Any ideas why this can happen? Our IT had ADFS updated from version 3 to version 4. After the update our ASP.NET Core application gets following error:
Error Code:
"Unhandled remote failure. (OAuth token endpoint failure: Status: BadRequest;
Body: {\"error\":\"invalid_client\",\"error_description\":\"MSIS9623: Received invalid Client credentials. The OAuth client is not configured to authenticate using passed in client credentials.\"};)"
The request:
https://.../adfs/oauth2/authorize?client_id=d...4c&scope=&response_type=code&redirect_uri=https%3A%2F%2Flocalhost%3A44377%2F&state=CfDJ8...Og&resource=https%3A%2F%2Flocalhost%3A44377&redirect_url=https%3A%2F%2Flocalhost%3A44377
I tried also tried:
Someone an idea what the "client credentials" means in this context?
ADFS 4.0 throws an error if "client_secret" was sent. ADFS 3.0 has ignored that value.
The UseOAuthAuthentication sends always an "client_secret". My dirty solution is to intercept the http request and remove the "client_secret". If someone has a better solution...
if (securityService.IsOAuthEnabled)
{
HttpClientHandler clientHandler = new HttpClientHandlerInterceptor(){};
var options = securityService.GetOAuthOptions();
options.BackchannelHttpHandler = clientHandler;
app.UseOAuthAuthentication(options);
}
HttpClientHandlerInterceptor:
public class HttpClientHandlerInterceptor : HttpClientHandler
{
protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
if (request.Content is FormUrlEncodedContent)
{
var x = ((FormUrlEncodedContent) request.Content).ReadAsStringAsync().Result;
var contenttype = request.Content.Headers.ContentType.MediaType;
x = x.Replace("client_secret=will+be+ignored&", "");
request.Content = new StringContent(x, Encoding.UTF8, contenttype);
}
return base.SendAsync(request, cancellationToken);
}
}