I get an invalid grant when I try to login from my WinForms app to IS4.
This is the server log:
fail: IdentityServer4.Validation.TokenRequestValidator[0]
Unexpected code_verifier: 12a783b32873a5b4ae0eb7113a067cd978d3d345a8cb29cc0a1a6df131c5839a
fail: IdentityServer4.Validation.TokenRequestValidator[0]
{
"ClientId": "las",
"ClientName": "LAS.NET Client",
"GrantType": "authorization_code",
"AuthorizationCode": "e301575cc20f47acf7c15178310f776642a7a30cf2b6a05f54702097b1645b7a",
"Raw": {
"grant_type": "authorization_code",
"code": "e301575cc20f47acf7c15178310f776642a7a30cf2b6a05f54702097b1645b7a",
"redirect_uri": "http://localhost/winforms.client",
"code_verifier": "12a783b32873a5b4ae0eb7113a067cd978d3d345a8cb29cc0a1a6df131c5839a",
"client_id": "las",
"client_secret": "secret"
}
}
The LoginResult.Error
says "invalid_grant".
This is the client setup:
new Client
{
ClientId = "las",
ClientName = "LAS.NET Client",
AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedScopes = new List<string>
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
IdentityServerConstants.StandardScopes.Phone,
"api1"
},
RedirectUris = { "http://localhost/winforms.client" },
AllowOfflineAccess = true,
RequireConsent = false
},
and this is how I initialize my winform app:
var options = new OidcClientOptions
{
Authority = "http://localhost:5000",
ClientId = "las",
ClientSecret = "secret",
RedirectUri = "http://localhost/winforms.client",
Scope = "openid profile api1 offline_access",
Browser = new WinFormsEmbeddedBrowser(),
Flow = OidcClientOptions.AuthenticationFlow.Hybrid
};
_oidcClient = new OidcClient(options);
How can I fix this issue?
Your WinForms client is telling IdentityServer that it wants to do PKCE however the client does not look like it requires PKCE. In your client configuration/setup add RequirePkce = true
.