2

I have identity server deploy in azure, when i try deploy my MVC asp .net core as a client. unathorized client error showing up. whats wrong with my config below ?

StartUp Client MVC

 JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
            services.AddAuthentication(options => {
                options.DefaultScheme = "Cookies";
                options.DefaultChallengeScheme = "oidc";
            })
            .AddCookie("Cookies")
            .AddOpenIdConnect("oidc", options => {
                options.SignInScheme = "Cookies";

                options.Authority = Configuration.GetValue<string>("server:identityurl");
                options.RequireHttpsMetadata = false;

                options.ClientId = Configuration.GetValue<string>("server:clientid");
                options.ClientSecret = Configuration.GetValue<string>("server:clientsecret");
                options.ResponseType = Configuration.GetValue<string>("server:responsetype");

                options.SaveTokens = true;
                options.GetClaimsFromUserInfoEndpoint = true;

                options.Scope.Add(Configuration.GetValue<string>("server:scope1"));
                options.Scope.Add(Configuration.GetValue<string>("server:scope2"));
            });

Appsetting.json & Appsetting.Development.Json

"server": {
        "identityurl": "https://pdjayaauthapi.azurewebsites.net",
        "clientid": "webapp2",
        "clientsecret": "web123",
        "responsetype": "code id_token",
        "scope1": "masterdataapi",
        "scope2": "offline_access"
    }

Identity Server startup

 public void ConfigureServices(IServiceCollection services)
        {
            var sqlConnectionString = Configuration.GetConnectionString("MySqlCon");

            services.AddDbContext<PDJayaDB>(options =>
                options.UseMySql(
                    sqlConnectionString,
                    b => b.MigrationsAssembly("PDJaya.Identity")
                )
            );
            //my user repository
            services.AddScoped<IUserRepository, UserRepository>();


            services.AddSingleton<IConfiguration>(Configuration);
            services.AddMvc();
            // configure identity server with in-memory stores, keys, clients and resources
            services.AddIdentityServer()
                .AddDeveloperSigningCredential()
                .AddInMemoryIdentityResources(Config.GetIdentityResources())
                .AddInMemoryApiResources(Config.GetApiResources())
                .AddInMemoryClients(Config.GetClients())
                .AddTestUsers(Config.GetUsers())
                .AddProfileService<ProfileService>();
            //Inject the classes we just created
            services.AddTransient<IResourceOwnerPasswordValidator, ResourceOwnerPasswordValidator>();
            services.AddTransient<IProfileService, ProfileService>();

        }

and this is my identityserver config to define client asp .net mvc.

Identity Server Config

new Client

                ClientId = "webapp2", 
                ClientName = "web with openid",
                AllowedGrantTypes = GrantTypes.Implicit,

                ClientSecrets =
                {
                    new Secret("web123".Sha256())
                },

                RedirectUris           = { "http://pdjayaauthapi.azurewebsites.net/signin-oidc" },
                PostLogoutRedirectUris = { "http://pdjayaauthapi.azurewebsites.net/signout-callback-oidc" },

                AllowedScopes =
                {
                    IdentityServerConstants.StandardScopes.OpenId,
                    IdentityServerConstants.StandardScopes.Profile,
                    "masterdataapi",
                    "transactionapi"
                },
                AllowOfflineAccess = true
Improve this question
4
  • 1
    Identity server log will have the reason. Look at that or post the log for further help Commented Nov 6, 2018 at 14:13
  • may you teach me about how to see the log? my identity server running on azure as a app service.@Richard Commented Nov 7, 2018 at 3:15
  • If you are using the "code id_token" response type, try setting the Client to use the Hybrid flow instead of the Implicit flow that is set. Commented Nov 7, 2018 at 7:07
  • i change to Hybridandclientcredential and, my error invalid request now, any suggestion? Commented Nov 7, 2018 at 23:53

1 Answer 1

Reset to default
3

Use the Hybrid flow instead of the Implicit flow that is set as Ryan said. And restart the web app. It should fix the error.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.