I'm having this error while login, what may be wrong?
Need to note, I've applied few minor updates to some packages on the both sides - server and client (and before that all worked fine):
Stack trace:
System.Exception: An error was encountered while handling the remote login. ---> Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolException: Message contains error: 'invalid_grant', error_description: 'The specified authorization code is no longer valid.', error_uri: 'https://documentation.openiddict.com/errors/ID2016'. at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.RedeemAuthorizationCodeAsync(OpenIdConnectMessage tokenEndpointRequest) at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync()
--- End of inner exception stack trace ---
at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync() at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
Auth Server logs:
info: Microsoft.Hosting.Lifetime[14]
Now listening on: https://localhost:5003
info: Microsoft.Hosting.Lifetime[14]
Now listening on: http://localhost:5004
info: Microsoft.Hosting.Lifetime[0]
Application started. Press Ctrl+C to shut down.
info: Microsoft.Hosting.Lifetime[0]
Hosting environment: Development
info: Microsoft.Hosting.Lifetime[0]
Content root path: C:\AuthServer
info: OpenIddict.Server.OpenIddictServerDispatcher[0]
The request address matched a server endpoint: Configuration.
info: OpenIddict.Server.OpenIddictServerDispatcher[0]
The configuration request was successfully extracted: {}.
info: OpenIddict.Server.OpenIddictServerDispatcher[0]
The configuration request was successfully validated.
info: OpenIddict.Server.OpenIddictServerDispatcher[0]
The response was successfully returned as a JSON document: {
"issuer": "http://localhost:5004/",
"authorization_endpoint": "http://localhost:5004/connect/authorize",
"token_endpoint": "http://localhost:5004/connect/token",
"introspection_endpoint": "http://localhost:5004/introspect",
"end_session_endpoint": "http://localhost:5004/connect/logout",
"userinfo_endpoint": "http://localhost:5004/connect/userinfo",
"jwks_uri": "http://localhost:5004/.well-known/jwks",
"grant_types_supported": [
"client_credentials",
"authorization_code",
"refresh_token"
],
"response_types_supported": [
"code"
],
"response_modes_supported": [
"form_post",
"fragment",
"query"
],
"scopes_supported": [
"openid",
"offline_access",
"api",
"profile"
],
"claims_supported": [
"aud",
"exp",
"iat",
"iss",
"sub"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"code_challenge_methods_supported": [
"S256"
],
"subject_types_supported": [
"public"
],
"token_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post"
],
"introspection_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post"
],
"claims_parameter_supported": false,
"request_parameter_supported": false,
"request_uri_parameter_supported": false
}.
info: OpenIddict.Server.OpenIddictServerDispatcher[0]
The request address matched a server endpoint: Cryptography.
info: OpenIddict.Server.OpenIddictServerDispatcher[0]
The cryptography request was successfully extracted: {}.
info: OpenIddict.Server.OpenIddictServerDispatcher[0]
The cryptography request was successfully validated.
info: OpenIddict.Server.OpenIddictServerDispatcher[0]
The response was successfully returned as a JSON document: {
"keys": [
{
"kid": "S_BMQOKNGJHJPWXBJUIHMDYJ4KBGJVSP13T2OAZJ",
"use": "sig",
"kty": "RSA",
"alg": "RS256",
"e": "AQAB",
"n": "s_bmqoKNgJhJpWxbjUIhmDyj4KBgjvSP13t2OAZJv8FLVNHgkFMk8XpDetuR4EWnCOH-CfA4_QG_B-75a3ivA6eIQlHj9B1-ALe8ixxhGc_0BhaeHnRmR02P9XZPl3KfmK6zyjFUwQ84b4VHLMpAQt9lGSCmC0RWckk3ABVWKTfqNenHZyRywVfQx
MlJOrCkjVhbkXylN1NZogNsHzR1R86wCxF-6ZQAizItXnSXS0vqbeUDKK5ypvCGTixttBupes7Gl6FCc43XOjLI1yyNi4Oclla8vpAcRFT7qIlNXiAe87Cx1P2SUiCXqa28IuK5kE6GJXJ7oCuXUNT-ObJTEQ"
}
]
}.
info: OpenIddict.Server.OpenIddictServerDispatcher[0]
The request address matched a server endpoint: Authorization.
info: OpenIddict.Server.OpenIddictServerDispatcher[0]
The authorization request was successfully extracted: {
"client_id": "dotnet",
"redirect_uri": "http://localhost:5883/signin-oidc",
"response_type": "code",
"scope": "openid profile api offline_access",
"code_challenge": "Z7awdswUZx0ETP0dpUffZ1YBvEkbHq36oyqinMHNXhM",
"code_challenge_method": "S256",
"response_mode": "form_post",
"nonce": "637849932918438810.NjI1NmFkOWMtYTljYi00NDEzLWJiMDktNmY2ZTUxM2QzMzIwZGFkYjNiNDUtMDliYi00ZDVlLTk3OGUtODQ5NzlhMWRkZmJh",
"state": "CfDJ8HK7TnNlqEtJvZnagmcXTEBxqCNdO9qAvzNhBZSsvnUV4ngLvlZ0Ft0LF2hpjjQRCB4mbP0K2_Se4z9YK_UMKuICGCwZZK3VbWxDSVemxpWMP63dNPhscDFCFFpQUbRh4bAsP5vhZMnR7K4Hg2FlUXroqwsfQTDo9KFepmZg3qlqJ8cODBDPf
v_CaY2f4QCFw-eLtGKrH1SIs4KvAcvss7OvQmqt-40OA9eU3fFG94kH50df6s48omgNb72V5hAQs6UWdBnj6DHRwnrt51a_M3NwEiOyj5dXAH6VE5Ebxd8PxHhvCkUf-9_tYTKTmbJfXiyEoNVEPLkrjtyPBTxiPxu92jm0bgqfchMSWrqAnRrQ7PzQPfxBFTJpTUMyQkHY
-w",
"x-client-SKU": "ID_NETSTANDARD2_0",
"x-client-ver": "6.10.0.0"
}.
info: OpenIddict.Server.OpenIddictServerDispatcher[0]
The authorization request was successfully validated.
info: OpenIddict.Server.OpenIddictServerDispatcher[0]
The request address matched a server endpoint: Authorization.
info: OpenIddict.Server.OpenIddictServerDispatcher[0]
The authorization request was successfully extracted: {
"client_id": "FMS-dotnet",
"redirect_uri": "http://localhost:58893/signin-oidc",
"response_type": "code",
"scope": "openid profile api offline_access",
"code_challenge": "Z7awdswUZx0ETP0dpUffZ1YBvEkbHq36oyqinMHNXhM",
"code_challenge_method": "S256",
"response_mode": "form_post",
"nonce": "637849932918438810.NjI1NmFkOWMtYTljYi00NDEzLWJiMDktNmY2ZTUxM2QzMzIwZGFkYjNiNDUtMDliYi00ZDVlLTk3OGUtODQ5NzlhMWRkZmJh",
"state": "CfDJ8HK7TnNlqEtJvZnagmcXTEBxqCNdO9qAvzNhBZSsvnUV4ngLvlZ0Ft0LF2hpjjQRCB4mbP0K2_Se4z9YK_UMKuICGCwZZK3VbWxDSVemxpWMP63dNPhscDFCFFpQUbRh4bAsP5vhZMnR7K4Hg2FlUXroqwsfQTDo9KFepmZg3qlqJ8cODBDPf
v_CaY2f4QCFw-eLtGKrH1SIs4KvAcvss7OvQmqt-40OA9eU3fFG94kH50df6s48omgNb72V5hAQs6UWdBnj6DHRwnrt51a_M3NwEiOyj5dXAH6VE5Ebxd8PxHhvCkUf-9_tYTKTmbJfXiyEoNVEPLkrjtyPBTxiPxu92jm0bgqfchMSWrqAnRrQ7PzQPfxBFTJpTUMyQkHY
-w",
"x-client-SKU": "ID_NETSTANDARD2_0",
"x-client-ver": "6.10.0.0"
}.
info: OpenIddict.Server.OpenIddictServerDispatcher[0]
The authorization request was successfully validated.
info: OpenIddict.Server.OpenIddictServerDispatcher[0]
The authorization response was successfully returned to 'http://localhost:58893/signin-oidc' using the form post response mode: {
"code": "[redacted]",
"state": "CfDJ8HK7TnNlqEtJvZnagmcXTEBxqCNdO9qAvzNhBZSsvnUV4ngLvlZ0Ft0LF2hpjjQRCB4mbP0K2_Se4z9YK_UMKuICGCwZZK3VbWxDSVemxpWMP63dNPhscDFCFFpQUbRh4bAsP5vhZMnR7K4Hg2FlUXroqwsfQTDo9KFepmZg3qlqJ8cODBDPf
v_CaY2f4QCFw-eLtGKrH1SIs4KvAcvss7OvQmqt-40OA9eU3fFG94kH50df6s48omgNb72V5hAQs6UWdBnj6DHRwnrt51a_M3NwEiOyj5dXAH6VE5Ebxd8PxHhvCkUf-9_tYTKTmbJfXiyEoNVEPLkrjtyPBTxiPxu92jm0bgqfchMSWrqAnRrQ7PzQPfxBFTJpTUMyQkHY
-w"
}.
info: OpenIddict.Server.OpenIddictServerDispatcher[0]
The request address matched a server endpoint: Token.
info: OpenIddict.Server.OpenIddictServerDispatcher[0]
The token request was successfully extracted: {
"client_id": "dotnet",
"client_secret": "[redacted]",
"code": "[redacted]",
"grant_type": "authorization_code",
"redirect_uri": "http://localhost:5883/signin-oidc",
"code_verifier": "ZSc9m368w1L5nAa45BKzC3u_KWfpjL_AuObTZY0l5H8"
}.
info: OpenIddict.Server.OpenIddictServerDispatcher[0]
The response was successfully returned as a JSON document: {
"error": "invalid_grant",
"error_description": "The specified authorization code is no longer valid.",
"error_uri": "https://documentation.openiddict.com/errors/ID2016"
}.
Request
POST /signin-oidc HTTP/1.1
Host: localhost:5883
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 445
Origin: http://localhost:5004
Connection: keep-alive
Referer: http://localhost:5004/
Cookie: .AspNetCore.OpenIdConnect.Nonce.CfDJ8HK7TnNlqEtJvZnagmcXTEC3cHpDF4OwF62WoM3Pu_IhY0BaWGPNZG8QuvCluke05nuuveAqWgrnJXltpWh950e27BF-d8kxhmEpC4cTUqKFK5ObjhVAFevKu-jHky98HWvZS6O6TV3rQM6fr0TYOh4-kNRHsODtgIRGAxuXkLvXPCA1q6bX9ryXy5huIsIUk705dWQK3f00yEMv0jpjv4aGqItksQp76OVuP3w3nasA4IJSQrYzrXKgSmi67MSABH_Ljjig1Vnxvv-TTqKmKgo=N; .AspNetCore.Correlation.Hfb7_cXI-2YLxhGXNJH44sYzNI4IpwrWy04YE5DiIDo=N; .AspNetCore.Antiforgery.PQveA42vVM8=CfDJ8HK7TnNlqEtJvZnagmcXTEAStwwI3n3s4RhrKnI85QiBaolcDshCOd8naHsLjFea04KmjAFofLehorYD3uRtBUK0wZ8ZGI3WtWZN5zKdrr5qSn2v87WWWVKQeqeE5jLANuyeIs9Dxhhy1dt0HUrb7_U; .AspNetCore.Identity.Application=CfDJ8HK7TnNlqEtJvZnagmcXTEBDcO_BcayxBKlUevk270H1lDcXKUZoVF2EqKpcWVPeYuEgGtqs_bYyL2aMpA4l5aY8JZ2nHNT4K8mXZKXrN0imVFq9LcUQ7W8n9qqZzOemR6aWeIohk4gzsM6JAnrIBBSjXjrpVPC7O3vPOyf3xZeJ8ZPuo_ksrzJpZwJN_H5YXEryz2XlROryVpy7xSi9va780_pX5A-J6G_NF8lG_dM-3iiyDkdhpN3wSIephQB5aFDma4XdUNcLdpJGxfp_LPyiy2oxJoevp9M4fEpm7E1FwQwlTr4CUkHieD22fhLSwRqzmu7d9w0g0cPxas-1t4bNC8NCugSIj0OrYnUUS8aEZXM9wJfjYIDUpW_b5k4BIvShZ6uL2Q2PezaUVngvxOwPRgCECtCDOYSmMnOtZCuF_Y55pM1nkLspRvOBXXnnnfoWTm9_lcbPAvh6AxecJ0teBLrLOkUiYPS3bkYUmrAAjlvJ4eXYHk4jhPj7l1R90lz0DqaA2mNavKFfQNFLwjAa48AdEhfl5BI-eDhapE9PDSq51Q3LYYY1xCUxEpnNiShUHLXUXqobiEKMK5vKrihSpsDe8dZCkhvBWcKihkC9w4N_cl-LCrfQi1tJQrxICsTBUE4Eo3SYCngjnm0eiLMjuEfpQOedNJRXjsw3VzlQZtIgKW1cxzTcvGfWQQTBG8nwwd4KLwonpOJOm48X6ser5rNFHGxxKt2jW0NoUR7mcL846_aHr6TE-mAkXgkvbW8Oe3DsyYwCp_MOjlwc0t6Q-zGZN58xVoR0899oc9wFHi6xouXY4LC733naAuRffohdGuCkwrZb3Gd4UKbyNxwug3GOeaj4rBod2ipKdOHtkGlp5o8jKKKS0ExWJNPBJJlau0GYJMgQ7afx9aKoMu30D68ddaQ77T3Rzbv0c3YrwokinU1CLmRJMyHmH6WLGfN3XccqEXRUgZMgl9rK95j1WC3k7-LdL2iuW382NMxmtcoR1z-zVTFTUhso2KvKS1-vM9jNeddAOc5yJ5dVFqZN-aFo5nAG4TVLvDSaCkrE8WZVaMmK67jB6r_9rsQVe5ViCcuxmBMc8F-wMY_csl-MtJpXApvjD-wCCr72clHN4aH_g7vt1AeiMNLLrVAYvMJgw5fUa7OnoEU9G4aDcAKjZ5wM90ITudtbBCxjz5WD54Hr3kF2kPOt9aXlfgCpuFeAEMsRV2vRgAtHacZQcBbijEuAefI1dK4ZNLq0fwGjZwaz6XIJqXsFfuSSrBmZy6f4GmExM2zPrH4FoiD6Os96KKgvxjfbcX4ftCIV-qd29o96WkdtigLEgxJeyU8SvM80-XMNRLhhQIQky3GR7GHjahQj_uQTNsH932SVPU64WMgBFLUs7ZEUPP6wjfpV6TnfVyaLS89YTWKYJ_QLdyLCOh8Udgz6_1ETiQP8w5CT5hJ-HPYP3tpWyL1p0ZJnyzLpkCcWH7DoP_t0Oz6_7figSdsqSQ4oIIDeAo-YyRE8zh5-Yv3_jYNZDRvGsy9SNxHvk_aIfEae9HNhprHCHPz12zQhbn8Mu2avi9QIvpQqJKuKdnozlae4BK6_g0bqx2cJWwlvo-zyxqnt7-FiBXzDos9f8gjoFyn3Hju3NH38OAZqZa4-2rXy2_RxWpHEnPfuvodDoCWF80LZ-UmvjlHUfYJ5Yus5oEaTrZer8KdKigXJvNrcU6q-hHV38hY6COInYDKV9XpKW3-1oEAEasQPIZ657OBZcgbMlgBXeaHFoxku4zhXTG0FFLKSCh-jg8uaXZuAyjdzjCPjSp8quc7i6NPSPjM-Kbz2efl5nlFIRXM-yUXu0Yesdiz4AlGLkI_Ef9RrXSWVRm3MkjAz5Q7YYWZIri_50bwnDoy4MA1KULoXwaQZ6G8GQ8THvdqHTdxxGOBHzpdpjI4smE39y9LU-76Q1UXAey6fvN9Cvm9TYWO74Pqkq0hYtFwMmjpb-8fZhvp7kSDB67HSXex7CdVEwBYdn2AMkJrsUVXmPNBqPO8IZF1lpZxW7a87dAkQIAYyIUNUaB7-SsAWjkX8KUvwQpB6A0wr4My7jU4--lORylnPtbKhkXtcjXK1wkMhgO2O_6C30X_j3mHrYpWwh7HnGG_90b_meo0VYqA6DoYuwNvnhkIlWzR-qTKYDVi-SsZEQdhNUovlxN7T7x2lIuDFuglehiKwX7ew3RVDce0UQl_B9YEVFwOeKvfBhyZxe60QEaAJdnQYoWgWaoZ4R8I7etpazjaXso-hmFOKmCmM3j4PDUzrYwNNMPRyg75DSsrex8JhORMYA9hngl48I2t33dsu_vfuzU2B-kMIHDHfzDdYQ15qEP2jjZVMqXnQRJycALHLca_jx1ZS8C659Aeu05b6t90E8OyvkNmGynt1wdw59ssdJtaHxTP7ZBGBcqYiFX0yCnkbSMeJc9D40cm-sIwNuhLz6EtN4I2x1VdMNbjPi89y6yrZLqBbGVBdUSR-UwDAFE2rCpyNbSC9r0cBst6deNtQfDEZL3VJ2EydaP5xvH8EynlSw93psFj4Y6t7AFVaRpogDr_zswrsMKWoll7rXhiueukC5j9jNzjQNZCRRLE6e3FcsPtUx4Eun4vAnKIZN4vmrqX95A5jeiOTdyjfPN1HBC88zvLBxnyrgjypmN51rVSshj-EEs4HCzXb9cKoHu2GD-bPl0E1_9dRtTIO2JIDMDoC2QUJ5-3-Sq8agPTl-vbV0v6mKDGclLeT45D3gdeFZVfOKCG9jxr4teGLzWr7Zzc76z-7TvPRoRdg40wlXGwEqBs5Q42RmJd_SjcXOWiTnbDTGGyIKz8X-qzHUCyw-wx47-qOt9VRdVlwFTkjQe1jgk27RBi_QC_QkIjC1z3KDPkAWD4hYEAGKieNtmv9_wfTfloUuA12bsIPti0XvVdhp9n3P42ZfDh9E1RKBBk-zQ2z4YnzoWJlFSQEyZ44nWHCmou6ycjHt9Fg8lsasDEaJPAPfn1X8VWd7Ve5vYz5AZQN7P0IRpU1Kj67QLT75L0uhfAid2egt74t19KafvJsXcclyeHp1zlGNm_yrj2nEZ4R6E8bbQ8DGoqlTa44Bw7a7p9SPYkggOKASVQlbj5yJNJB96OhFmE4RmvQRC0ShZna66IpBi_OS_ch-L7sroIEoZVko6Lfg_wv3B7A9Ay30Qpy3lg_sHMR9tAy8dWkKu9mZBzC78yMI3TaYtC7MtfPlTodLh--BLReHVi1XeEima4sJMzUmM5ZV0Na5zXAzjYEugu4sJckXBIQA80vrxrm6ePaopHe-OeAtC4I6AMqiLi27SQTx_5g3LiFMr50YkaG3EVrHl5IHMCfHlBjQWRbeZzkPkDa1V1BW7tN6DhPndM0s4DvzYgdmbG1JZkRn20-U2MbQxyrI25E3Lc5kZgxspGEKnu-fSwtUBvOV80PX3qSwFg-0A5w5At8IoLpyb1FF5kQn78iLQPVIr5bLmmZaTPwu9n1bc018nzzVyH8-KYaslVj8gd_lpitlDzCJSCO2Y_Tgq0Y0HGZE0JjfO10jp4SVgyxKuhAGJynWfIBuMCgk5rVpSCjHPfvn-ZTJxCbGL66WD4jZAiydvsdyUK0ssXumlEKNxR9mmNyVoe7TKdBdHDaryVjZYDaW6PUcYxxC3-0vjdv3bfH2G5hCjkdQkNDEQfsBKjAvBqOMLPLFMIT40E90opiGXuybx4d362AJytYi7NLoJdeOCNwkx5yfoAxXYr1yTmkFausY7Su2aD6pZXt1b8vUG_0s2JaqMHaWH6-68h2u-MmX_PNsc8NgbhBih-gyFr96oKAXlC3t5aIr8AvHV2OeyNTCIfkOsWdcUXbJb2rGbTRdytfpPqbMXERiuY8YHVO4ltQhFLVNxb3AzGbx2LFp2y5QRIsBJzGDcGIzfx0moTYV8KQUJmWB-gowFA6vm-rGTHcVhsmoCxDApzrSA; Identity.External=CfDJ8HK7TnNlqEtJvZnagmcXTECsSZDKEJmljUVD--xDPxD8Dn1rWkiTflCXSd91IlKyfcx0_JBBBRSRJuwxEBbcu6IxBycqtPPcJGeHrxlZAou71JKsru5sAagb1N-KrbnkMKkrMH83oRnaPv-NBywT2ONAfoC4WepLH7-AgdTT_8VU2ifNPxbwcA5lovRywrMj3WjcWINW0KwJE7nU1nB4Nw2tWdlnJ47_G5tfZBi1tchSFQu0OtkUdZLramYY7RTsDvNanSqAAgh3HpU0w2-eWJMzs6xjEipJK_azdHkqmOmRqHA3aYaWL6uGkUGBEQtAn7ohuwNpIb1DDSNJ8zAvIIjBGpW9BvJLDa_GKP0qe6Nm-aXEtIxElhW-l0ucWXkBNS80ZXMLDaPF4wjtLbXA5VymGYB5z5aQwmq4pNQe53PkXslQY8YgUW1Y6QbfAW2HazZY3snjhAHybh9JMPwTfV8
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Form data
{
"code": "YPWe2LyqczH3B-5hySGyyvi0Ezfrc4BeIAbHABrFtH4",
"state": "CfDJ8HK7TnNlqEtJvZnagmcXTEChyH5IIo-LXPg5s1jbtbDLg2WuabxHdPfenYYSF_1auYU3eaGZtIHqSS0tNbPHTj0OQHUvslE6ZsMts0b4RIqOk-e7vdMkP6d-tszHRW6g7ZCFfhsYVK7qCDGjKBFAmSDjJAlGHxHHr265TYiZcRY3jyhbLWBKWwmNCLXjXVlgdlIQyQlCWtY-yd9zoCEgiigdJ-suh0WJJHMqJmu20rLf3Es75aIf9EWh6Ki-0aTd6VJVamkmv6DrcPgOyOdyiplVKNVkqj8rj-qmK8RoRH0i80Qd7g03llVnoWzujKDXfUAXunGjKPAIqwSZm5MULtR1wzzxu_8fAPmKRmEnH3Su7RPWIEhBauSCLihPLA6GtQ"
}
Thanks to Jeremy's great find, I finally realized what is the cause of the problem. So, it could be fixed in one line to ctor of OpenIddict DbContext:
AppContext.SetSwitch("Npgsql.EnableLegacyTimestampBehavior", true);
https://www.npgsql.org/efcore/release-notes/6.0.html#opting-out-of-the-new-timestamp-mapping-logic