I'm having a problem trying to configure Identity Server and a calling MVC Client. I'm using both Entity Framework Core and ASP.NET Core Identity with IS4 to configure my clients, scopes, users, etc.
The error I'm getting is:
OpenIdConnectProtocolException: Message contains error: 'invalid_client', error_description: 'error_description is null', error_uri: 'error_uri is null'. as soon as I enter login/password and get redirected back to the client.
My IS4 log states that my user authentication is fine, but when trying to fetch the access token, it fails, here it is:
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 POST https://localhost:5000/connect/token application/x-www-form-urlencoded 236
dbug: IdentityServer4.Hosting.EndpointRouter[0]
Request path /connect/token matched to endpoint type Token
dbug: IdentityServer4.Hosting.EndpointRouter[0]
Endpoint enabled: Token, successfully created handler: IdentityServer4.Endpoints.TokenEndpoint
info: IdentityServer4.Hosting.IdentityServerMiddleware[0]
Invoking IdentityServer endpoint: IdentityServer4.Endpoints.TokenEndpoint for /connect/token
dbug: IdentityServer4.Endpoints.TokenEndpoint[0]
Start token request.
dbug: IdentityServer4.Validation.ClientSecretValidator[0]
Start client validation
dbug: IdentityServer4.Validation.BasicAuthenticationSecretParser[0]
Start parsing Basic Authentication secret
dbug: IdentityServer4.Validation.PostBodySecretParser[0]
Start parsing for secret in post body
dbug: IdentityServer4.Validation.SecretParser[0]
Parser found secret: PostBodySecretParser
dbug: IdentityServer4.Validation.SecretParser[0]
Secret id found: lssite
info: Microsoft.EntityFrameworkCore.Infrastructure[10403]
Entity Framework Core 2.1.4-rtm-31024 initialized 'ConfigurationDbContext' using provider 'Pomelo.EntityFrameworkCore.MySql' with options: None
info: Microsoft.EntityFrameworkCore.Database.Command[20101]
Executed DbCommand (1ms) [Parameters=[@__clientId_0='?' (Size = 200)], CommandType='Text', CommandTimeout='30']
SELECT `x`.`Id`, `x`.`AbsoluteRefreshTokenLifetime`, `x`.`AccessTokenLifetime`, `x`.`AccessTokenType`, `x`.`AllowAccessTokensViaBrowser`, `x`.`AllowOfflineAccess`, `x`.`AllowPlainTextPkce`, `x`.`AllowRememberConsent`, `x`.`AlwaysIncludeUserClaimsInIdToken`, `x`.`AlwaysSendClientClaims`, `x`.`AuthorizationCodeLifetime`, `x`.`BackChannelLogoutSessionRequired`, `x`.`BackChannelLogoutUri`, `x`.`ClientClaimsPrefix`, `x`.`ClientId`, `x`.`ClientName`, `x`.`ClientUri`, `x`.`ConsentLifetime`, `x`.`Created`, `x`.`Description`, `x`.`DeviceCodeLifetime`, `x`.`EnableLocalLogin`, `x`.`Enabled`, `x`.`FrontChannelLogoutSessionRequired`, `x`.`FrontChannelLogoutUri`, `x`.`IdentityTokenLifetime`, `x`.`IncludeJwtId`, `x`.`LastAccessed`, `x`.`LogoUri`, `x`.`NonEditable`, `x`.`PairWiseSubjectSalt`, `x`.`ProtocolType`, `x`.`RefreshTokenExpiration`, `x`.`RefreshTokenUsage`, `x`.`RequireClientSecret`, `x`.`RequireConsent`, `x`.`RequirePkce`, `x`.`SlidingRefreshTokenLifetime`, `x`.`UpdateAccessTokenClaimsOnRefresh`, `x`.`Updated`, `x`.`UserCodeType`, `x`.`UserSsoLifetime`
FROM `Clients` AS `x`
WHERE `x`.`ClientId` = @__clientId_0
ORDER BY `x`.`Id`
LIMIT 1
info: Microsoft.EntityFrameworkCore.Database.Command[20101]
Executed DbCommand (1ms) [Parameters=[@__clientId_0='?' (Size = 200)], CommandType='Text', CommandTimeout='30']
SELECT `x.AllowedGrantTypes`.`Id`, `x.AllowedGrantTypes`.`ClientId`, `x.AllowedGrantTypes`.`GrantType`
FROM `ClientGrantTypes` AS `x.AllowedGrantTypes`
INNER JOIN (
SELECT `x0`.`Id`
FROM `Clients` AS `x0`
WHERE `x0`.`ClientId` = @__clientId_0
ORDER BY `x0`.`Id`
LIMIT 1
) AS `t` ON `x.AllowedGrantTypes`.`ClientId` = `t`.`Id`
ORDER BY `t`.`Id`
info: Microsoft.EntityFrameworkCore.Database.Command[20101]
Executed DbCommand (0ms) [Parameters=[@__clientId_0='?' (Size = 200)], CommandType='Text', CommandTimeout='30']
SELECT `x.RedirectUris`.`Id`, `x.RedirectUris`.`ClientId`, `x.RedirectUris`.`RedirectUri`
FROM `ClientRedirectUris` AS `x.RedirectUris`
INNER JOIN (
SELECT `x1`.`Id`
FROM `Clients` AS `x1`
WHERE `x1`.`ClientId` = @__clientId_0
ORDER BY `x1`.`Id`
LIMIT 1
) AS `t0` ON `x.RedirectUris`.`ClientId` = `t0`.`Id`
ORDER BY `t0`.`Id`
info: Microsoft.EntityFrameworkCore.Database.Command[20101]
Executed DbCommand (0ms) [Parameters=[@__clientId_0='?' (Size = 200)], CommandType='Text', CommandTimeout='30']
SELECT `x.PostLogoutRedirectUris`.`Id`, `x.PostLogoutRedirectUris`.`ClientId`, `x.PostLogoutRedirectUris`.`PostLogoutRedirectUri`
FROM `ClientPostLogoutRedirectUris` AS `x.PostLogoutRedirectUris`
INNER JOIN (
SELECT `x2`.`Id`
FROM `Clients` AS `x2`
WHERE `x2`.`ClientId` = @__clientId_0
ORDER BY `x2`.`Id`
LIMIT 1
) AS `t1` ON `x.PostLogoutRedirectUris`.`ClientId` = `t1`.`Id`
ORDER BY `t1`.`Id`
info: Microsoft.EntityFrameworkCore.Database.Command[20101]
Executed DbCommand (1ms) [Parameters=[@__clientId_0='?' (Size = 200)], CommandType='Text', CommandTimeout='30']
SELECT `x.AllowedScopes`.`Id`, `x.AllowedScopes`.`ClientId`, `x.AllowedScopes`.`Scope`
FROM `ClientScopes` AS `x.AllowedScopes`
INNER JOIN (
SELECT `x3`.`Id`
FROM `Clients` AS `x3`
WHERE `x3`.`ClientId` = @__clientId_0
ORDER BY `x3`.`Id`
LIMIT 1
) AS `t2` ON `x.AllowedScopes`.`ClientId` = `t2`.`Id`
ORDER BY `t2`.`Id`
info: Microsoft.EntityFrameworkCore.Database.Command[20101]
Executed DbCommand (1ms) [Parameters=[@__clientId_0='?' (Size = 200)], CommandType='Text', CommandTimeout='30']
SELECT `x.ClientSecrets`.`Id`, `x.ClientSecrets`.`ClientId`, `x.ClientSecrets`.`Created`, `x.ClientSecrets`.`Description`, `x.ClientSecrets`.`Expiration`, `x.ClientSecrets`.`Type`, `x.ClientSecrets`.`Value`
FROM `ClientSecrets` AS `x.ClientSecrets`
INNER JOIN (
SELECT `x4`.`Id`
FROM `Clients` AS `x4`
WHERE `x4`.`ClientId` = @__clientId_0
ORDER BY `x4`.`Id`
LIMIT 1
) AS `t3` ON `x.ClientSecrets`.`ClientId` = `t3`.`Id`
ORDER BY `t3`.`Id`
info: Microsoft.EntityFrameworkCore.Database.Command[20101]
Executed DbCommand (0ms) [Parameters=[@__clientId_0='?' (Size = 200)], CommandType='Text', CommandTimeout='30']
SELECT `x.Claims`.`Id`, `x.Claims`.`ClientId`, `x.Claims`.`Type`, `x.Claims`.`Value`
FROM `ClientClaims` AS `x.Claims`
INNER JOIN (
SELECT `x5`.`Id`
FROM `Clients` AS `x5`
WHERE `x5`.`ClientId` = @__clientId_0
ORDER BY `x5`.`Id`
LIMIT 1
) AS `t4` ON `x.Claims`.`ClientId` = `t4`.`Id`
ORDER BY `t4`.`Id`
info: Microsoft.EntityFrameworkCore.Database.Command[20101]
Executed DbCommand (0ms) [Parameters=[@__clientId_0='?' (Size = 200)], CommandType='Text', CommandTimeout='30']
SELECT `x.IdentityProviderRestrictions`.`Id`, `x.IdentityProviderRestrictions`.`ClientId`, `x.IdentityProviderRestrictions`.`Provider`
FROM `ClientIdPRestrictions` AS `x.IdentityProviderRestrictions`
INNER JOIN (
SELECT `x6`.`Id`
FROM `Clients` AS `x6`
WHERE `x6`.`ClientId` = @__clientId_0
ORDER BY `x6`.`Id`
LIMIT 1
) AS `t5` ON `x.IdentityProviderRestrictions`.`ClientId` = `t5`.`Id`
ORDER BY `t5`.`Id`
info: Microsoft.EntityFrameworkCore.Database.Command[20101]
Executed DbCommand (0ms) [Parameters=[@__clientId_0='?' (Size = 200)], CommandType='Text', CommandTimeout='30']
SELECT `x.AllowedCorsOrigins`.`Id`, `x.AllowedCorsOrigins`.`ClientId`, `x.AllowedCorsOrigins`.`Origin`
FROM `ClientCorsOrigins` AS `x.AllowedCorsOrigins`
INNER JOIN (
SELECT `x7`.`Id`
FROM `Clients` AS `x7`
WHERE `x7`.`ClientId` = @__clientId_0
ORDER BY `x7`.`Id`
LIMIT 1
) AS `t6` ON `x.AllowedCorsOrigins`.`ClientId` = `t6`.`Id`
ORDER BY `t6`.`Id`
info: Microsoft.EntityFrameworkCore.Database.Command[20101]
Executed DbCommand (1ms) [Parameters=[@__clientId_0='?' (Size = 200)], CommandType='Text', CommandTimeout='30']
SELECT `x.Properties`.`Id`, `x.Properties`.`ClientId`, `x.Properties`.`Key`, `x.Properties`.`Value`
FROM `ClientProperties` AS `x.Properties`
INNER JOIN (
SELECT `x8`.`Id`
FROM `Clients` AS `x8`
WHERE `x8`.`ClientId` = @__clientId_0
ORDER BY `x8`.`Id`
LIMIT 1
) AS `t7` ON `x.Properties`.`ClientId` = `t7`.`Id`
ORDER BY `t7`.`Id`
dbug: IdentityServer4.EntityFramework.Stores.ClientStore[0]
lssite found in database: True
dbug: IdentityServer4.Stores.ValidatingClientStore[0]
client configuration validation for client lssite succeeded.
dbug: IdentityServer4.Validation.HashedSharedSecretValidator[0]
No matching hashed secret found.
dbug: IdentityServer4.Validation.SecretValidator[0]
Secret validators could not validate secret
info: IdentityServer4.Events.DefaultEventService[0]
{
"Name": "Client Authentication Failure",
"Category": "Authentication",
"EventType": "Failure",
"Id": 1011,
"ClientId": "lssite",
"Message": "Invalid client secret",
"ActivityId": "0HLK6AKHC5UAJ:00000003",
"TimeStamp": "2019-01-30T01:49:20Z",
"ProcessId": 10624,
"LocalIpAddress": "::1:5000",
"RemoteIpAddress": "::1"
}
fail: IdentityServer4.Validation.ClientSecretValidator[0]
Client secret validation failed for client: lssite.
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 137.9524ms 400 application/json; charset=UTF-8
The exception that appears in my client is:
System.Exception: An error was encountered while handling the remote login. ---> Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolException: Message contains error: 'invalid_client', error_description: 'error_description is null', error_uri: 'error_uri is null'.
at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.RedeemAuthorizationCodeAsync(OpenIdConnectMessage tokenEndpointRequest)
at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync()
--- End of inner exception stack trace ---
at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
The Statup.cs I'm using in Identity Server 4 is:
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(options =>
{
options.AddPolicy("AllowAllOrigins",
builder =>
{
builder.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader().AllowCredentials();
});
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
services.AddSingleton<IEmailSender, EmailSender>();
var connectionString = Configuration.GetConnectionString("DefaultConnection");
var identityServer = services.AddIdentityServer(options =>
{
options.Events.RaiseErrorEvents = true;
options.Events.RaiseInformationEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseSuccessEvents = true;
options.UserInteraction.LoginUrl = "/Identity/Account/Login";
options.UserInteraction.LogoutUrl = "/Identity/Account/Logout";
})
// this adds the config data from DB (clients, resources, CORS)
.AddConfigurationStore(options =>
{
options.ConfigureDbContext = builder =>
builder.UseMySql(connectionString);
})
// this adds the operational data from DB (codes, tokens, consents)
.AddOperationalStore(options =>
{
options.ConfigureDbContext = builder =>
builder.UseMySql(connectionString);
}).AddAspNetIdentity<Aspnetusers>();
services.AddAuthentication()
.AddGoogle(options =>
{
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
options.ClientId = "708996912208-9m4dkjb5hscn7cjrn5u0r4tbgkbj1fko.apps.googleusercontent.com";
options.ClientSecret = "wdfPY6t8H8cecgjlxud__4Gh";
});
services.AddTransient<IResourceOwnerPasswordValidator, ResourceOwnerPasswordValidator>()
.AddTransient<IProfileService, ProfileService>();
RSA rsa = RSA.Create();
string key = (string)Configuration.GetSection("AppSettings").GetValue(typeof(string), "RSAPrivateKey");
rsa.FromJsonString(key);
Microsoft.IdentityModel.Tokens.RsaSecurityKey rsk = new Microsoft.IdentityModel.Tokens.RsaSecurityKey(rsa);
identityServer.AddSigningCredential(rsk);
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
}
app.UseIdentityServer();
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
The Startup.cs for my MVC Client is as follows:
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
options.DefaultSignInScheme = "oidc";
})
.AddCookie("Cookies")
.AddOpenIdConnect("oidc", options =>
{
options.SignInScheme = "Cookies";
options.AuthenticationMethod = Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectRedirectBehavior.RedirectGet;
options.Authority = "https://localhost:5000";
options.RequireHttpsMetadata = false;
options.ResponseType = "code id_token token";
options.ClientId = "lssite";
options.ClientSecret = "VQGBtSDEK7tzIzSJyfCYqdHDTQHt7kD2VQ1hHWnY7Dw=";
options.Scope.Add("lsapi");
options.Scope.Add("offline_access");
options.GetClaimsFromUserInfoEndpoint = true;
options.SaveTokens = true;
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
And a dump from my MySQL database that holds the configuration:
-- MySQL dump 10.13 Distrib 8.0.12, for Win64 (x86_64)
--
-- Host: 127.0.0.1 Database: lsidentityconfig
-- ------------------------------------------------------
-- Server version 8.0.12
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
SET NAMES utf8 ;
/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
/*!40103 SET TIME_ZONE='+00:00' */;
/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
--
-- Dumping data for table `apiclaims`
--
LOCK TABLES `apiclaims` WRITE;
/*!40000 ALTER TABLE `apiclaims` DISABLE KEYS */;
/*!40000 ALTER TABLE `apiclaims` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Dumping data for table `apiproperties`
--
LOCK TABLES `apiproperties` WRITE;
/*!40000 ALTER TABLE `apiproperties` DISABLE KEYS */;
/*!40000 ALTER TABLE `apiproperties` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Dumping data for table `apiresources`
--
LOCK TABLES `apiresources` WRITE;
/*!40000 ALTER TABLE `apiresources` DISABLE KEYS */;
INSERT INTO `apiresources` VALUES (1,1,'lsapi','API',' Main API','2018-01-21 15:35:00.000000',NULL,NULL,0);
/*!40000 ALTER TABLE `apiresources` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Dumping data for table `apiscopeclaims`
--
LOCK TABLES `apiscopeclaims` WRITE;
/*!40000 ALTER TABLE `apiscopeclaims` DISABLE KEYS */;
/*!40000 ALTER TABLE `apiscopeclaims` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Dumping data for table `apiscopes`
--
LOCK TABLES `apiscopes` WRITE;
/*!40000 ALTER TABLE `apiscopes` DISABLE KEYS */;
INSERT INTO `apiscopes` VALUES (1,'lsapi','API',' Main API',0,0,1,1);
/*!40000 ALTER TABLE `apiscopes` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Dumping data for table `apisecrets`
--
LOCK TABLES `apisecrets` WRITE;
/*!40000 ALTER TABLE `apisecrets` DISABLE KEYS */;
--
-- Dumping data for table `clientclaims`
--
LOCK TABLES `clientclaims` WRITE;
/*!40000 ALTER TABLE `clientclaims` DISABLE KEYS */;
/*!40000 ALTER TABLE `clientclaims` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Dumping data for table `clientcorsorigins`
--
LOCK TABLES `clientcorsorigins` WRITE;
/*!40000 ALTER TABLE `clientcorsorigins` DISABLE KEYS */;
INSERT INTO `clientcorsorigins` VALUES (1,'https://localhost:44336',2);
/*!40000 ALTER TABLE `clientcorsorigins` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Dumping data for table `clientgranttypes`
--
LOCK TABLES `clientgranttypes` WRITE;
/*!40000 ALTER TABLE `clientgranttypes` DISABLE KEYS */;
INSERT INTO `clientgranttypes` VALUES (1,'password',1),(2,'refresh',1),(4,'hybrid',2),(6,'code',2);
/*!40000 ALTER TABLE `clientgranttypes` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Dumping data for table `clientidprestrictions`
--
LOCK TABLES `clientidprestrictions` WRITE;
/*!40000 ALTER TABLE `clientidprestrictions` DISABLE KEYS */;
/*!40000 ALTER TABLE `clientidprestrictions` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Dumping data for table `clientpostlogoutredirecturis`
--
LOCK TABLES `clientpostlogoutredirecturis` WRITE;
/*!40000 ALTER TABLE `clientpostlogoutredirecturis` DISABLE KEYS */;
INSERT INTO `clientpostlogoutredirecturis` VALUES (1,'https://localhost:44336/signout-callback-oidc',2);
/*!40000 ALTER TABLE `clientpostlogoutredirecturis` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Dumping data for table `clientproperties`
--
LOCK TABLES `clientproperties` WRITE;
/*!40000 ALTER TABLE `clientproperties` DISABLE KEYS */;
/*!40000 ALTER TABLE `clientproperties` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Dumping data for table `clientredirecturis`
--
LOCK TABLES `clientredirecturis` WRITE;
/*!40000 ALTER TABLE `clientredirecturis` DISABLE KEYS */;
INSERT INTO `clientredirecturis` VALUES (1,'https://localhost:44336/signin-oidc',2),(4,'https://localhost:44336/',2);
/*!40000 ALTER TABLE `clientredirecturis` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Dumping data for table `clients`
--
LOCK TABLES `clients` WRITE;
/*!40000 ALTER TABLE `clients` DISABLE KEYS */;
INSERT INTO `clients` VALUES (1,1,'lsgame','oidc',1,'Game Client',NULL,NULL,NULL,0,0,0,0,0,0,NULL,1,NULL,1,1,300,3600,300,NULL,2592000,1296000,1,1,1,0,1,0,0,'ls_',NULL,'2019-01-21 15:45:00.000000',NULL,NULL,NULL,NULL,300,0),(2,1,'lssite','oidc',1,'Website',NULL,'https://localhost:44336',NULL,0,0,1,0,0,1,NULL,0,NULL,1,1,300,3600,300,NULL,2592000,1296000,0,0,0,0,1,0,1,'ls_',NULL,'2019-01-21 15:45:00.000000',NULL,NULL,NULL,NULL,300,0);
/*!40000 ALTER TABLE `clients` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Dumping data for table `clientscopes`
--
LOCK TABLES `clientscopes` WRITE;
/*!40000 ALTER TABLE `clientscopes` DISABLE KEYS */;
INSERT INTO `clientscopes` VALUES (1,'lsapi',1),(2,'lsapi',2),(3,'openid',2),(4,'profile',2);
/*!40000 ALTER TABLE `clientscopes` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Dumping data for table `clientsecrets`
--
LOCK TABLES `clientsecrets` WRITE;
/*!40000 ALTER TABLE `clientsecrets` DISABLE KEYS */;
INSERT INTO `clientsecrets` VALUES (1,NULL,'VQGBtSDEK7tzIzSJyfCYqdHDTQHt7kD2VQ1hHWnY7Dw=',NULL,'SharedSecret','2019-01-21 15:48:00.000000',1),(2,NULL,'VQGBtSDEK7tzIzSJyfCYqdHDTQHt7kD2VQ1hHWnY7Dw=',NULL,'SharedSecret','2019-01-21 15:48:00.000000',2);
/*!40000 ALTER TABLE `clientsecrets` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Dumping data for table `devicecodes`
--
LOCK TABLES `devicecodes` WRITE;
/*!40000 ALTER TABLE `devicecodes` DISABLE KEYS */;
/*!40000 ALTER TABLE `devicecodes` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Dumping data for table `identityclaims`
--
LOCK TABLES `identityclaims` WRITE;
/*!40000 ALTER TABLE `identityclaims` DISABLE KEYS */;
/*!40000 ALTER TABLE `identityclaims` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Dumping data for table `identityproperties`
--
LOCK TABLES `identityproperties` WRITE;
/*!40000 ALTER TABLE `identityproperties` DISABLE KEYS */;
/*!40000 ALTER TABLE `identityproperties` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Dumping data for table `identityresources`
--
LOCK TABLES `identityresources` WRITE;
/*!40000 ALTER TABLE `identityresources` DISABLE KEYS */;
INSERT INTO `identityresources` VALUES (1,1,'openid','openid','openid',1,0,1,'2019-01-24 18:34:00.000000',NULL,0),(2,1,'profile','profile','profile',1,0,1,'2019-01-24 18:34:00.000000',NULL,0);
/*!40000 ALTER TABLE `identityresources` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Dumping data for table `persistedgrants`
--
LOCK TABLES `persistedgrants` WRITE;
/*!40000 ALTER TABLE `persistedgrants` DISABLE KEYS */;
/*!40000 ALTER TABLE `persistedgrants` ENABLE KEYS */;
UNLOCK TABLES;
/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
I am completely at a loss here, don't know what to do to make this work, tried following all quickstarts again, made it work with implicit flow, but I cannot make this work, been trying for 3 days, so PLEASE, if anyone know, what am I doing wrong here?
Looks like you are trying to decode the hash value of the secret in your client.
Just use the plain text value of the secret when configuring the client oidc service.
options.ClientSecret = “plain_text”
In the identity server samples the plain text value is “secret” but you might have configured a different one since you are using db to store configuration.
VQGBtSDEK7tzIzSJyfCYqdHDTQHt7kD2VQ1hHWnY7Dw= is the hash value as shown in your database dump so in your client you need to use plain text secret value.