CODEWITHSUNDEEP
identityserver4
Rakesh Kumar
Rakesh Kumar

Reputation: 3129

Identity Server4 connect/token endpoint gives 400 Bad Request

We are using EntityFrameworkCore with Identity Server4. After initial setup, the discovery endpoint of identity server (localhost:6000/.well-known/openid-configuration) is working fine. When we tried to call the connect/token endpoint from postman it gives 400 bad request response. Here is our client:

public static IEnumerable<Client> GetClients()
{
    return new List<Client>
    {
        new Client
        {
            ClientId = "client",

            // no interactive user, use the clientid/secret for authentication
            AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,

            // secret for authentication
            ClientSecrets =
            {
                new Secret("secret".Sha256())
            },

            // scopes that client has access to
            AllowedScopes = { ApiResourceName.Sup_Api.Description() }
        },
        new Client
        {
            ClientId = "client2",

            // no interactive user, use the clientid/secret for authentication
            AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,

            // secret for authentication
            ClientSecrets =
            {
                new Secret("secret".Sha256())
            },

            // scopes that client has access to
            AllowedScopes = { "sup"}
        }
    };
}

Here is postman connect/token post request:

http://localhost:6000/connect/token
  ?client_id=client2
  &client_secret=secret
  &grant_type=client_credentials
  &scope=sup

Response:

{
    "error": "invalid_request"
}

Upvotes: 8

Views: 13896

Answers (3)

Can PERK
Can PERK

Reputation: 630

Make it HTTP POST request instead of browser's HTTP GET request

Upvotes: 4

Heinzlmaen
Heinzlmaen

Reputation: 967

Working Postman example:

enter image description here

I'm not sure about the redirect_uri value. But as response I'm getting:

  • id_token
  • access_token
  • refresh_token

and some others.

Upvotes: 1

Scott Brady
Scott Brady

Reputation: 5598

You don't pass the parameters via the query string. It's meant to be in the body, using a content type of application/x-www-form-urlencoded.

See: https://www.rfc-editor.org/rfc/rfc6749#section-4.1.3

Upvotes: 22

Related Questions