I have identity server deploy in azure, when i try deploy my MVC asp .net core as a client. unathorized client error showing up. whats wrong with my config below ?
StartUp Client MVC
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
services.AddAuthentication(options => {
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie("Cookies")
.AddOpenIdConnect("oidc", options => {
options.SignInScheme = "Cookies";
options.Authority = Configuration.GetValue<string>("server:identityurl");
options.RequireHttpsMetadata = false;
options.ClientId = Configuration.GetValue<string>("server:clientid");
options.ClientSecret = Configuration.GetValue<string>("server:clientsecret");
options.ResponseType = Configuration.GetValue<string>("server:responsetype");
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add(Configuration.GetValue<string>("server:scope1"));
options.Scope.Add(Configuration.GetValue<string>("server:scope2"));
});
Appsetting.json & Appsetting.Development.Json
"server": {
"identityurl": "https://pdjayaauthapi.azurewebsites.net",
"clientid": "webapp2",
"clientsecret": "web123",
"responsetype": "code id_token",
"scope1": "masterdataapi",
"scope2": "offline_access"
}
Identity Server startup
public void ConfigureServices(IServiceCollection services)
{
var sqlConnectionString = Configuration.GetConnectionString("MySqlCon");
services.AddDbContext<PDJayaDB>(options =>
options.UseMySql(
sqlConnectionString,
b => b.MigrationsAssembly("PDJaya.Identity")
)
);
//my user repository
services.AddScoped<IUserRepository, UserRepository>();
services.AddSingleton<IConfiguration>(Configuration);
services.AddMvc();
// configure identity server with in-memory stores, keys, clients and resources
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryIdentityResources(Config.GetIdentityResources())
.AddInMemoryApiResources(Config.GetApiResources())
.AddInMemoryClients(Config.GetClients())
.AddTestUsers(Config.GetUsers())
.AddProfileService<ProfileService>();
//Inject the classes we just created
services.AddTransient<IResourceOwnerPasswordValidator, ResourceOwnerPasswordValidator>();
services.AddTransient<IProfileService, ProfileService>();
}
and this is my identityserver config to define client asp .net mvc.
Identity Server Config
new Client
ClientId = "webapp2",
ClientName = "web with openid",
AllowedGrantTypes = GrantTypes.Implicit,
ClientSecrets =
{
new Secret("web123".Sha256())
},
RedirectUris = { "http://pdjayaauthapi.azurewebsites.net/signin-oidc" },
PostLogoutRedirectUris = { "http://pdjayaauthapi.azurewebsites.net/signout-callback-oidc" },
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"masterdataapi",
"transactionapi"
},
AllowOfflineAccess = true
Use the Hybrid flow instead of the Implicit flow that is set as Ryan said. And restart the web app. It should fix the error.