Authentication has been denied for this request

Question

I have created this identity server 4 project which works locally on my machine and also works when I deploy it to an internal server (production) in my company. Now I am facing an issue which is really confusing me when I move the deployed app from our internal server to a live (external) server This error comes when i try getting data from the api because I am able to log in successfully and I even get the token. And when i check the idp log file, i get the following:

[04:36:03 Information] Starting host...

[04:36:04 Information] IdentityServer4.Startup Starting IdentityServer4 version 4.0.2+58e6bc8a94236b81d1d3c606c8295203c7c1c9e2

[04:36:04 Information] IdentityServer4.Startup Using the default authentication scheme Identity.Application for IdentityServer

[04:36:04 Debug] IdentityServer4.Startup Using Identity.Application as default ASP.NET Core scheme for authentication

[04:36:04 Debug] IdentityServer4.Startup Using Identity.External as default ASP.NET Core scheme for sign-in

[04:36:04 Debug] IdentityServer4.Startup Using Identity.External as default ASP.NET Core scheme for sign-out

[04:36:04 Debug] IdentityServer4.Startup Using Identity.Application as default ASP.NET Core scheme for challenge

[04:36:04 Debug] IdentityServer4.Startup Using Identity.Application as default ASP.NET Core scheme for forbid

[04:36:04 Information] Microsoft.Hosting.Lifetime Now listening on: http://127.0.0.1:39619

[04:36:04 Information] Microsoft.Hosting.Lifetime Application started. Press Ctrl+C to shut down.

[04:36:04 Information] Microsoft.Hosting.Lifetime Hosting environment: Production

[04:36:04 Information] Microsoft.Hosting.Lifetime Content root path: C:\inetpub\wwwroot\TaxRevenueIdp

[04:36:04 Debug] IdentityServer4.Startup Login Url: /Account/Login

[04:36:04 Debug] IdentityServer4.Startup Login Return Url Parameter: ReturnUrl

[04:36:04 Debug] IdentityServer4.Startup Logout Url: /Account/Logout

[04:36:04 Debug] IdentityServer4.Startup ConsentUrl Url: /consent

[04:36:04 Debug] IdentityServer4.Startup Consent Return Url Parameter: returnUrl

[04:36:04 Debug] IdentityServer4.Startup Error Url: /home/error

[04:36:04 Debug] IdentityServer4.Startup Error Id Parameter: errorId

[04:36:05 Debug] IdentityServer4.Hosting.EndpointRouter Request path /connect/authorize matched to endpoint type Authorize

[04:36:05 Debug] IdentityServer4.Hosting.EndpointRouter Endpoint enabled: Authorize, successfully created handler: IdentityServer4.Endpoints.AuthorizeEndpoint

[04:36:05 Information] IdentityServer4.Hosting.IdentityServerMiddleware Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeEndpoint for /connect/authorize

[04:36:05 Debug] IdentityServer4.Endpoints.AuthorizeEndpoint Start authorize request

[04:36:05 Debug] IdentityServer4.Endpoints.AuthorizeEndpoint User in authorize request: 00b6146c-0770-4c20-a29b-8427c37d4c99

[04:36:05 Debug] IdentityServer4.Validation.AuthorizeRequestValidator Start authorize request protocol validation

[04:36:05 Debug] IdentityServer4.EntityFramework.Stores.ClientStore TaxAdminCode found in database: True

[04:36:05 Debug] IdentityServer4.Stores.ValidatingClientStore client configuration validation for client TaxAdminCode succeeded.

[04:36:05 Debug] IdentityServer4.Validation.AuthorizeRequestValidator Checking for PKCE parameters

[04:36:05 Debug] IdentityServer4.Validation.AuthorizeRequestValidator No PKCE used.

[04:36:05 Debug] IdentityServer4.EntityFramework.Stores.ResourceStore Found ["profile", "openid", "email"] identity scopes in database

[04:36:05 Debug] IdentityServer4.EntityFramework.Stores.ResourceStore Found ["collectorapi"] API resources in database

[04:36:05 Debug] IdentityServer4.EntityFramework.Stores.ResourceStore Found ["collectorapi"] scopes in database

[04:36:05 Debug] IdentityServer4.Validation.AuthorizeRequestValidator Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator

[04:36:05 Debug] IdentityServer4.Endpoints.AuthorizeEndpoint ValidatedAuthorizeRequest {"ClientId": "TaxAdminCode", "ClientName": "Tax Admin Code", "RedirectUri": "https://<>/PersolTaxService", "AllowedRedirectUris": ["https://.../PersolTaxService/signin-oidc"], "SubjectId": "00b6146c-0770-4c20-a29b-8427c37d4c99", "ResponseType": "code", "ResponseMode": "query", "GrantType": "authorization_code", "RequestedScopes": "collectorapi profile openid email", "State": null, "UiLocales": null, "Nonce": null, "AuthenticationContextReferenceClasses": null, "DisplayMode": null, "PromptMode": "", "MaxAge": null, "LoginHint": null, "SessionId": "04847BC7FEBA51BF79477CAB9931AC35", "Raw": {"response_type": "code", "state": "", "client_id": "TaxAdminCode", "scope": "collectorapi profile openid email", "redirect_uri": "https://.../PersolTaxService"}, "$type": "AuthorizeRequestValidationLog"}

[04:36:05 Debug] IdentityServer4.Services.DefaultConsentService Client is configured to not require consent, no consent is required

[04:36:05 Debug] IdentityServer4.ResponseHandling.AuthorizeResponseGenerator Creating Authorization Code Flow response.

[04:36:05 Debug] IdentityServer4.EntityFramework.Stores.PersistedGrantStore 2czi9SJKgRsF3kn39k7qgm9rgolATlMmAhlI464hJIs= not found in database

[04:36:06 Information] IdentityServer4.Events.DefaultEventService {"ClientId": "TaxAdminCode", "ClientName": "Tax Admin Code", "RedirectUri": "https://.../PersolTaxService", "Endpoint": "Authorize", "SubjectId": "00b6146c-0770-4c20-a29b-8427c37d4c99", "Scopes": "collectorapi profile openid email", "GrantType": "authorization_code", "Tokens": [{"TokenType": "code", "TokenValue": "****70F2", "$type": "Token"}], "Category": "Token", "Name": "Token Issued Success", "EventType": "Success", "Id": 2000, "Message": null, "ActivityId": "0HM2JM2P8F6QO:00000001", "TimeStamp": "2020-09-08T04:36:06.0000000Z", "ProcessId": 15124, "LocalIpAddress": "127.0.0.1:39619", "RemoteIpAddress": "154.160.19.136", "$type": "TokenIssuedSuccessEvent"}

[04:36:06 Debug] IdentityServer4.Endpoints.AuthorizeEndpoint Authorize endpoint response {"SubjectId": "00b6146c-0770-4c20-a29b-8427c37d4c99", "ClientId": "TaxAdminCode", "RedirectUri": "https://.../PersolTaxService", "State": null, "Scope": "collectorapi profile openid email", "Error": null, "ErrorDescription": null, "$type": "AuthorizeResponseLog"}

[04:36:06 Debug] IdentityServer4.Hosting.IdentityServerAuthenticationService Augmenting SignInContext

[04:36:06 Information] Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler AuthenticationScheme: Identity.Application signed in.

[04:36:06 Debug] IdentityServer4.Hosting.EndpointRouter Request path /connect/token matched to endpoint type Token

[04:36:06 Debug] IdentityServer4.Hosting.EndpointRouter Endpoint enabled: Token, successfully created handler: IdentityServer4.Endpoints.TokenEndpoint

[04:36:06 Information] IdentityServer4.Hosting.IdentityServerMiddleware Invoking IdentityServer endpoint: IdentityServer4.Endpoints.TokenEndpoint for /connect/token

[04:36:06 Debug] IdentityServer4.Endpoints.TokenEndpoint Start token request.

[04:36:06 Debug] IdentityServer4.Validation.ClientSecretValidator Start client validation

[04:36:06 Debug] IdentityServer4.Validation.BasicAuthenticationSecretParser Start parsing Basic Authentication secret

[04:36:06 Debug] IdentityServer4.Validation.ISecretsListParser Parser found secret: BasicAuthenticationSecretParser

[04:36:06 Debug] IdentityServer4.Validation.ISecretsListParser Secret id found: TaxAdminCode

[04:36:06 Debug] IdentityServer4.EntityFramework.Stores.ClientStore TaxAdminCode found in database: True

[04:36:06 Debug] IdentityServer4.Stores.ValidatingClientStore client configuration validation for client TaxAdminCode succeeded.

[04:36:06 Debug] IdentityServer4.Validation.ClientSecretValidator Public Client - skipping secret validation success

[04:36:06 Debug] IdentityServer4.Validation.ClientSecretValidator Client validation success

[04:36:06 Information] IdentityServer4.Events.DefaultEventService {"ClientId": "TaxAdminCode", "AuthenticationMethod": "SharedSecret", "Category": "Authentication", "Name": "Client Authentication Success", "EventType": "Success", "Id": 1010, "Message": null, "ActivityId": "0HM2JM2P8F6QO:00000002", "TimeStamp": "2020-09-08T04:36:06.0000000Z", "ProcessId": 15124, "LocalIpAddress": "127.0.0.1:39619", "RemoteIpAddress": "154.160.19.136", "$type": "ClientAuthenticationSuccessEvent"}

[04:36:06 Debug] IdentityServer4.Validation.TokenRequestValidator Start token request validation

[04:36:06 Debug] IdentityServer4.Validation.TokenRequestValidator Start validation of authorization code token request

[04:36:06 Debug] IdentityServer4.EntityFramework.Stores.PersistedGrantStore 2czi9SJKgRsF3kn39k7qgm9rgolATlMmAhlI464hJIs= found in database: True

[04:36:06 Debug] IdentityServer4.EntityFramework.Stores.PersistedGrantStore removing 2czi9SJKgRsF3kn39k7qgm9rgolATlMmAhlI464hJIs= persisted grant from database

[04:36:06 Debug] IdentityServer4.Validation.TokenRequestValidator Validation of authorization code token request success

[04:36:06 Information] IdentityServer4.Validation.TokenRequestValidator Token request validation success, {"ClientId": "TaxAdminCode", "ClientName": "Tax Admin Code", "GrantType": "authorization_code", "Scopes": null, "AuthorizationCode": "06E8389B3304937E176059F68E9DDA389FAC86D0C1C0D97C9851D96F29E270F2", "RefreshToken": null, "UserName": null, "AuthenticationContextReferenceClasses": null, "Tenant": null, "IdP": null, "Raw": {"grant_type": "authorization_code", "code": "06E8389B3304937E176059F68E9DDA389FAC86D0C1C0D97C9851D96F29E270F2", "redirect_uri": "https://.../PersolTaxService", "client_id": "TaxAdminCode"}, "$type": "TokenRequestValidationLog"}

[04:36:06 Debug] IdentityServer4.EntityFramework.Stores.ClientStore TaxAdminCode found in database: True

[04:36:06 Debug] IdentityServer4.Stores.ValidatingClientStore client configuration validation for client TaxAdminCode succeeded.

[04:36:06 Debug] IdentityServer4.EntityFramework.Stores.ResourceStore Found ["profile", "openid", "email"] identity scopes in database

[04:36:06 Debug] IdentityServer4.EntityFramework.Stores.ResourceStore Found ["collectorapi"] API resources in database

[04:36:06 Debug] IdentityServer4.EntityFramework.Stores.ResourceStore Found ["collectorapi"] scopes in database

[04:36:06 Debug] IdentityServer4.Services.DefaultClaimsService Getting claims for access token for client: TaxAdminCode

[04:36:06 Debug] IdentityServer4.Services.DefaultClaimsService Getting claims for access token for subject: 00b6146c-0770-4c20-a29b-8427c37d4c99

[04:36:06 Debug] IdentityServer4.Services.DefaultClaimsService Claim types from profile service that were filtered: ["sub", "amr", "idp", "auth_time"]

[04:36:06 Debug] IdentityServer4.EntityFramework.Stores.ClientStore TaxAdminCode found in database: True

[04:36:06 Debug] IdentityServer4.Stores.ValidatingClientStore client configuration validation for client TaxAdminCode succeeded.

[04:36:06 Debug] IdentityServer4.EntityFramework.Stores.ResourceStore Found ["profile", "openid", "email"] identity scopes in database

[04:36:06 Debug] IdentityServer4.EntityFramework.Stores.ResourceStore Found ["collectorapi"] API resources in database

[04:36:06 Debug] IdentityServer4.EntityFramework.Stores.ResourceStore Found ["collectorapi"] scopes in database

[04:36:06 Debug] IdentityServer4.Services.DefaultClaimsService Getting claims for identity token for subject: 00b6146c-0770-4c20-a29b-8427c37d4c99 and client: TaxAdminCode

[04:36:06 Debug] IdentityServer4.Services.DefaultClaimsService Claim types from profile service that were filtered: ["sub", "amr", "idp", "auth_time"]

[04:36:06 Information] IdentityServer4.Events.DefaultEventService {"ClientId": "TaxAdminCode", "ClientName": "Tax Admin Code", "RedirectUri": null, "Endpoint": "Token", "SubjectId": "00b6146c-0770-4c20-a29b-8427c37d4c99", "Scopes": "collectorapi profile openid email", "GrantType": "authorization_code", "Tokens": [{"TokenType": "id_token", "TokenValue": "****Mj6A", "$type": "Token"}, {"TokenType": "access_token", "TokenValue": "****zTOg", "$type": "Token"}], "Category": "Token", "Name": "Token Issued Success", "EventType": "Success", "Id": 2000, "Message": null, "ActivityId": "0HM2JM2P8F6QO:00000002", "TimeStamp": "2020-09-08T04:36:06.0000000Z", "ProcessId": 15124, "LocalIpAddress": "127.0.0.1:39619", "RemoteIpAddress": "154.160.19.136", "$type": "TokenIssuedSuccessEvent"}

[04:36:06 Debug] IdentityServer4.Endpoints.TokenEndpoint Token request success.

And I suspect the RedirectUri which null at this level IdentityServer4.Events.DefaultEventService. I am really lost on how to solve this and also the log file in the api app doesn't load load anything. So any help would be appreciated. Thanks

Answer 1

Sorry for being late and for not reading well what I posted some months ago. This issue had solved and it was the scopes I provided that were wrong. I manually entered them in production instead of moving the complete idp database from development to production server and configure the new links in production. Thanks