TechQA.

IdentityServer4 sample code gives unauthorized_client error

734 views Asked by At

I am trying to learn the Identitymodel.OidcClient package and started by testing one of the provided samples: the ConsoleSystemBrowser sample. It's a pretty straightforward sample, and I was expecting it to give me a fully configured and working example from the get-go. However I am getting this unauthorized_client - Unknown client or client not enabled error when I run the sample as-is.

error screenshot

I have configured Serilog to check the logs, but I can't make up anything from the log that tells me why I am getting this error. Can anyone help me find what's going wrong?

Here is the log:

2020-12-04 22:19:59.233 +01:00 [VRB] PrepareLoginAsync
2020-12-04 22:19:59.252 +01:00 [VRB] EnsureProviderInformation
2020-12-04 22:19:59.832 +01:00 [DBG] Successfully loaded discovery document
2020-12-04 22:19:59.834 +01:00 [DBG] Loaded keyset from https://demo.identityserver.io/.well-known/openid-configuration/jwks
2020-12-04 22:19:59.837 +01:00 [DBG] Keyet contains the following kids: ["EBA4FD3CEA104D99A8908924BA23C0F0"]
2020-12-04 22:19:59.841 +01:00 [DBG] Effective options:
2020-12-04 22:19:59.903 +01:00 [DBG] {
  "Authority": "https://demo.identityserver.io",
  "ProviderInformation": {
    "IssuerName": "https://demo.identityserver.io",
    "KeySet": {
      "Keys": [
        {
          "alg": "RS256",
          "e": "AQAB",
          "key_ops": [],
          "kid": "EBA4FD3CEA104D99A8908924BA23C0F0",
          "kty": "RSA",
          "n": "z7eLHh8g0LwKuCcMj3gVzyuNUXRDJ3flzChw-ALCrrWtFJfBatLALo4g8Fsa2FNnUVncePDxQVUh6rEKwXEXoluxEIIDxDFdx4b503mE1NRsjUWMneIFgwyfWpIe-GgdEHSER8icSAWQnVVnLzxMYcxMT5qbGpP7ptTcQe8mp_sAhNlpo74F84QbAvXZxrYawywrDILInnlPhzJtKb4VFT9xixWfo-SaVBpFI25scoV5doDgFCQOCVfNRNZa8Fjlt4jbJZkM1FKNKy-1YtnrIXHuEU2wMda3ImOwIBvBZVGbZ97WEA2EO0IwqnxcSJR3GO_VQww_nMHATHdCdlX-1w",
          "use": "sig",
          "x5c": [],
          "KeySize": 2048,
          "HasPrivateKey": false
        }
      ]
    },
    "TokenEndpoint": "https://demo.identityserver.io/connect/token",
    "AuthorizeEndpoint": "https://demo.identityserver.io/connect/authorize",
    "EndSessionEndpoint": "https://demo.identityserver.io/connect/endsession",
    "UserInfoEndpoint": "https://demo.identityserver.io/connect/userinfo",
    "TokenEndPointAuthenticationMethods": [
      "client_secret_basic",
      "client_secret_post"
    ],
    "SupportsUserInfo": true,
    "SupportsEndSession": true
  },
  "ClientId": "native.hybrid",
  "Scope": "openid profile api",
  "RedirectUri": "http://127.0.0.1:7890/",
  "BrowserTimeout": "00:00:00",
  "ClockSkew": "00:05:00",
  "RefreshDiscoveryDocumentForLogin": true,
  "RefreshDiscoveryOnSignatureFailure": false,
  "ResponseMode": "FormPost",
  "LoadProfile": true,
  "FilterClaims": true,
  "Flow": "Hybrid",
  "BackchannelTimeout": "00:00:30",
  "TokenClientAuthenticationStyle": "PostValues",
  "Policy": {
    "Discovery": {
      "LoopbackAddresses": [
        "localhost",
        "127.0.0.1"
      ],
      "RequireHttps": true,
      "AllowHttpOnLoopback": true,
      "ValidateIssuerName": true,
      "ValidateEndpoints": true,
      "EndpointValidationExcludeList": [],
      "AdditionalEndpointBaseAddresses": [],
      "RequireKeySet": true
    },
    "RequireAuthorizationCodeHash": true,
    "RequireAccessTokenHash": true,
    "RequireIdentityTokenOnRefreshTokenResponse": false,
    "RequireIdentityTokenSignature": true,
    "ValidSignatureAlgorithms": [
      "RS256",
      "RS384",
      "RS512"
    ]
  },
  "FilteredClaims": [
    "iss",
    "exp",
    "nbf",
    "aud",
    "nonce",
    "iat",
    "auth_time",
    "c_hash",
    "at_hash"
  ]
}
2020-12-04 22:19:59.904 +01:00 [VRB] CreateAuthorizeStateAsync
2020-12-04 22:19:59.904 +01:00 [VRB] CreatePkceData
2020-12-04 22:19:59.905 +01:00 [VRB] CreateNonce
2020-12-04 22:19:59.905 +01:00 [VRB] CreateState
2020-12-04 22:19:59.906 +01:00 [VRB] CreateUrl
2020-12-04 22:19:59.907 +01:00 [VRB] CreateParameters
2020-12-04 22:19:59.908 +01:00 [VRB] ObjectToDictionary
2020-12-04 22:19:59.910 +01:00 [DBG] {
  "StartUrl": "https://demo.identityserver.io/connect/authorize?response_type=code+id_token&nonce=0b1e9ea7413f4016849307d9e97b78c7&state=86e21e3479f862c8a9a243db538ee321&code_challenge=ckelCadCBe1Vmv92qRQCbSpC4q3T1samHiNoI43mRak&code_challenge_method=S256&client_id=native.hybrid&scope=openid+profile+api&redirect_uri=http%3A%2F%2F127.0.0.1%3A7890%2F&response_mode=form_post",
  "Nonce": "0b1e9ea7413f4016849307d9e97b78c7",
  "State": "86e21e3479f862c8a9a243db538ee321",
  "CodeVerifier": "7af7a1a7d24d9344422bb55b0c3eea0030fd6d529c50e07e8bd26aa58b514229",
  "RedirectUri": "http://127.0.0.1:7890/"
}
c# identityserver4 identitymodel oidc-client
Original Q&A
1

There are 1 answers

0
Mahesh More On

I was looking into the sample app and it looks like there is some incorrect configuration. You can get your app working by using below OidcClientOptions config.

var options = new OidcClientOptions
            {
                Authority = "https://demo.identityserver.io",
                ClientId = "interactive.public",
                Secret = "secret",
                Scope = "openid profile api",
                RedirectUri = redirectUri,
                Flow = OidcClientOptions.AuthenticationFlow.AuthorizationCode
            };

Happy coding!

Related Questions in C#

Related Questions in IDENTITYSERVER4

Related Questions in IDENTITYMODEL

Related Questions in OIDC-CLIENT

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions