I took my old config code from my previous core 2 project with identity server and moved it to a new core 3.1 project. Everything seems to be working, database is created and most stuff "looks" right so far. The first problem I have encountered is a scope error when hitting the token endpoint. I get an invalid scope error. I'm not sure why this is not working, here is the log of the call to /connect/token.
[19:34:49 Debug] IdentityServer4.Hosting.EndpointRouter
Request path /connect/token matched to endpoint type Token
[19:34:49 Debug] IdentityServer4.Hosting.EndpointRouter
Endpoint enabled: Token, successfully created handler: IdentityServer4.Endpoints.TokenEndpoint
[19:34:49 Information] IdentityServer4.Hosting.IdentityServerMiddleware
Invoking IdentityServer endpoint: IdentityServer4.Endpoints.TokenEndpoint for /connect/token
[19:34:49 Debug] IdentityServer4.Endpoints.TokenEndpoint
Start token request.
[19:34:49 Debug] IdentityServer4.Validation.ClientSecretValidator
Start client validation
[19:34:49 Debug] IdentityServer4.Validation.BasicAuthenticationSecretParser
Start parsing Basic Authentication secret
[19:34:49 Debug] IdentityServer4.Validation.PostBodySecretParser
Start parsing for secret in post body
[19:34:49 Debug] IdentityServer4.Validation.SecretParser
Parser found secret: PostBodySecretParser
[19:34:49 Debug] IdentityServer4.Validation.SecretParser
Secret id found: myapp_mobile
[19:34:49 Debug] IdentityServer4.EntityFramework.Stores.ClientStore
myapp_mobile found in database: True
[19:34:49 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client myapp_mobile succeeded.
[19:34:49 Debug] IdentityServer4.Validation.SecretValidator
Secret validator success: HashedSharedSecretValidator
[19:34:49 Debug] IdentityServer4.Validation.ClientSecretValidator
Client validation success
[19:34:49 Information] IdentityServer4.Events.DefaultEventService
{"ClientId": "myapp_mobile", "AuthenticationMethod": "SharedSecret", "Category": "Authentication", "Name": "Client Authentication Success", "EventType": "Success", "Id": 1010, "Message": null, "ActivityId": "80000020-0000-fe00-b63f-84710c7967bb", "TimeStamp": "2020-02-08T00:34:49.0000000Z", "ProcessId": 22424, "LocalIpAddress": "10.37.129.3:443", "RemoteIpAddress": "10.37.129.2", "$type": "ClientAuthenticationSuccessEvent"}
[19:34:49 Debug] IdentityServer4.Validation.TokenRequestValidator
Start token request validation
[19:34:49 Debug] IdentityServer4.Validation.TokenRequestValidator
Start resource owner password token request validation
[19:34:49 Debug] IdentityServer4.EntityFramework.Stores.ResourceStore
Found [] identity scopes in database
[19:34:49 Debug] IdentityServer4.EntityFramework.Stores.ResourceStore
Found ["myapp_api_resource", "myapp_api"] API scopes in database
[19:34:49 Error] IdentityServer4.Validation.ScopeValidator
Requested scope not allowed: email
[19:34:49 Error] IdentityServer4.Validation.TokenRequestValidator
{"ClientId": "myapp_mobile", "ClientName": "myapp Mobile App", "GrantType": "password", "Scopes": null, "AuthorizationCode": null, "RefreshToken": null, "UserName": null, "AuthenticationContextReferenceClasses": null, "Tenant": null, "IdP": null, "Raw": {"client_id": "myapp_mobile", "client_secret": "***REDACTED***", "username": "testguy1", "password": "***REDACTED***", "grant_type": "password"}, "$type": "TokenRequestValidationLog"}
[19:34:49 Information] IdentityServer4.Events.DefaultEventService
{"ClientId": "myapp_mobile", "ClientName": "myapp Mobile App", "RedirectUri": null, "Endpoint": "Token", "SubjectId": null, "Scopes": null, "GrantType": "password", "Error": "invalid_scope", "ErrorDescription": null, "Category": "Token", "Name": "Token Issued Failure", "EventType": "Failure", "Id": 2001, "Message": null, "ActivityId": "80000020-0000-fe00-b63f-84710c7967bb", "TimeStamp": "2020-02-08T00:34:49.0000000Z", "ProcessId": 22424, "LocalIpAddress": "10.37.129.3:443", "RemoteIpAddress": "10.37.129.2", "$type": "TokenIssuedFailureEvent"}
I get that "Requests scope not allowed: email", I have no idea why. I am requesting no scopes so I should receive all of them. Is this something that is an asp.net core identity setting that I missed? The client scopes table has email for my client so any help would be great.
Thanks.
Well, the answer is simple if anyone else has this problem.
Probably somewhere in my old setup I manually added the IdentityResource configs to the database or they never made it into my final database seeding code. Once I added those the token endpoint started to work.