c# - IdentityServer - Using Hybrid Flow -
i implemented identityserver3 , try use new asp.net core mvc application.
i want use hybrid flow don't seem working.
my client on identityserver3 setup this:
new client { clientname = "test", clientid = "test", clienturi = "http://localhost:59528/", flow = flows.hybrid, allowedscopes = new list<string>() { constants.standardscopes.openid, constants.standardscopes.profile }, redirecturis = new list<string> { "http://localhost:59528/signin-oidc", }, postlogoutredirecturis = new list<string> { "http://localhost:59528/", }, enabled = true }
asp.net core mvc application setup this:
public void configure(iapplicationbuilder app, iloggerfactory loggerfactory, iconfigurationservice configurationservice, applicationdbcontextseeddata seeder) { jwtsecuritytokenhandler.defaultinboundclaimtypemap.clear(); /* logging configuration */ loggerfactory.addconsole(); if (_environment.isdevelopment()) { app.usedeveloperexceptionpage(); loggerfactory.adddebug(loglevel.information); } else { loggerfactory.adddebug(loglevel.error); } /* identity server configuration */ app.usecookieauthentication(new cookieauthenticationoptions { authenticationscheme = "cookies", automaticauthenticate = true }); app.useopenidconnectauthentication(configurationservice.getopenidconnectoptions()); /* mvc route configuration */ app.usestaticfiles(); app.usemvc(configureroutes); /* database configuration */ seeder.ensureseeddata().wait(); }
here options read in getopenidconnectoption method:
"openidconnectoptions": { "authenticationscheme": "oidc", "signinscheme": "cookies", "authority": "http://localhost:7506/", "requirehttpsmetadata": "false", "postlogoutredirecturi": "http://localhost:59528/", "clientid": "test", "responsetype": "code id_token token", "getclaimsfromuserinfoendpoint": "true", "savetokens": "true", "scopes": [ "openid", "profile" ] }
with setup redirected identityserver, can login , after allow application redirected error page on asp.net core mvc application following error:
http://localhost:59528/signin-oidc httprequestexception: response status code not indicate success: 400 (bad request).
if change settings (add clientsecret server , client , change flow) managed working implicit flow prefer hybrid flow.
does have idea i'm doing wrong?
edit: changed things (added secrets client , server) , following log identityserver3. seems okay there.
2016-08-29 06:49:44,791 [18] info identityserver3.core.endpoints.authorizeendpointcontroller resuming consent, restarting validation 2016-08-29 06:49:44,792 [18] info identityserver3.core.validation.authorizerequestvalidator start authorize request protocol validation 2016-08-29 06:49:44,805 [25] info identityserver3.core.validation.authorizerequestvalidator authorize request validation success { "clientid": "test", "clientname": "test", "redirecturi": "http://localhost:59528/signin-oidc", "allowedredirecturis": [ "http://localhost:59528/signin-oidc" ], "subjectid": "...", "responsetype": "code id_token token", "responsemode": "form_post", "flow": "hybrid", "requestedscopes": "openid profile email", "state": "...", "nonce": "...", "sessionid": "...", "raw": { "client_id": "test", "redirect_uri": "http://localhost:59528/signin-oidc", "response_type": "code token id_token", "scope": "openid profile email", "response_mode": "form_post", "nonce": "...", "state": "..." } } 2016-08-29 06:49:44,808 [20] info identityserver3.core.responsehandling.authorizeresponsegenerator creating hybrid flow response. 2016-08-29 06:49:44,812 [15] info identityserver3.core.responsehandling.authorizeresponsegenerator creating implicit flow response. 2016-08-29 06:49:44,813 [15] debug identityserver3.core.services.default.defaulttokenservice creating access token 2016-08-29 06:49:44,814 [15] debug identityserver3.core.services.default.defaulttokenservice creating jwt access token 2016-08-29 06:49:44,865 [15] debug identityserver3.core.services.default.defaulttokenservice creating identity token 2016-08-29 06:49:44,866 [15] info identityserver3.core.services.default.defaultclaimsprovider getting claims identity token subject: 88010bab-091e-4095-8f5d-ac89a3fd9198 2016-08-29 06:49:44,920 [10] info identityserver3.entityframework.tokencleanup clearing tokens 2016-08-29 06:49:44,983 [15] debug identityserver3.core.services.default.defaulttokenservice creating jwt identity token 2016-08-29 06:49:45,035 [15] debug identityserver3.core.endpoints.authorizeendpointcontroller adding client virtualmoney client list cookie subject 88010bab-091e-4095-8f5d-ac89a3fd9198 2016-08-29 06:49:45,037 [15] info identityserver3.core.results.authorizeformpostresult posting http://localhost:59528/signin-oidc 2016-08-29 06:49:45,038 [15] debug identityserver3.core.results.authorizeformpostresult using defaultviewservice render authorization response html 2016-08-29 06:49:45,179 [18] info identityserver3.core.endpoints.tokenendpointcontroller start token request 2016-08-29 06:49:45,180 [18] debug identityserver3.core.validation.clientsecretvalidator start client validation 2016-08-29 06:49:45,181 [18] debug identityserver3.core.validation.basicauthenticationsecretparser start parsing basic authentication secret 2016-08-29 06:49:45,182 [18] debug identityserver3.core.validation.postbodysecretparser start parsing secret in post body 2016-08-29 06:49:45,183 [18] debug identityserver3.core.validation.secretparser parser found secret: postbodysecretparser 2016-08-29 06:49:45,184 [18] info identityserver3.core.validation.secretparser secret id found: virtualmoney 2016-08-29 06:49:45,188 [24] debug identityserver3.core.validation.secretvalidator secret validator success: hashedsharedsecretvalidator 2016-08-29 06:49:45,189 [24] info identityserver3.core.validation.clientsecretvalidator client validation success 2016-08-29 06:49:45,190 [24] info identityserver3.core.validation.tokenrequestvalidator start token request validation 2016-08-29 06:49:45,191 [24] info identityserver3.core.validation.tokenrequestvalidator start validation of authorization code token request 2016-08-29 06:49:45,218 [22] info identityserver3.core.validation.tokenrequestvalidator validation of authorization code token request success 2016-08-29 06:49:45,220 [22] info identityserver3.core.validation.tokenrequestvalidator token request validation success { "clientid": "test", "clientname": "test", "granttype": "authorization_code", "authorizationcode": "...", "raw": { "client_id": "test", "client_secret": "******", "code": "...", "grant_type": "authorization_code", "redirect_uri": "http://localhost:59528/signin-oidc" } } 2016-08-29 06:49:45,221 [22] info identityserver3.core.responsehandling.tokenresponsegenerator creating token response 2016-08-29 06:49:45,223 [22] info identityserver3.core.responsehandling.tokenresponsegenerator processing authorization code request 2016-08-29 06:49:45,225 [22] debug identityserver3.core.services.default.defaulttokenservice creating access token 2016-08-29 06:49:45,227 [22] debug identityserver3.core.services.default.defaulttokenservice creating jwt access token 2016-08-29 06:49:45,300 [22] debug identityserver3.core.services.default.defaulttokenservice creating identity token 2016-08-29 06:49:45,302 [22] info identityserver3.core.services.default.defaultclaimsprovider getting claims identity token subject: 88010bab-091e-4095-8f5d-ac89a3fd9198 2016-08-29 06:49:45,405 [22] debug identityserver3.core.services.default.defaulttokenservice creating jwt identity token 2016-08-29 06:49:45,486 [22] info identityserver3.core.endpoints.tokenendpointcontroller end token request
but error on client after redirect identityserver3:
openidconnectprotocolexception: idx10300: hash claim: '...' in id_token did not validate against
Comments
Post a Comment