Reputation: 20987
Invalid_client using OpenIdConnect in client application
I have an IdentityServer4 application running with ASP.NET Identity. I want to use that so users from another application can login through my remote identity server.
I have configured a client application in identity server with the following settings (showing only relevant settings):
ClientId: mvc
ProtocolType: oidc
ClientSecret: K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=
(URLs to client app)
RedirectUri: https://localhost:44313/signin-oidc
PostLogoutRedirectUri: https://localhost:44313/signout-callback-oidc
GrantType: Hybrid
My client application (server side Blazor app) has the following settings configured in Startup.cs.
// Add authentication
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.RequireHttpsMetadata = false;
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.Authority = "http://localhost:5000/"; // local identity server url
options.ClientId = "mvc";
options.ClientSecret = "K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=";
options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("profile openid web_api");
});
When I start my client app, I then get redirect to my IdentityServer login page. I can then login with a username and password. When I login I then get redirected back to my client application https://localhost:44313/signin-oidc.
But then I get the following error on that page:
OpenIdConnectProtocolException: Message contains error: 'invalid_client', error_description: 'error_description is null', error_uri: 'error_uri is null'.
To me it looks like I am using the correct ClientId?
What am I doing wrong?
Upvotes: 14
Views: 21137
Answers (3)
Reputation: 419
I recently faced this issue and discovered that my application was making a POST request to the OIDC Provider on the Token endpoint. While the OIDC Provider was set to accept Basic Authentication.
Once that was resolved, my issue was resolved.
Upvotes: 0
Reputation: 471
Please check Client Configuration (clientId), If it matches given client configuration or not.
In my case, issue was related with secret.
2 Things to note for secret issue:
- In the client application ,'ClientSecret' should be the 'unencryptedvalue' - plaintext.('secret' in following example)
- While doing the configuration for all clients, in identity server, please check the secret.Type, it should be 'SharedSecret'.
Example:
Secret secret = new Secret("secret".Sha256(), "Description");
secret.Type = "SharedSecret";
Upvotes: 2
Reputation:
ClientSecret should contain the unencrypted value. Take a look at the documentation.
In your case secret.
options.ClientSecret = "secret";
I didn't look further, so if this change doesn't solve it then please let me know.
Upvotes: 12
Related Questions
- .Net Core 2.1 OpenIdConnectProtocolException
- IdentityServer4 - Error: Unknown client or not enabled: oauthClient
- dotnet Core Authentication OpenIdConnectProtocolException: Message contains error: 'invalid_client' after OneLogin
- IdentityServer4 Invalid Scope in Client application
- ASP.NET Core 2.0 - ArgumentException: Options.ClientId must be provided
- Identity Server 4 - Getting invalid_client error
- IdentityServer "invalid_client" error always returned
- UseOpenIdConnectServer is not working
- Identity Server4 Unauthorized error
- Issuing Tokens with AspNet.Security.OpenIdConnect.Server (RC2) - Invalid Client?