Msr Devadiga
Reputation: 61
Response type is not valid
I am using openidict and oidc-client authentication,
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
{
options.LoginPath = "/Identity/Account/Login";
options.LogoutPath = "/Identity/Account/Logout";
})
.AddOpenIdConnect(options =>
{
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.ForwardSignIn = CookieAuthenticationDefaults.AuthenticationScheme;
options.Authority = baseUrl;
options.CallbackPath = new PathString("/authentication/login-callback");
options.SignedOutRedirectUri = baseUrl;
options.ClientId = AuthenticationClient.WebClientId;
options.RequireHttpsMetadata = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.SaveTokens = true;
options.UsePkce = true;
/// Use the authorization code flow.
options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
options.AuthenticationMethod = OpenIdConnectRedirectBehavior.RedirectGet;
options.Scope.Add(Scopes.OpenId);
options.Scope.Add(Scopes.Profile);
options.Scope.Add(AuthenticationClient.WebClientApiScope);
}
Here when the response type is set to "Code id/Code id_token/code token" I'm getting Open ID connect hybrid flow is not supported error.
When it is "code" , I get the below error.
error:unauthorized_client
error_description:The specified 'response_type' is not valid for this client application.
error_uri:https://documentation.openiddict.com/errors/ID2043
Can someone pls help me on this?
Upvotes: 6
Views: 3027
Answers (1)
Roma Rudiak
Reputation: 323
I had the same issue when I tried to configure OpenIddic server and authorize it through the OIDC protocol.
I was configuring postman public client, that allowed AuthorizationCode GrandType, and I forgot to add explicitly allowed ResponseType Code:
var descriptor = new OpenIddictApplicationDescriptor
{
ClientId = "postman",
DisplayName = "Postman",
RedirectUris = { new Uri("https://www.getpostman.com/oath2/callback") },
Permissions =
{
OpenIddictConstants.Permissions.Endpoints.Authorization,
OpenIddictConstants.Permissions.Endpoints.Device,
OpenIddictConstants.Permissions.Endpoints.Token,
OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode,
OpenIddictConstants.Permissions.GrantTypes.DeviceCode,
OpenIddictConstants.Permissions.GrantTypes.Password,
OpenIddictConstants.Permissions.GrantTypes.RefreshToken,
OpenIddictConstants.Permissions.Scopes.Email,
OpenIddictConstants.Permissions.Scopes.Profile,
OpenIddictConstants.Permissions.Scopes.Roles,
OpenIddictConstants.Permissions.ResponseTypes.Code <-- this was my issue
}
};
And this how OpenIddic stored this in DB
[
"ept:authorization",
"ept:device",
"ept:token",
"gt:authorization_code",
"gt:urn:ietf:params:oauth:grant-type:device_code",
"gt:password",
"gt:refresh_token",
"scp:email",
"scp:profile",
"scp:roles",
"rst:code"
]
As OpenIddict is a library for creating authorization we need set everything explicitly.
Upvotes: 3
Related Questions
- An unhandled exception occurred while processing the request in OpenIddict
- OpenIddict 3 unavailable token validation from .NET 4.6
- OpenIddict Issuer validation failed on linux server
- Getting id_token as null in OIDC when sending responseType = 'id_token'
- OpenIddict authorization request not handled
- openiddict asp.net core OpenIdConnectRequest parameter
- OpenIddict problems
- The token response was successfully returned: unsupported_grant_type
- OpenIDDict in asp.net core error " The OpenID Connect request cannot be retrieved"
- ASP.NET Core Openiddict throws "An OpenID Connect response cannot be returned from this endpoint"