Search code examples
asp.net-identityopenididentityserver4openid-connect

Invalid_client using OpenIdConnect in client application

I have an IdentityServer4 application running with ASP.NET Identity. I want to use that so users from another application can login through my remote identity server.

I have configured a client application in identity server with the following settings (showing only relevant settings):

ClientId: mvc
ProtocolType: oidc
ClientSecret: K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=

(URLs to client app)
RedirectUri: https://localhost:44313/signin-oidc
PostLogoutRedirectUri: https://localhost:44313/signout-callback-oidc

GrantType: Hybrid

client id

enter image description here

My client application (server side Blazor app) has the following settings configured in Startup.cs.

        // Add authentication
        services.AddAuthentication(options =>
        {
            options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
        })
        .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
        .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
        {
            options.RequireHttpsMetadata = false;
            options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.Authority = "http://localhost:5000/"; // local identity server url
            options.ClientId = "mvc";
            options.ClientSecret = "K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=";
            options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
            options.SaveTokens = true;
            options.GetClaimsFromUserInfoEndpoint = true;
            options.Scope.Add("profile openid web_api");
        });

When I start my client app, I then get redirect to my IdentityServer login page. I can then login with a username and password. When I login I then get redirected back to my client application https://localhost:44313/signin-oidc.

But then I get the following error on that page:

OpenIdConnectProtocolException: Message contains error: 'invalid_client', error_description: 'error_description is null', error_uri: 'error_uri is null'.

To me it looks like I am using the correct ClientId?

What am I doing wrong?

Solution

  • ClientSecret should contain the unencrypted value. Take a look at the documentation.

    In your case secret.

    options.ClientSecret = "secret";

    I didn't look further, so if this change doesn't solve it then please let me know.