I am trying to connect a native mobile app(xamarin) to Identity Server. I had initially set the flow to be implicit, and I was told its incorrect. Hence I changed it Authorization Code flow.
Here is how my client definition looks like
new Client
{
ClientId = "Xamarin",
ClientName = "Xamarin Client",
AllowedGrantTypes = GrantTypes.Code,
AllowAccessTokensViaBrowser = true,
RedirectUris = { "http://xx.xx.xx.xx/signin-oidc" },
PostLogoutRedirectUris = { "http://xx.xx.xx.xx/signin-oidc" },
AllowedCorsOrigins = { "http://xx.xx.xx.xx" },
AllowedScopes =
{
StandardScopes.OpenId.Name,
StandardScopes.Profile.Name,
"api1"
},
RequireConsent = false
}
And from my xamarin app, this is how I connect to the identity server.
void LoginButton_Clicked(object sender, EventArgs e)
{
StartFlow("token", "api1");
}
public void StartFlow(string responseType, string scope)
{
var authorizeRequest =
new AuthorizeRequest("http://xx.xx.xx.xx/connect/authorize");
var dic = new Dictionary<string, string>();
dic.Add("client_id", "Xamarin");
dic.Add("response_type", responseType);
dic.Add("scope", scope);
dic.Add("redirect_uri", "http://xx.xx.xx.xx/signin-oidc");
dic.Add("nonce", Guid.NewGuid().ToString("N"));
_currentCSRFToken = Guid.NewGuid().ToString("N");
dic.Add("state", _currentCSRFToken);
var authorizeUri = authorizeRequest.Create(dic);
webLogin.Source = authorizeUri;
webLogin.IsVisible = true;
}
I get the the error "unauthorized_client" in the mobile app, and in my logs in server is shows:
fail: IdentityServer4.Validation.AuthorizeRequestValidator[0]
Invalid grant type for client: implicit
{
"ClientId": "Xamarin",
"ClientName": "Xamarin Client",
"RedirectUri": "http://xx.xx.xx.xx/signin-oidc",
"AllowedRedirectUris": [
"http://xx.xx.xx.xx/signin-oidc"
],
"SubjectId": "anonymous",
"ResponseType": "token",
"ResponseMode": "fragment",
"GrantType": "implicit",
"RequestedScopes": "",
"State": "5c53c5e5bbe44c0f8c5d4b401df0938e",
"Raw": {
"client_id": "Xamarin",
"response_type": "token",
"scope": "api1",
"redirect_uri": "http://xx.xx.xx.xx/signin-oidc",
"nonce": "49f21e8873d744bea76f6f00ebae3eb4",
"state": "5c53c5e5bbe44c0f8c5d4b401df0938e"
}
}
fail: IdentityServer4.Endpoints.AuthorizeEndpoint[0]
Request validation failed
info: IdentityServer4.Endpoints.AuthorizeEndpoint[0]
{
"ClientId": "Xamarin",
"ClientName": "Xamarin Client",
"RedirectUri": "http://xx.xx.xx.xx/signin-oidc",
"AllowedRedirectUris": [
"http://xx.xx.xx.xx/signin-oidc"
],
"SubjectId": "anonymous",
"ResponseType": "token",
"ResponseMode": "fragment",
"GrantType": "implicit",
"RequestedScopes": "",
"State": "5c53c5e5bbe44c0f8c5d4b401df0938e",
"Raw": {
"client_id": "Xamarin",
"response_type": "token",
"scope": "api1",
"redirect_uri": "http://xx.xx.xx.xx/signin-oidc",
"nonce": "49f21e8873d744bea76f6f00ebae3eb4",
"state": "5c53c5e5bbe44c0f8c5d4b401df0938e"
}
}
But if you check my code I do not have a implict flow for this client type. And I have double checked my database to ensure that it is authorization_code. I appreciate if someone could help me fixing this.
It does not look as though idsrv4 supports code, code token nor code id_token token as response_type at the moment - only code id_token. At least the current demo site fails when trying the test client and a /authorize request using the server.code client.
The only working client I found related to authorization code was with a Hybrid setup (code id_token / server.hybrid):
https://demo.identityserver.io/connect/authorize?
client_id=server.hybrid&
response_type=code id_token&
response_mode=fragment&
redirect_uri=https://notused&
scope=openid api&
state=1&
nonce=2
Not sure why that is, as it's already in the list of supported_response_types in the discovery document. Maybe Dominic/Brock can fill in.
"response_types_supported": [
"code",
"token",
"id_token",
"id_token token",
"code id_token",
"code token",
"code id_token token"
],
Non working code flow auth request (unsupported_response_type):
https://demo.identityserver.io/connect/authorize?
client_id=server.code&
response_type=code&
response_mode=fragment&
redirect_uri=https://notused&
scope=openid api&
state=1&
nonce=2