1

I'm working on a console application to automatically interact with an API that needs and OAuth authorized user with a specific set of claims. If I use a browser to log in with a username and password everything works fine, but if I try to connect with a HttpClient I get the error:

"No user found matching username:"

var handler = new HttpClientHandler() { AllowAutoRedirect = true };
var client = new HttpClient(handler);
TokenResponse tokenResponse = client.RequestPasswordTokenAsync(new PasswordTokenRequest
{
    Address = "https://localhost:44328/connect/token",
    ClientId = "clientid",
    ClientSecret = "secret",
    Scope = "api1 roles",
    UserName = "username",
    Password = "password"
}).Result;

I'm using Duende.IdentityModel for the RequestPasswordTokenAsync. The message appears in the server log., followed by this line: User authentication failed:

invalid_username_or_password, details: { "ClientId":"clientid", "ClientName":"clientname", "GrantType":"password", "Scopes":"api1 roles", "AuthorizationCode":null, "RefreshToken":null, "UserName":"username", "AuthenticationContextReferenceClasses":null, "Tenant":null, "IdP":null, "Raw":{"grant_type":"password","username":"username","password":"REDACTED","scope":"api1 roles"},"$type":"TokenRequestValidationLog"}

Why do the credentials work in browser but not when called by the client?

Improve this question
2
  • I'm using Duende.IdentityModel for the RequestPasswordTokenAsync. The message appears in the server log., followed by this line: User authentication failed: invalid_username_or_password, details: {"ClientId":"clientid","ClientName":"clientname","GrantType":"password","Scopes":"api1 roles","AuthorizationCode":null,"RefreshToken":null,"UserName":"username","AuthenticationContextReferenceClasses":null,"Tenant":null,"IdP":null,"Raw":{"grant_type":"password","username":"username","password":"REDACTED","scope":"api1 roles"},"$type":"TokenRequestValidationLog"} Commented Oct 21 at 12:25
  • If you have more information for us please edit your question. As you can see code/data in the comments area is not easy to read, and anyway the info should all be coherent within your question. Comments are just for brief requests for changes/clarification to your post. It's not a discussion forum. See also How to Ask. Thankyou. Commented Oct 21 at 14:43
Related questions
1171
How to set the Content-Type header for an HttpClient request?
1195
What's the difference between OpenID and OAuth?
865
Setting Authorization Header of HttpClient
Load 6 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.