c# - IdentityServer - Using Hybrid Flow -


i implemented identityserver3 , try use new asp.net core mvc application.

i want use hybrid flow don't seem working.

my client on identityserver3 setup this:

new client {     clientname = "test",     clientid = "test",     clienturi = "http://localhost:59528/",     flow = flows.hybrid,     allowedscopes = new list<string>()     {         constants.standardscopes.openid,         constants.standardscopes.profile     },     redirecturis = new list<string>     {         "http://localhost:59528/signin-oidc",     },     postlogoutredirecturis = new list<string>     {         "http://localhost:59528/",     },     enabled = true } 

asp.net core mvc application setup this:

public void configure(iapplicationbuilder app, iloggerfactory loggerfactory, iconfigurationservice configurationservice, applicationdbcontextseeddata seeder) {     jwtsecuritytokenhandler.defaultinboundclaimtypemap.clear();      /* logging configuration */     loggerfactory.addconsole();     if (_environment.isdevelopment())     {         app.usedeveloperexceptionpage();         loggerfactory.adddebug(loglevel.information);     }     else     {         loggerfactory.adddebug(loglevel.error);     }      /* identity server configuration */     app.usecookieauthentication(new cookieauthenticationoptions     {         authenticationscheme = "cookies",         automaticauthenticate = true     });     app.useopenidconnectauthentication(configurationservice.getopenidconnectoptions());      /* mvc route configuration */     app.usestaticfiles();     app.usemvc(configureroutes);      /* database configuration */     seeder.ensureseeddata().wait(); } 

here options read in getopenidconnectoption method:

"openidconnectoptions": {     "authenticationscheme": "oidc",     "signinscheme": "cookies",     "authority": "http://localhost:7506/",     "requirehttpsmetadata": "false",     "postlogoutredirecturi": "http://localhost:59528/",     "clientid": "test",     "responsetype": "code id_token token",     "getclaimsfromuserinfoendpoint": "true",     "savetokens": "true",     "scopes": [ "openid", "profile" ] } 

with setup redirected identityserver, can login , after allow application redirected error page on asp.net core mvc application following error:

http://localhost:59528/signin-oidc httprequestexception: response status code not indicate success: 400 (bad request). 

if change settings (add clientsecret server , client , change flow) managed working implicit flow prefer hybrid flow.

does have idea i'm doing wrong?

edit: changed things (added secrets client , server) , following log identityserver3. seems okay there.

2016-08-29 06:49:44,791 [18] info  identityserver3.core.endpoints.authorizeendpointcontroller resuming consent, restarting validation 2016-08-29 06:49:44,792 [18] info  identityserver3.core.validation.authorizerequestvalidator start authorize request protocol validation 2016-08-29 06:49:44,805 [25] info  identityserver3.core.validation.authorizerequestvalidator authorize request validation success  {   "clientid": "test",   "clientname": "test",   "redirecturi": "http://localhost:59528/signin-oidc",   "allowedredirecturis": [     "http://localhost:59528/signin-oidc"   ],   "subjectid": "...",   "responsetype": "code id_token token",   "responsemode": "form_post",   "flow": "hybrid",   "requestedscopes": "openid profile email",   "state": "...",   "nonce": "...",   "sessionid": "...",   "raw": {     "client_id": "test",     "redirect_uri": "http://localhost:59528/signin-oidc",     "response_type": "code token id_token",     "scope": "openid profile email",     "response_mode": "form_post",     "nonce": "...",     "state": "..."     } } 2016-08-29 06:49:44,808 [20] info  identityserver3.core.responsehandling.authorizeresponsegenerator creating hybrid flow response. 2016-08-29 06:49:44,812 [15] info  identityserver3.core.responsehandling.authorizeresponsegenerator creating implicit flow response. 2016-08-29 06:49:44,813 [15] debug identityserver3.core.services.default.defaulttokenservice creating access token 2016-08-29 06:49:44,814 [15] debug identityserver3.core.services.default.defaulttokenservice creating jwt access token 2016-08-29 06:49:44,865 [15] debug identityserver3.core.services.default.defaulttokenservice creating identity token 2016-08-29 06:49:44,866 [15] info  identityserver3.core.services.default.defaultclaimsprovider getting claims identity token subject: 88010bab-091e-4095-8f5d-ac89a3fd9198 2016-08-29 06:49:44,920 [10] info  identityserver3.entityframework.tokencleanup clearing tokens 2016-08-29 06:49:44,983 [15] debug identityserver3.core.services.default.defaulttokenservice creating jwt identity token 2016-08-29 06:49:45,035 [15] debug identityserver3.core.endpoints.authorizeendpointcontroller adding client virtualmoney client list cookie subject 88010bab-091e-4095-8f5d-ac89a3fd9198 2016-08-29 06:49:45,037 [15] info  identityserver3.core.results.authorizeformpostresult posting http://localhost:59528/signin-oidc 2016-08-29 06:49:45,038 [15] debug identityserver3.core.results.authorizeformpostresult using defaultviewservice render authorization response html 2016-08-29 06:49:45,179 [18] info  identityserver3.core.endpoints.tokenendpointcontroller start token request 2016-08-29 06:49:45,180 [18] debug identityserver3.core.validation.clientsecretvalidator start client validation 2016-08-29 06:49:45,181 [18] debug identityserver3.core.validation.basicauthenticationsecretparser start parsing basic authentication secret 2016-08-29 06:49:45,182 [18] debug identityserver3.core.validation.postbodysecretparser start parsing secret in post body 2016-08-29 06:49:45,183 [18] debug identityserver3.core.validation.secretparser parser found secret: postbodysecretparser 2016-08-29 06:49:45,184 [18] info  identityserver3.core.validation.secretparser secret id found: virtualmoney 2016-08-29 06:49:45,188 [24] debug identityserver3.core.validation.secretvalidator secret validator success: hashedsharedsecretvalidator 2016-08-29 06:49:45,189 [24] info  identityserver3.core.validation.clientsecretvalidator client validation success 2016-08-29 06:49:45,190 [24] info  identityserver3.core.validation.tokenrequestvalidator start token request validation 2016-08-29 06:49:45,191 [24] info  identityserver3.core.validation.tokenrequestvalidator start validation of authorization code token request 2016-08-29 06:49:45,218 [22] info  identityserver3.core.validation.tokenrequestvalidator validation of authorization code token request success 2016-08-29 06:49:45,220 [22] info  identityserver3.core.validation.tokenrequestvalidator token request validation success  {   "clientid": "test",   "clientname": "test",   "granttype": "authorization_code",   "authorizationcode": "...",   "raw": {     "client_id": "test",     "client_secret": "******",     "code": "...",     "grant_type": "authorization_code",     "redirect_uri": "http://localhost:59528/signin-oidc"   } } 2016-08-29 06:49:45,221 [22] info  identityserver3.core.responsehandling.tokenresponsegenerator creating token response 2016-08-29 06:49:45,223 [22] info  identityserver3.core.responsehandling.tokenresponsegenerator processing authorization code request 2016-08-29 06:49:45,225 [22] debug identityserver3.core.services.default.defaulttokenservice creating access token 2016-08-29 06:49:45,227 [22] debug identityserver3.core.services.default.defaulttokenservice creating jwt access token 2016-08-29 06:49:45,300 [22] debug identityserver3.core.services.default.defaulttokenservice creating identity token 2016-08-29 06:49:45,302 [22] info  identityserver3.core.services.default.defaultclaimsprovider getting claims identity token subject: 88010bab-091e-4095-8f5d-ac89a3fd9198 2016-08-29 06:49:45,405 [22] debug identityserver3.core.services.default.defaulttokenservice creating jwt identity token 2016-08-29 06:49:45,486 [22] info  identityserver3.core.endpoints.tokenendpointcontroller end token request 

but error on client after redirect identityserver3:

openidconnectprotocolexception: idx10300: hash claim: '...' in id_token did not validate against 


Comments

Popular posts from this blog

mysql - Dreamhost PyCharm Django Python 3 Launching a Site -

java - Sending SMS with SMSLib and Web Services -

python 3.5 - Pyqtgraph string in x tick -