Stuck on this OpenIddict issue while validation with client creadentials token

Question

System.InvalidOperationException: An identity cannot be extracted from this request.

This generally indicates that the OpenIddict server stack was asked to validate a token for an endpoint it doesn't manage.

To validate tokens received by custom API endpoints, the OpenIddict validation handler (e.g OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme or OpenIddictValidationOwinDefaults.AuthenticationType) must be used instead.

at OpenIddict.Server.OpenIddictServerHandlers.ValidateAuthenticationDemand.HandleAsync(ProcessAuthenticationContext context)
at OpenIddict.Server.OpenIddictServerDispatcher.DispatchAsync[TContext](TContext context)
at OpenIddict.Server.OpenIddictServerDispatcher.DispatchAsync[TContext](TContext context)
at OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandler.HandleAuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme) at Microsoft.AspNetCore.Authorization.Policy.PolicyEvaluator.AuthenticateAsync(AuthorizationPolicy policy, HttpContext context) at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext) at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider) at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

HEADERS

Accept: */*
Host: localhost:7174
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36
:method: GET
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IlYyUERaNl9RUjRfNFo0Q1VMUkUwWFdRRU1KNFVDT0VGSjNDQldTQUQiLCJ0eXAiOiJhdCtqd3QifQ.eyJzdWIiOiJwb3N0bWFuIiwic29tZS1jbGFpbSI6InNvbWUtdmFsdWUiLCJvaV9wcnN0IjoicG9zdG1hbiIsImNsaWVudF9pZCI6InBvc3RtYW4iLCJvaV90a25faWQiOiI3NGE3ZGNlMC1kNjJkLTRmZjQtYjg1MS1kMjRjN2E1OGIwNTEiLCJzY29wZSI6ImFwaSIsImV4cCI6MTY3MjIxMjQzMywiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NzE3NC8iLCJpYXQiOjE2NzIyMDg4MzN9.bls8ceNA9bU-xr1-9huV4LDqifX7KDn8E1bqGPGeeWh9ePeN1mYnywFC6lPVls8OtCmtm1v9iTnnfaoZ3r2v_IoKahl727B4QD8AkKpy_8ExiBBECtX9HqDid3w0c8dYS1Rka2xyh5mcKJzlqNlSucNbRqj7Hu8wisizV89K45qmWBsZTIsBqJOR5DKDjVzAEmAvjccD8Hb9kjF6lSiis2E7x41YO0dB4ugc5gEm1huEI44bps7qj9V2mQ70EcNi74KgK3Y57JsityV1Oqjv14gour2jjvccATtLhOtNisUfbw10jPlRj3AT1XiHDjjIhR5pb0z6XTJRblpmNt8wNQ
Referer: https://localhost:7174/swagger/index.html
sec-ch-ua: "Not?A_Brand";v="8", "Chromium";v="108", "Google Chrome";v="108"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty

Does anyone know about this? Please tell me the solution

Answer 1

As mentioned in the exception, OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme is the correct authentication scheme to use when you want to validate tokens received by your own APIs.

If you decorated your API endpoint with [Authorize(AuthenticationSchemes = OpenIddictServerAspNetCoreDefaults.AuthenticationScheme)], replace that by [Authorize(AuthenticationSchemes = OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme)].