Reputation: 1054
I'm trying to authorize my angular client with identity server. following are the settings for my angular client.
authority: 'http://localhost:5000',
client_id: 'clientid',
redirect_uri: 'https://localhost:44384/auth-callback',
post_logout_redirect_uri: 'https://localhost:44384/',
response_type: "code",
scope: "openid profile",
filterProtocolClaims: true,
loadUserInfo: true,
automaticSilentRenew: true,
silent_redirect_uri: 'http://localhost:44384/silent-refresh.html'
Similar client is registered at IdentityServer side.
new Client
{
ClientId = "clientid",
AllowedScopes = { "openid", "profile" },
AllowedGrantTypes = GrantTypes.Code,
RequirePkce = true,
RequireClientSecret = false,
AllowAccessTokensViaBrowser = true,
AllowOfflineAccess = false,
AccessTokenLifetime = 3600,
RedirectUris={"https://localhost:44384/auth-callback" },
PostLogoutRedirectUris= {"https://localhost:44384/" },
RequireConsent= false
}
and it was working fine. but when i moved the same client settings to database, its giving me Invalid grant type for client.
Following are VS logs
[15:15:56 Debug] IdentityServer4.EntityFramework.Stores.ClientStore
clientid found in database: True
[15:15:56 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client clientid succeeded.
[15:15:56 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Checking for PKCE parameters
[15:15:56 Error] IdentityServer4.Validation.AuthorizeRequestValidator: Invalid grant type for client: authorization_code
Database data for client is as following.
and for grantType.
Upvotes: 6
Views: 8407
Reputation: 1054
I have figured it out. The GrantType
I have mentioned in Database is wrong.
I was writing following code when getting clients from memory. i.e. from appsettings.json
file
new Client
{
-------
-------
AllowedGrantTypes = GrantTypes.Code,
--------
--------
}
And later when I have moved this information to database, I mistakenly used the same grantType
i.e. Code
, which is wrong. It should be defined like authorization_code
.
So by changing GrantType
in database from Code
to authorization_code
. fixed my issue.
Upvotes: 8