I am trying to learn the Identitymodel.OidcClient package and started by testing one of the provided samples: the ConsoleSystemBrowser sample. It's a pretty straightforward sample, and I was expecting it to give me a fully configured and working example from the get-go. However I am getting this unauthorized_client - Unknown client or client not enabled error when I run the sample as-is.
I have configured Serilog to check the logs, but I can't make up anything from the log that tells me why I am getting this error. Can anyone help me find what's going wrong?
Here is the log:
2020-12-04 22:19:59.233 +01:00 [VRB] PrepareLoginAsync
2020-12-04 22:19:59.252 +01:00 [VRB] EnsureProviderInformation
2020-12-04 22:19:59.832 +01:00 [DBG] Successfully loaded discovery document
2020-12-04 22:19:59.834 +01:00 [DBG] Loaded keyset from https://demo.identityserver.io/.well-known/openid-configuration/jwks
2020-12-04 22:19:59.837 +01:00 [DBG] Keyet contains the following kids: ["EBA4FD3CEA104D99A8908924BA23C0F0"]
2020-12-04 22:19:59.841 +01:00 [DBG] Effective options:
2020-12-04 22:19:59.903 +01:00 [DBG] {
"Authority": "https://demo.identityserver.io",
"ProviderInformation": {
"IssuerName": "https://demo.identityserver.io",
"KeySet": {
"Keys": [
{
"alg": "RS256",
"e": "AQAB",
"key_ops": [],
"kid": "EBA4FD3CEA104D99A8908924BA23C0F0",
"kty": "RSA",
"n": "z7eLHh8g0LwKuCcMj3gVzyuNUXRDJ3flzChw-ALCrrWtFJfBatLALo4g8Fsa2FNnUVncePDxQVUh6rEKwXEXoluxEIIDxDFdx4b503mE1NRsjUWMneIFgwyfWpIe-GgdEHSER8icSAWQnVVnLzxMYcxMT5qbGpP7ptTcQe8mp_sAhNlpo74F84QbAvXZxrYawywrDILInnlPhzJtKb4VFT9xixWfo-SaVBpFI25scoV5doDgFCQOCVfNRNZa8Fjlt4jbJZkM1FKNKy-1YtnrIXHuEU2wMda3ImOwIBvBZVGbZ97WEA2EO0IwqnxcSJR3GO_VQww_nMHATHdCdlX-1w",
"use": "sig",
"x5c": [],
"KeySize": 2048,
"HasPrivateKey": false
}
]
},
"TokenEndpoint": "https://demo.identityserver.io/connect/token",
"AuthorizeEndpoint": "https://demo.identityserver.io/connect/authorize",
"EndSessionEndpoint": "https://demo.identityserver.io/connect/endsession",
"UserInfoEndpoint": "https://demo.identityserver.io/connect/userinfo",
"TokenEndPointAuthenticationMethods": [
"client_secret_basic",
"client_secret_post"
],
"SupportsUserInfo": true,
"SupportsEndSession": true
},
"ClientId": "native.hybrid",
"Scope": "openid profile api",
"RedirectUri": "http://127.0.0.1:7890/",
"BrowserTimeout": "00:00:00",
"ClockSkew": "00:05:00",
"RefreshDiscoveryDocumentForLogin": true,
"RefreshDiscoveryOnSignatureFailure": false,
"ResponseMode": "FormPost",
"LoadProfile": true,
"FilterClaims": true,
"Flow": "Hybrid",
"BackchannelTimeout": "00:00:30",
"TokenClientAuthenticationStyle": "PostValues",
"Policy": {
"Discovery": {
"LoopbackAddresses": [
"localhost",
"127.0.0.1"
],
"RequireHttps": true,
"AllowHttpOnLoopback": true,
"ValidateIssuerName": true,
"ValidateEndpoints": true,
"EndpointValidationExcludeList": [],
"AdditionalEndpointBaseAddresses": [],
"RequireKeySet": true
},
"RequireAuthorizationCodeHash": true,
"RequireAccessTokenHash": true,
"RequireIdentityTokenOnRefreshTokenResponse": false,
"RequireIdentityTokenSignature": true,
"ValidSignatureAlgorithms": [
"RS256",
"RS384",
"RS512"
]
},
"FilteredClaims": [
"iss",
"exp",
"nbf",
"aud",
"nonce",
"iat",
"auth_time",
"c_hash",
"at_hash"
]
}
2020-12-04 22:19:59.904 +01:00 [VRB] CreateAuthorizeStateAsync
2020-12-04 22:19:59.904 +01:00 [VRB] CreatePkceData
2020-12-04 22:19:59.905 +01:00 [VRB] CreateNonce
2020-12-04 22:19:59.905 +01:00 [VRB] CreateState
2020-12-04 22:19:59.906 +01:00 [VRB] CreateUrl
2020-12-04 22:19:59.907 +01:00 [VRB] CreateParameters
2020-12-04 22:19:59.908 +01:00 [VRB] ObjectToDictionary
2020-12-04 22:19:59.910 +01:00 [DBG] {
"StartUrl": "https://demo.identityserver.io/connect/authorize?response_type=code+id_token&nonce=0b1e9ea7413f4016849307d9e97b78c7&state=86e21e3479f862c8a9a243db538ee321&code_challenge=ckelCadCBe1Vmv92qRQCbSpC4q3T1samHiNoI43mRak&code_challenge_method=S256&client_id=native.hybrid&scope=openid+profile+api&redirect_uri=http%3A%2F%2F127.0.0.1%3A7890%2F&response_mode=form_post",
"Nonce": "0b1e9ea7413f4016849307d9e97b78c7",
"State": "86e21e3479f862c8a9a243db538ee321",
"CodeVerifier": "7af7a1a7d24d9344422bb55b0c3eea0030fd6d529c50e07e8bd26aa58b514229",
"RedirectUri": "http://127.0.0.1:7890/"
}
I was looking into the sample app and it looks like there is some incorrect configuration. You can get your app working by using below
OidcClientOptions
config.Happy coding!