09:05:22.8471704Z","tags":{"ai.operation.id":"0HL6KPQE44JVG","ai.cloud.roleInstance":"XE0806001077","ai.internal.sdkVersion":"aspnet5c:2.0.0","ai.application.ver":"1.0.0.0","ai.operation.name":"POST /connect/token","ai.internal.nodeName":"XE0806001077","ai.location.ip":"::1"},"data":{"baseType":"MessageData","baseData":{"ver":2,"message":"Invoking result: IdentityServer4.Endpoints.Results.TokenErrorResult","severityLevel":"Verbose","properties":{"DeveloperMode":"true","{OriginalFormat}":"Invoking result: {type}","AspNetCoreEnvironment":"Development","CategoryName":"IdentityServer4.Hosting.IdentityServerMiddleware","type":"IdentityServer4.Endpoints.Results.TokenErrorResult"}}}}
What does it mean Invalid HTTP request for token endpoint ?
This is a POST request:
POST /connect/token HTTP/1.1
Host: localhost:49950
Connection: keep-alive
Content-Length: 166
Pragma: no-cache
Cache-Control: no-cache
Authorization: Basic YWxleDp0ZXN0UGFzc3dvcmQ=
Origin: http://localhost:5000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36
Content-Type: application/x-www-form-urlencode
Accept: application/json, text/plain, */*
Referer: http://localhost:5000/dashboard
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.8,he;q=0.6,ru;q=0.4
What should I change on Angular side or IdentityServer4 on ASP Core to allow the token request ?
Note: It's correctly work from Postman with the same user details in request body - the same thing I'm doing in Angular but get Invalid HTTP request for token endpoint :(
Upvotes: 1
Views: 1131
Answers (1)
Reputation: 5598
There's no body to the request you've shown. Is one being sent?
A ROPC request should look something like the below:
POST /connect/token HTTP/1.1
Host: localhost:49950
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded
grant_type=password&username=johndoe&password=A3ddj3w
Where the Authorization header is your client credentials (client id & secret), not the users username & password
Upvotes: 1
Related Questions
- IdentityServer4 gives stack overflow error
- Getting error: "invalid_client" when connecting Angular to IndentityServer4
- IdentityServer 4: Invalid grant type for client: authorization_code
- IdentityServer4 Audience validation failed
- Identity Server 4 responds with a 403 (forbidden) to Angular client on account/login
- How to authenticate Angular 4 app placed inside ASPNETCORE
- Angular Client - Access Token Fail Authenication
- IdentityServer 4 - invaid_client error
- IdentityServer3 + Angular4 + WebApi Causing 401 Unauthorized
- IdentityServer4 + ASP.NET core API + Angular: Login/authentication