i just got started in identityserver4 and couldn't figure out why the user-info endpoint is returning a forbidden status
public static IEnumerable<Client> GetClients()
{
return new List<Client>
{
new Client
{
ClientId = "client1",
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedScopes =
{
"api1",
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
},
IncludeJwtId = true,
RequireConsent = false,
AlwaysIncludeUserClaimsInIdToken = true,
AlwaysSendClientClaims = true,
}
};
}.
my users :
public static List<TestUser> GetUsers()
{
return new List<TestUser>
{
new TestUser
{
SubjectId = "1",
Username = "admin",
Password = "admin",
Claims = new List<Claim>
{
new Claim("Name", "test")
}
}
};
}
i'm requesting this way :
var disco = DiscoveryClient.GetAsync("https://localhost:44327").Result;
var tokenClient = new TokenClient(disco.TokenEndpoint, "mvc", "secret");
var tokenResponse = tokenClient.RequestResourceOwnerPasswordAsync("api1","admin","admin").Result;
if (tokenResponse.IsError)
{
Console.WriteLine(tokenResponse.Error);
return;
}
var client = new HttpClient();
client.SetBearerToken(tokenResponse.AccessToken);
var res = client.GetAsync(disco.UserInfoEndpoint).Result;
var claims = res.Content;
why i'm getting a forbidden status code in the userinfo endpoint ? any help is appreciated .
First check your client configuration. In the GetClients() you have a ClientId = "client1" and then in the token client build-up you have var tokenClient = new TokenClient(disco.TokenEndpoint, "mvc", "secret");.
Your clientId is not correct. Where is this mvc coming from?