I am using OpenIddict authorization code flow with windows authentication; looked at this example everything seems to correct except I cannot exchange the code for a token, it's not even hitting the /token endpoint for some reason (I am getting 401 - Unauthorized). It's getting the code without any issue. Am I missing anything ?
I am using Net8
builder.Services.AddOpenIddict()
.AddCore(options =>
{
options.UseEntityFrameworkCore()
.UseDbContext<DbContext>();
}).AddServer(options =>
{
options.AllowAuthorizationCodeFlow()
.AllowRefreshTokenFlow();
options.SetAuthorizationEndpointUris("authorize")
.SetTokenEndpointUris("token");
options.AddEncryptionKey(new SymmetricSecurityKey(Convert.FromBase64String("DRjd/GnduI3Efzen9V9BvbNUfc/VKgXltV7Kbk9sMkY=")));
options.AddDevelopmentSigningCertificate();
options.UseAspNetCore()
.EnableTokenEndpointPassthrough()
.EnableAuthorizationEndpointPassthrough();
})
.AddValidation(options =>
{
options.UseLocalServer();
options.UseAspNetCore();
});
builder.Services.AddAuthorization();
var app = builder.Build();
Adding the App
await using (var scope = app.Services.CreateAsyncScope())
{
var context = scope.ServiceProvider.GetRequiredService<DbContext>();
await context.Database.EnsureCreatedAsync();
var manager = scope.ServiceProvider.GetRequiredService<IOpenIddictApplicationManager>();
await manager.CreateAsync(new OpenIddictApplicationDescriptor
{
ClientId = "console_app",
RedirectUris =
{
new Uri("https://oauth.pstmn.io/v1/callback")
},
Permissions =
{
Permissions.Endpoints.Authorization,
Permissions.Endpoints.Token,
Permissions.GrantTypes.AuthorizationCode,
Permissions.ResponseTypes.Code,
Permissions.ResponseTypes.Token
}
});
}
Endpoints
app.MapGet("/authorize", (HttpContext context, IOpenIddictScopeManager manager) =>
{
var identity = new ClaimsIdentity(
authenticationType: TokenValidationParameters.DefaultAuthenticationType,
nameType: Claims.Name,
roleType: Claims.Role);
identity.AddClaim(new Claim(Claims.Subject, context!.User!.Identity!.Name!.ToString(CultureInfo.InvariantCulture)));
identity.SetDestinations(claim => [Destinations.AccessToken]);
return Results.SignIn(new ClaimsPrincipal(identity), properties: null, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);
}).RequireAuthorization();
app.MapPost("/token", (HttpContext context, IOpenIddictScopeManager manager) =>
{
return Results.Ok("");
}));
app.Run();
After some investigating, the issue was fixed by allowing Windows authentication and anonymous. the token segment usea basic authentication.