Search code examples
c#oauth-2.0openiddict

The token response was successfully returned: unsupported_grant_type

I'm migrating from .NET Core 1.1 to 2.0, and now I have to update my Authentication too.

I'm using OAuth and OpenIddict to .NET Core 2.0

When I'm sending the request to my connect/token I'm getting this:

OpenIddict.Server.OpenIddictServerHandler[0] The token response was successfully returned: {

"error": "unsupported_grant_type",

"error_description": "The specified 'grant_type' parameter is not supported."

}.

This is my request method:

using (var client = new HttpClient())
{
    var request = new HttpRequestMessage(HttpMethod.Post, $"{url}/connect/token");
    request.Content = new FormUrlEncodedContent(new Dictionary<string, string>
    {
        ["grant_type"] = "client_credentials",
        ["client_id"] = clientId,
        ["client_secret"] = clientSecret,
        ["pessoaid"] = pessoaId,
        ["usuarioid"] = usuarioId,
        ["conta"] = conta,
        ["cpfcnpj"] = userDoubleCpf,
        ["fonteDados"] = fonteDados,
        ["userIdsLogged"] = userIdsLogged
    });

    var response = await client.SendAsync(request, HttpCompletionOption.ResponseContentRead);
    response.EnsureSuccessStatusCode();

    var result = JObject.Parse(await response.Content.ReadAsStringAsync());
    if (result["error"] != null)
    {
        throw new InvalidOperationException("An error occurred while retrieving an access token.");
    }
    return result;
}

My OpenIddictApplications is generated when an application is linked to the user account, so the ClientId and Secret is generated, when a login request is send to my API and retrieve the respective values.

I have folowed the oppeniddict documentation and I have included everything in my Startup.cs

This is my AuthorizationController:

[HttpPost("~/connect/token"), Produces("application/json")]
public async Task<IActionResult> Exchange(OpenIdConnectRequest request)
{
    Debug.Assert(request.IsTokenRequest(),
        "The OpenIddict binder for ASP.NET Core MVC is not registered. " +
        "Make sure services.AddOpenIddict().AddMvcBinders() is correctly called.");

    if (request.IsClientCredentialsGrantType())
    {
        // Note: the client credentials are automatically validated by OpenIddict:
        // if client_id or client_secret are invalid, this action won't be invoked.

        var application = await _applicationManager.FindByClientIdAsync(request.ClientId, HttpContext.RequestAborted);
        if (application == null)
        {
            return BadRequest(new OpenIdConnectResponse
            {
                Error = OpenIdConnectConstants.Errors.InvalidClient,
                ErrorDescription = "The client application was not found in the database."
            });
        }

        // Create a new authentication ticket.
        var ticket = CreateTicket(request, application);

        return SignIn(ticket.Principal, ticket.Properties, ticket.AuthenticationScheme);
    }

    return BadRequest(new OpenIdConnectResponse
    {
        Error = OpenIdConnectConstants.Errors.UnsupportedGrantType,
        ErrorDescription = "The specified grant type is not supported."
    });
}

I'm generating the AuthenticationTicket and returning this.

Any idea about what might be causing this kind of badrequest when I try to send the request to take my token?

Solution

  • This happens because you do not configure the client credentials flow on you Startup.cs.

    See the example: https://github.com/openiddict/openiddict-samples/blob/dev/samples/ClientCredentialsFlow/AuthorizationServer/Startup.cs

    Attention for line 52:

    // Enable the client credentials flow.
options.AllowClientCredentialsFlow();