I have the following client:
new Client
{
RequirePkce = false,
AllowAccessTokensViaBrowser = true,
ClientId = "client_id_mobile",
ClientSecrets =
{
new Secret("client_secret_mobile".Sha256())
},
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
},
RedirectUris = new []
{
"https://www.getpostman.com/oauth2/callback"
},
}
I'm trying to authenticate a user by doing the following within postman:
But as you can see I get unsupported_grant_type
, I've tried changing the grant type to code
I then get unauthorized_client
Can anyone point out what I'm doing wrong here?
For new development, you should only consider using the authorization code flow or the client credentials flow. All other flows is deprecated as of OAuth2.1.
If you want to login using a username/password and there is no user involved, then use the client credentials flow instead.
I wrote down a post about the flows in this articles OpenID Connect for Developers.