asp.net-coreidentityserver4asp.net-core-identity
IdentityServer4 - Error: Unknown client or not enabled: oauthClient
I've been trying to setup a project with IdentityServer4 for a while. However I'm getting the following error:
Sso.Application.CentralHandler: Information: AuthenticationScheme: central was challenged.
IdentityServer4.Hosting.IdentityServerMiddleware: Information: Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeEndpoint for /connect/authorize
IdentityServer4.Validation.AuthorizeRequestValidator: Error: Unknown client or not enabled: oauthClient
IdentityServer4.Endpoints.AuthorizeEndpoint: Error: Request validation failed
IdentityServer4.Endpoints.AuthorizeEndpoint: Information: {
"SubjectId": "anonymous",
"RequestedScopes": "",
"PromptMode": "",
"Raw": {
"client_id": "oauthClient",
"scope": "weatherforecasts.read",
"response_type": "code",
"redirect_uri": "https://localhost:44375/signin-central",
"code_challenge": "Rdi0rU5OkG1gWzh9xfvOxbZLiGbDHqujbMzl9d3u7Qs",
"code_challenge_method": "S256",
"state": "CfDJ8PC7ZLg_v2RDsl0VaXUuuT_-sT-at-LgQD1krwu8LESVXDKkQxQd8_eUQZJqOiGREAzBtfZ4U9X0BJDIn15AvYXKR2omUEBW5LzJm1Vz3ykaScc_kC89f6hCimDBmqCAdUOF0wnEn8FfDD8GPJtPBgxqoqrCNnyGKxh58XOIa85sN-zDSU5Oa73pzKt5FrFIkBCqUOfpCM_KZajZR_3DWFNCbwn8tS-XR0of7ga72XDILC--N9bCqA2eIlTSxf9HHPXmmLninU1ri7RM-XMsOzH__mtQQPOXCuaHw3Q0Nkedmpj4NaTCdcB1k55IdsX1eLrub8ptagCWzMIzXcYIWlJc74Zj-_H2uDZE4M-Blbdr"
}
}
I've been looking on SO for how to solve this error for the entire day, but I can't figure out what's wrong with it.
This is the code in the Startup of the IdentityProvider project:
services
.AddDbContext<SsoCentralContext>();
//.AddScoped<Repositories.IAccountRepository, Repositories.AccountRepository>();
services.AddIdentity<IdentityUser, IdentityRole>()
.AddEntityFrameworkStores<SsoCentralContext>();
var isb = services.AddIdentityServer();
isb
.AddInMemoryClients(new List<Client>
{
new Client
{
ClientId = "oauthClient",
ClientName = "oauthClient",
AllowedGrantTypes = GrantTypes.CodeAndClientCredentials,
Enabled = true,
ClientSecrets = new List<Secret> {new Secret("SuperSecretPassword".Sha256())}, // change me!
AllowedScopes = new List<string> {"weatherforecasts.read"},
RedirectUris = new List<string>
{
"https://localhost:44375/signin-central"
},
}
})
.AddInMemoryIdentityResources(new List<IdentityResource>
{
new IdentityResources.OpenId(),
new IdentityResources.Profile(),
new IdentityResources.Email(),
new IdentityResource
{
Name = "role",
UserClaims = new List<string> {"role"}
}
})
.AddInMemoryApiResources(new List<ApiResource>
{
new ApiResource
{
Name = "api1",
DisplayName = "API #1",
Description = "Allow the application to access API #1 on your behalf",
Scopes = new List<string> { "weatherforecasts.read", "weatherforecasts.write"},
ApiSecrets = new List<Secret> {new Secret("ScopeSecret".Sha256())},
UserClaims = new List<string> {"role"}
}
})
.AddInMemoryApiScopes(new List<ApiScope>
{
new ApiScope("weatherforecasts.read", "Read Access to API #1"),
new ApiScope("weatherforecasts.write", "Write Access to API #1")
})
.AddTestUsers(new List<IdentityServer4.Test.TestUser>
{
new IdentityServer4.Test.TestUser
{
SubjectId = "5BE86359-073C-434B-AD2D-A3932222DABE",
Username = "Pieterjan",
Password = "password",
Claims = new List<System.Security.Claims.Claim> {
new System.Security.Claims.Claim(IdentityModel.JwtClaimTypes.Email, "[email protected]"),
new System.Security.Claims.Claim(IdentityModel.JwtClaimTypes.Role, "admin")
}
}
})
.AddDeveloperSigningCredential();
isb
.AddOperationalStore(options =>
{
options.ConfigureDbContext = (builder) => builder.UseInMemoryDatabase("SsoCentral");
})
.AddConfigurationStore(options =>
{
options.ConfigureDbContext = (builder) => builder.UseInMemoryDatabase("SsoCentral");
});
isb.AddAspNetIdentity<IdentityUser>();
The above code is definitely being called, so the oauthClient should exist for sure. Also the client is definitely enabled.
This is the code in Startup of the Identity project:
services
.AddAuthentication(options =>
{
})
.AddOAuth<CentralOptions, CentralHandler>("central", options =>
{
options.ClaimsIssuer = "https://localhost:44359"; // This is the URL of the IdentityProvider
options.SaveTokens = true;
options.ClientId = "oauthClient";
options.ClientSecret = "SuperSecretPassword";
options.Scope.Add("weatherforecasts.read");
options.UsePkce = true;
});
How can I fix this error? Would anyone know how to figure out what's wrong here?
Also would I still need to use OpenIdConnect on top of what's been configured here?
Update:
I've added a call just to get the clients from the IS4 ClientStore:
[HttpGet("Clients")]
public async Task<IActionResult> GetClients()
{
//var client = await clientStore.FindClientByIdAsync("SsoApplicationClient");
var _inner = (IdentityServer4.EntityFramework.Stores.ClientStore)clientStore.GetType().GetField("_inner", System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Instance).GetValue(clientStore);
var Context = (IdentityServer4.EntityFramework.DbContexts.ConfigurationDbContext)_inner.GetType().GetField("Context", System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Instance).GetValue(_inner);
var Clients = Context.Clients;
return Ok(Clients);
}
To my amazement, what I get from this is an entirely empty list:
Solution
Alright, so when you have the following configuration:
services.AddIdentityServer()
...
.AddOperationalStore(options =>
{
options.ConfigureDbContext = (builder) => builder.UseInMemoryDatabase("SsoCentral");
})
.AddConfigurationStore(options =>
{
options.ConfigureDbContext = (builder) => builder.UseInMemoryDatabase("SsoCentral");
})
The InMemoryClients don't exist anymore. Just commented it out and it seems to be working now.
- Blazor web app couldn't find js function in external js file
- Multiple EditForm in Blazor Page
- How to pass js function argument to inline c# in cshtml?
- Blazor: Implementing 404 not found page
- How to tell when a self-hosted ASP.NET Core application is ready to receive requests?
- What kind of commands/queries can be created with MediatR?
- C# HttpRequestMessage - Host ignores the Content-Type Header I send it and complains that I am sending the wrong Content Type
- User.Identity.IsAuthenticated is false in a non-auth methods after successful login in asp.net core
- InvalidOperationException: Cannot find compilation library location for package 'System.Security.Cryptography.Pkcs'
- How to validate uploaded files in ASP.Net MVC
- .Net Core [Authorize] - Or instead of And for permission test
- NSwag produces incorrect output for IFromFile in Minimal API when file parameter is wrapped in model class
- Get individual error messages from modelstate
- Property Injection in ASP.NET Core
- ASP.NET Core 3.1 Azure AD Authentication throws OptionsValidationException
- Confirm form resubmission - ASP.NET 5 MVC
- Serialise HTML Form with time/text input type and validation of time fields
- How to show loading progress while wasm part being loaded (.NET 8, no pre-render)
- How to merge multiple arrays from ASP.Net Core configuration files?
- ASP.NET Core EF Identity Roles while using JWT Bearer Scheme
- Pass the selected value of a dropdown in to a URL.Action so that a modal form is displayed on a button click
- Why I am getting Cascade delete cycle error when updating the database
- To have different session timeout for different users
- How to setup a beta versioning in Swagger endpoint?
- Is there a way to have dynamic regex strings in a RegularExpression attribute?
- Is there a way to have the Identity Library cookies be tied to the root domain?
- How to access Microsoft.AspNetCore.Routing namespace
- What is the difference between regular and Async methods (OnGet vs OnGetAsync)
- Changing property in Razor @ref component does not update its usage in HTML element
- Visual Studio Project doesn't load after changing folder name