Search code examples
c#.netasp.net-coreidentityserver4

Token Request Failing and Returning error invalid grant

These are the IdentityServer logs:

2024-07-04 21:06:57.551 -04:00 [DBG] Start key discovery request
2024-07-04 21:06:57.552 -04:00 [INF] Request finished HTTP/1.1 GET https://localhost:44322/.well-known/openid-configuration/jwks - 200 null application/json; charset=UTF-8 4.6024ms
2024-07-04 21:07:02.605 -04:00 [INF] Request starting HTTP/1.1 POST https://localhost:44322/connect/token - application/x-www-form-urlencoded 63
2024-07-04 21:07:02.606 -04:00 [DBG] AuthenticationScheme: idsrv was not authenticated.
2024-07-04 21:07:02.606 -04:00 [DBG] AuthenticationScheme: idsrv was not authenticated.
2024-07-04 21:07:02.606 -04:00 [DBG] Request path /connect/token matched to endpoint type Token
2024-07-04 21:07:02.610 -04:00 [DBG] Endpoint enabled: Token, successfully created handler: IdentityServer4.Endpoints.TokenEndpoint
2024-07-04 21:07:02.610 -04:00 [INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.TokenEndpoint for /connect/token
2024-07-04 21:07:02.610 -04:00 [DBG] Start token request.
2024-07-04 21:07:02.610 -04:00 [DBG] Start client validation
2024-07-04 21:07:02.610 -04:00 [DBG] Start parsing Basic Authentication secret
2024-07-04 21:07:02.611 -04:00 [DBG] Parser found secret: BasicAuthenticationSecretParser
2024-07-04 21:07:02.611 -04:00 [DBG] Secret id found: ro.client
2024-07-04 21:07:02.611 -04:00 [DBG] client configuration validation for client ro.client succeeded.
2024-07-04 21:07:02.611 -04:00 [DBG] Secret validator success: HashedSharedSecretValidator
2024-07-04 21:07:02.611 -04:00 [DBG] Client validation success
2024-07-04 21:07:02.612 -04:00 [DBG] Start token request validation
2024-07-04 21:07:02.613 -04:00 [DBG] Start resource owner password token request validation
2024-07-04 21:07:13.898 -04:00 [DBG] IsActive called from: ResourceOwnerValidation
2024-07-04 21:07:13.900 -04:00 [ERR] User has been disabled

The test users are configured in Config.cs like so:

public static List<TestUser> GetUsers()
{
    return new List<TestUser>
    {
        new TestUser
        {
            SubjectId = "1",
            Username = "alice",
            Password = "password"

        },
        new TestUser
        {
            SubjectId = "2",
            Username = "bob",
            Password = "password"
        }
    };
}

I've stepped through the code and everything looks alright. The validator returns successfully and the client is setup correctly. Why is the log saying the user is disabled? The test users are setup to be active by default and I'm not seeing where in the call stack that the test user could be getting set to disabled. Can anyone point something out here?

Solution

  • Maybe try add CustomProfileService?

    public class CustomProfileService : IProfileService {
    public async Task GetProfileDataAsync(ProfileDataRequestContext context) {
        //your claims
        context.IssuedClaims.AddRange(context.Subject.Claims);
    }

    public async Task IsActiveAsync(IsActiveContext context) {
        context.IsActive = true;
    }
}

services.AddIdentityServer()
    .AddProfileService<CustomProfileService>();