Verify access code from identity provider on separate web api
dgxhubbard opened this issue · comments
Confirm you've already contributed to this project or that you sponsor it
- I confirm I'm a sponsor or a contributor
Version
5.0.1
Question
I have separate identity provider (idp) and web api and have turn on authorization in my web api. I get an access code from Identity Provider and pass to the web api. The web api is return "Unauthorized". In the web api output I get what is shown below.
I have followed the Aridka to a point. The web api, identity provider and client have their own certificates for encryption and and signing. The web api validation use the idp encryption certificate. The web api and idp certificates are in the trusted root store. I am not sure if the client should have its own certificate or use the idp
certificate is causing the problem or if it is something else that is causing the problem.
Output from Web Api for access token
01/08/24 12:54:09 279 {level:uppercase=true} OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler - OpenIddict.Validation.AspNetCore was not authenticated. Failure message: An error occurred while authenticating the current request.
info: OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler[7]
OpenIddict.Validation.AspNetCore was not authenticated. Failure message: An error occurred while authenticating the current request.
01/08/24 12:54:09 284 {level:uppercase=true} Microsoft.AspNetCore.Authorization.DefaultAuthorizationService - Authorization failed. These requirements were not met:
DenyAnonymousAuthorizationRequirement: Requires an authenticated user.
01/08/24 12:54:09 284 {level:uppercase=true} OpenIddict.Validation.OpenIddictValidationDispatcher - The response was successfully returned as a challenge response: {
"error": "invalid_token",
"error_description": "The specified token is invalid.",
"error_uri": "https://documentation.openiddict.com/errors/ID2004"
}.
info: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The response was successfully returned as a challenge response: {
"error": "invalid_token",
"error_description": "The specified token is invalid.",
"error_uri": "https://documentation.openiddict.com/errors/ID2004"
}.
01/08/24 12:54:09 284 {level:uppercase=true} OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler - AuthenticationScheme: OpenIddict.Validation.AspNetCore was challenged.
info: OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler[12]
AuthenticationScheme: OpenIddict.Validation.AspNetCore was challenged.
01/08/24 12:54:09 284 {level:uppercase=true} Microsoft.AspNetCore.Hosting.Diagnostics - Request finished HTTP/1.1 GET
Client Code Startup
var clientCertificates = new Certificates ();
if ( clientCertificates == null )
throw new NullReferenceException ( "FAILED to create client certificates" );
var certPath = Path.Combine ( path, CertsFilename );
if ( !clientCertificates.Exists ( certPath ) )
throw new InvalidOperationException ( "FAILED to get client certificates" );
clientCertificates.LoadCerts ( certPath );
var services = new ServiceCollection ();
services.AddOpenIddict ()
// Register the OpenIddict client components.
.AddClient ( options =>
{
// Allow grant_type=client_credentials to be negotiated.
options.AllowClientCredentialsFlow ();
// Disable token storage, which is not necessary for non-interactive flows like
// grant_type=password, grant_type=client_credentials or grant_type=refresh_token.
options.DisableTokenStorage ();
var xEncrypt = new X509Certificate2 ( File.ReadAllBytes ( clientCertificates.EncryptionCert ), clientCertificates.EncryptionPassword );
var xSigning = new X509Certificate2 ( File.ReadAllBytes ( clientCertificates.SigningCert ), clientCertificates.SigningPassword );
// Register the signing and encryption credentials used to protect
// sensitive data like the state tokens produced by OpenIddict.
options.AddEncryptionCertificate ( xEncrypt )
.AddSigningCertificate ( xSigning );
// Add the operating system integration.
//options.UseSystemIntegration ()
// .SetAllowedEmbeddedWebServerPorts ( 7000 );
// Register the System.Net.Http integration and use the identity of the current
// assembly as a more specific user agent, which can be useful when dealing with
// providers that use the user agent as a way to throttle requests (e.g Reddit).
options.UseSystemNetHttp ()
.SetProductInformation ( typeof ( TestsSetupClass ).Assembly );
// Add a client registration matching the client application definition in the server project.
options.AddRegistration ( new OpenIddictClientRegistration
{
Issuer = new Uri ( "https://localhost:7296/", UriKind.Absolute ),
ClientId = "core_api_console",
ClientSecret = "E2B00F84-82D2-4D43-B081-B4B88283175A",
} );
} );
await using var provider = services.BuildServiceProvider ();
var service = provider.GetRequiredService<OpenIddictClientService> ();
var result = await service.AuthenticateWithClientCredentialsAsync ( new () );
AccessToken = result.AccessToken;
HttpClient Code setup
Client = new HttpClient ();
Client.BaseAddress = new Uri ( baseUrl );
Client.DefaultRequestHeaders.Accept.Clear ();
Client.DefaultRequestHeaders.Add ( "Accept", "application/json" );
Client.DefaultRequestHeaders.Accept.Add ( new MediaTypeWithQualityHeaderValue ( "application/json" ) );
Client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue ( "Bearer", accessToken );
Client Code Request
var response = await Client.GetAsync ( url );
var txt = response.Content.ReadAsStringAsync ();
List<MyDto> items;
if ( response.IsSuccessStatusCode )
{
items = response.Content.ReadAsAsync<List<MyDto>> ().Result;
}
else
{
Console.WriteLine ( "Internal server Error" );
}
Identity Provider Setup
// get certificate to use
// using certificate.json for info
// this so user can use their own certificate
var idpCertificates = new Certificates ();
if ( idpCertificates == null )
throw new NullReferenceException ( "FAILED to create certificates" );
var certPath = Path.Combine ( path, CertsFilename );
if ( !idpCertificates.Exists ( certPath ) )
throw new InvalidOperationException ( "FAILED no certificates file" );
idpCertificates.LoadCerts ( certPath );
LogProvider.Logger.LogInfo ( "Encrypton Cert " + idpCertificates.EncryptionCert );
LogProvider.Logger.LogInfo ( "Signing Cert " + idpCertificates.SigningCert );
// setup database
var dbName = "authorize.db";
var contentRootPath = WindowsServiceHelpers.IsWindowsService () ? AppContext.BaseDirectory : path;
var builder = WebApplication.CreateBuilder ( new WebApplicationOptions
{
Args = args,
ContentRootPath = contentRootPath,
ApplicationName = "My.IDP"
} ); ;
builder.Services.AddDbContext<AppDbContext> ( options =>
{
options.UseSQLite ( connectionString );
// Register the entity sets needed by OpenIddict.
options.UseOpenIddict ();
} );
var ipAddress = IPAddress.Parse ( "127.0.0.1" );
builder.WebHost.ConfigureKestrel (
options =>
{
var port = ports.IdpPort;
var pfxFilePath = idpCertificates.EncryptionCert;
var pfxPassword = idpCertificates.EncryptionPassword;
options.Listen (
ipAddress, port,
listenOptions =>
{
// Configure Kestrel to use a certificate from a local .PFX file for hosting HTTPS
listenOptions.UseHttps ( pfxFilePath, pfxPassword );
} );
} );
// Add services to the container
builder.Services.AddControllersWithViews ();
builder.Services.AddOpenIddict ()
// Register the OpenIddict Core. components
.AddCore ( options =>
{
options.UseEntityFrameworkCore ()
.UseDbContext<AppDbContext> ();
} )
// Register the OpenIddict server components
.AddServer ( options =>
{
options
.SetAuthorizationEndpointUris ( "/connect/authorize" )
.SetTokenEndpointUris ( "/connect/token" )
.SetUserinfoEndpointUris ( "/connect/userinfo" );
options
.AllowClientCredentialsFlow ();
// Accept anonymous clients (i.e clients that don't send a client_id).
options.AcceptAnonymousClients ();
var xEncrypt = new X509Certificate2 ( File.ReadAllBytes ( idpCertificates.EncryptionCert ), idpCertificates.EncryptionPassword );
var xSigning = new X509Certificate2 ( File.ReadAllBytes ( idpCertificates.SigningCert ), idpCertificates.SigningPassword );
// Register the signing and encryption credentials used to protect
// sensitive data like the state tokens produced by OpenIddict.
options.AddEncryptionCertificate ( xEncrypt )
.AddSigningCertificate ( xSigning );
// Register the ASP.NET Core. host and configure the ASP.NET Core.-specific options
options
.UseAspNetCore ()
.EnableTokenEndpointPassthrough ()
.EnableAuthorizationEndpointPassthrough ()
.EnableUserinfoEndpointPassthrough ();
} )
// Register the OpenIddict validation components
.AddValidation ( options =>
{
// Import the configuration from the local OpenIddict server instance
options.UseLocalServer ();
// Register the ASP.NET Core. host
options.UseAspNetCore ();
} );
builder.Host.UseWindowsService ();
builder.Services.AddWindowsService ( options =>
{
options.ServiceName = "AAAIdp";
} );
builder.Services.AddAuthorization ()
.AddAuthentication ( options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
} )
.AddCookie ( options =>
{
options.LoginPath = "/login";
options.LogoutPath = "/logout";
options.ExpireTimeSpan = TimeSpan.FromMinutes ( 50 );
options.SlidingExpiration = false;
} );
builder.Services.AddScoped<UserManager, UserManager> ();
builder.Services.AddScoped ( sp =>
{
var client = new HttpClient ();
client.BaseAddress = new Uri ( "https://localhost" + ":" + ports.IdpPort );
return client;
} );
builder.Services.AddRazorPages ();
var app = builder.Build ();
// Configure the HTTP request pipeline.
if ( app.Environment.IsDevelopment () )
{
app.UseDeveloperExceptionPage ();
}
else
{
app.UseExceptionHandler ( "/Error" );
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts ();
}
app.UseHttpsRedirection ();
app.UseStaticFiles ();
app.UseRouting ();
app.UseHttpsRedirection ();
// Create new application registrations matching the values configured in Zirku.Client and Zirku.Api1.
// Note: in a real world application, this step should be part of a setup script.
using ( var scope = app.Services.CreateAsyncScope () )
{
var context = scope.ServiceProvider.GetRequiredService<AppDbContext> ();
context.Database.EnsureCreated ();
CreateApplicationsAsync().GetAwaiter ().GetResult ();
CreateScopesAsync().GetAwaiter ().GetResult ();
async Task CreateApplicationsAsync ()
{
var manager = scope.ServiceProvider.GetRequiredService<IOpenIddictApplicationManager> ();
if ( await manager.FindByClientIdAsync ( "core_api_console" ) is null )
{
await manager.CreateAsync ( new OpenIddictApplicationDescriptor
{
ClientId = "core_api_console",
ClientSecret = "XXXXXXXXXXXXXXXXXX",
DisplayName = "My client application",
Permissions =
{
Permissions.Endpoints.Token,
Permissions.GrantTypes.ClientCredentials
}
} );
}
}
app.UseAuthentication ();
app.UseAuthorization ();
app.MapRazorPages ();
app.MapControllers ();
app.Run ();
Web Api Setup
// get certificate to use
// using certificate.json for info
// this so user can use their own certificate
var apiCertificates = new Certificates ();
if ( apiCertificates == null )
throw new NullReferenceException ( "FAILED to create certificates" );
var certPath = Path.Combine ( path, ApiCertsFilename );
if ( !apiCertificates.Exists ( certPath ) )
throw new InvalidOperationException ( "FAILED no api certificates file" );
apiCertificates.LoadCerts ( certPath );
LogProvider.Logger.LogInfo ( "Encrypton Cert " + apiCertificates.EncryptionCert );
LogProvider.Logger.LogInfo ( "Signing Cert " + apiCertificates.SigningCert );
var contentRootPath = WindowsServiceHelpers.IsWindowsService () ? AppContext.BaseDirectory : path;
LogProvider.Logger.LogInfo ( "ContentRootPath: " + contentRootPath );
var builder = WebApplication.CreateBuilder ( new WebApplicationOptions
{
Args = args,
ContentRootPath = contentRootPath,
ApplicationName = "Gt.WebApi"
} ); ;
var ipAddress = IPAddress.Parse ( "127.0.0.1" );
builder.WebHost.ConfigureKestrel (
options =>
{
var port = ports.ApiPort;
var pfxFilePath = apiCertificates.EncryptionCert;
var pfxPassword = apiCertificates.EncryptionPassword;
options.Listen (
ipAddress, port,
listenOptions =>
{
// Configure Kestrel to use a certificate from a local .PFX file for hosting HTTPS
listenOptions.UseHttps ( pfxFilePath, pfxPassword );
} );
} );
// Register the OpenIddict validation components.
builder.Services.AddOpenIddict ()
.AddValidation ( options =>
{
// Note: the validation handler uses OpenID Connect discovery
// to retrieve the issuer signing keys used to validate tokens.
options.SetIssuer ( "https://localhost" + ":" + ports.IdpPort );
options.AddAudiences ( "gt_resource_server" );
var idpCertificates = new Certificates ();
if ( idpCertificates == null )
throw new NullReferenceException ( "FAILED to create certificates" );
var certPath = Path.Combine ( path, IdpCertsFilename );
if ( !idpCertificates.Exists ( certPath ) )
throw new InvalidOperationException ( "FAILED no idp certificates file" );
idpCertificates.LoadCerts ( certPath );
var xEncrypt = new X509Certificate2 ( File.ReadAllBytes ( idpCertificates.EncryptionCert ), idpCertificates.EncryptionPassword );
// Register the signing and encryption credentials used to protect
// sensitive data like the state tokens produced by OpenIddict.
options.AddEncryptionCertificate ( xEncrypt );
// Register the System.Net.Http integration.
options.UseSystemNetHttp ();
// Register the ASP.NET Core host.
options.UseAspNetCore ();
} );
builder.Host.UseWindowsService ();
builder.Services.AddWindowsService ( options =>
{
options.ServiceName = "AAAWebApi";
} );
builder.Services.ConfigureAuthetication ();
// Add services to the container.
builder.Services.AddControllersWithViews ()
.AddJsonOptions ( o => o.JsonSerializerOptions
.ReferenceHandler = ReferenceHandler.Preserve );
builder.Services.AddRazorPages ();
var apiAssembly = typeof ( Gt.ApiControllers.GageController ).Assembly;
builder.Services.AddControllers ().
AddJsonOptions ( options =>
{
options.JsonSerializerOptions.PropertyNamingPolicy = null;
options.JsonSerializerOptions.ReferenceHandler = System.Text.Json.Serialization.ReferenceHandler.Preserve;
} ).
AddApplicationPart ( apiAssembly );
builder.Services.AddApiVersioning ( opt =>
{
opt.DefaultApiVersion = new Microsoft.AspNetCore.Mvc.ApiVersion ( 1, 0 );
opt.AssumeDefaultVersionWhenUnspecified = true;
opt.ReportApiVersions = true;
opt.ApiVersionReader =
ApiVersionReader.Combine ( new UrlSegmentApiVersionReader (),
new HeaderApiVersionReader ( "x-api-version" ),
new MediaTypeApiVersionReader ( "x-api-version" ) );
} );
builder.Services.AddSession ();
builder.Services.AddScoped ( sp => new HttpClient { BaseAddress = new Uri ( "https://localhost:" + ports.ApiPort ) } );
builder.Services.AddLocalization ();
builder.Services.AddScoped<UserManager, UserManager> ();
var app = builder.Build ();
// Configure the HTTP request pipeline.
if ( app.Environment.IsDevelopment () )
{
app.UseWebAssemblyDebugging ();
app.UseDeveloperExceptionPage ();
}
else
{
app.UseExceptionHandler ( "/Error" );
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts ();
}
app.UseHttpsRedirection ();
app.UseBlazorFrameworkFiles ();
app.UseStaticFiles ();
app.UseRouting ();
app.UseSession ();
app.UseAuthentication ();
app.UseAuthorization ();
app.MapRazorPages ();
app.MapControllers ();
app.MapFallbackToFile ( "index.html" );
app.Run ();
Hey,
Happy new year! 🎉
Any chance you could change the log level to Trace and post the logs of the Web API app?
Thanks.
Yes I can
Web Api Log File
01/08/24 13:40:48 863 INFO System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler - Start processing HTTP request GET https://localhost:7296/.well-known/openid-configuration
01/08/24 13:40:48 863 INFO System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler - Sending HTTP request GET https://localhost:7296/.well-known/openid-configuration
01/08/24 13:40:51 094 INFO System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler - Received HTTP response headers after 2207.1698ms - 200
01/08/24 13:40:51 112 INFO System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler - End processing HTTP request after 2251.985ms - 200
01/08/24 13:40:51 125 INFO OpenIddict.Validation.OpenIddictValidationDispatcher - The configuration request was successfully sent to https://localhost:7296/.well-known/openid-configuration: {}.
01/08/24 13:40:51 196 INFO OpenIddict.Validation.OpenIddictValidationDispatcher - The configuration response returned by https://localhost:7296/.well-known/openid-configuration was successfully extracted: {
"issuer": "https://localhost:7296/",
"authorization_endpoint": "https://localhost:7296/connect/authorize",
"token_endpoint": "https://localhost:7296/connect/token",
"userinfo_endpoint": "https://localhost:7296/connect/userinfo",
"jwks_uri": "https://localhost:7296/.well-known/jwks",
"grant_types_supported": [
"authorization_code",
"password",
"refresh_token",
"client_credentials"
],
"response_types_supported": [
"code"
],
"response_modes_supported": [
"form_post",
"fragment",
"query"
],
"scopes_supported": [
"openid",
"offline_access"
],
"claims_supported": [
"aud",
"exp",
"iat",
"iss",
"sub"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"code_challenge_methods_supported": [
"plain",
"S256"
],
"subject_types_supported": [
"public"
],
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"private_key_jwt",
"client_secret_basic"
],
"claims_parameter_supported": false,
"request_parameter_supported": false,
"request_uri_parameter_supported": false,
"authorization_response_iss_parameter_supported": true
}.
01/08/24 13:40:51 220 INFO System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler - Start processing HTTP request GET https://localhost:7296/.well-known/jwks
01/08/24 13:40:51 220 INFO System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler - Sending HTTP request GET https://localhost:7296/.well-known/jwks
01/08/24 13:40:51 220 INFO System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler - Received HTTP response headers after 9.8022ms - 200
01/08/24 13:40:51 220 INFO System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler - End processing HTTP request after 11.6721ms - 200
01/08/24 13:40:51 234 INFO OpenIddict.Validation.OpenIddictValidationDispatcher - The cryptography request was successfully sent to https://localhost:7296/.well-known/jwks: {}.
01/08/24 13:40:51 234 INFO OpenIddict.Validation.OpenIddictValidationDispatcher - The cryptography response returned by https://localhost:7296/.well-known/jwks was successfully extracted: {
"keys": [
{
"kid": "14BDA94995FFA358D7A168F1AE056B020ECC25A7",
"use": "sig",
"kty": "RSA",
"alg": "RS256",
"e": "AQAB",
"n": "rFluvJnu0st_oHIltN3X2MhulUHoBCiN4CpRKlN_QUPcNs6ECf1teP1lfte3wqt1SiaX_99_IQQeOL9rJdC-ubh9AIzfSbUCW3iHyABB-vEWVA7Tzx6eNd2RhGNeRW4fsyJ3Q2TK1-s3-HW-8xvt1XtbP6rK_F_P48rkSQ8lKsWn4ze9p63B8UadypWnhf59MvkUVMdStU-Ca6Uh2FebfeJEHEXEWrmejvGdSO73DoQsz5BpWKTRa0Krf3zC0iUl67sTp5o1LcaACV3BnvVzarmrHzZ3nsPhV6usERlcWv_qHevS6f7VwEvFDoonFiteDqBW68UfTi-nK7sSpVHztQ",
"x5t": "FL2pSZX_o1jXoWjxrgVrAg7MJac",
"x5c": [
"MIIC/zCCAeegAwIBAgIIT6v4tSn5PwIwDQYJKoZIhvcNAQELBQAwFzEVMBMGA1UEAxMMR0FHRXRyYWsgSURQMB4XDTIzMTIyMTIxMTM0OFoXDTI1MTIyMTIxMTM0OFowFzEVMBMGA1UEAxMMR0FHRXRyYWsgSURQMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFluvJnu0st/oHIltN3X2MhulUHoBCiN4CpRKlN/QUPcNs6ECf1teP1lfte3wqt1SiaX/99/IQQeOL9rJdC+ubh9AIzfSbUCW3iHyABB+vEWVA7Tzx6eNd2RhGNeRW4fsyJ3Q2TK1+s3+HW+8xvt1XtbP6rK/F/P48rkSQ8lKsWn4ze9p63B8UadypWnhf59MvkUVMdStU+Ca6Uh2FebfeJEHEXEWrmejvGdSO73DoQsz5BpWKTRa0Krf3zC0iUl67sTp5o1LcaACV3BnvVzarmrHzZ3nsPhV6usERlcWv/qHevS6f7VwEvFDoonFiteDqBW68UfTi+nK7sSpVHztQIDAQABo08wTTA7BgNVHREENDAyhwR/AAABhxAAAAAAAAAAAAAAAAAAAAABgglsb2NhbGhvc3SCDURHWEhVQkJBUkRPTEQwDgYDVR0PAQH/BAQDAgSwMA0GCSqGSIb3DQEBCwUAA4IBAQA7e6tX8VGkvTUtRBRFQ0D0KbjNJV8hbui9Grpq7mH+ABjRy9qJTmH4tCwWcwkigOcY5DJ8vaIRlmVO8Sri6aH1WfcQO6iFZaVqPIv+6A4XQxwDOohc7mak/aUjOIVFW/KyEgTs6ziRGKz+o7Q4EooInam1ZRx6t9YSlLdKpjjSB7eJ5Crq7vkEu9aLV6Z71pYI3vmK/9qRWdU/XkC2QbAz3vpG4790W6wA63WVW7S/VDBpnz8os6CCCkCZjNldJk1b91cBndaWmWWORIXMuqfAupwFKCEgI7kC82LmB38WGaqeMBsLwJPjuB5UpgmL5Yd6iJTS3yw4oGvdsDzyOmXw"
]
}
]
}.
01/08/24 13:40:51 572 INFO OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler - OpenIddict.Validation.AspNetCore was not authenticated. Failure message: An error occurred while authenticating the current request.
01/08/24 13:40:51 578 INFO Microsoft.AspNetCore.Authorization.DefaultAuthorizationService - Authorization failed. These requirements were not met:
DenyAnonymousAuthorizationRequirement: Requires an authenticated user.
01/08/24 13:40:51 578 INFO OpenIddict.Validation.OpenIddictValidationDispatcher - The response was successfully returned as a challenge response: {
"error": "invalid_token",
"error_description": "The specified token is invalid.",
"error_uri": "https://documentation.openiddict.com/errors/ID2004"
}.
01/08/24 13:40:51 578 INFO OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler - AuthenticationScheme: OpenIddict.Validation.AspNetCore was challenged.
01/08/24 13:40:51 578 INFO Microsoft.AspNetCore.Hosting.Diagnostics - Request finished HTTP/1.1 GET https://localhost:7224/api/v1/Gage/ - - - 401 0 - 2919.9439ms
IDP Log File
01/08/24 13:40:38 069 INFO OpenIddict.Server.OpenIddictServerDispatcher - The response was successfully returned as a JSON document: {
"access_token": "[redacted]",
"token_type": "Bearer",
"expires_in": 3599
}.
01/08/24 13:40:38 069 INFO Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker - Executed action Gt.IDP.Controllers.AuthorizationController.Exchange (Gt.IDP) in 384.281ms
01/08/24 13:40:38 069 INFO Microsoft.AspNetCore.Routing.EndpointMiddleware - Executed endpoint 'Gt.IDP.Controllers.AuthorizationController.Exchange (Gt.IDP)'
01/08/24 13:40:38 080 INFO Microsoft.AspNetCore.Hosting.Diagnostics - Request finished HTTP/1.1 POST https://localhost:7296/connect/token application/x-www-form-urlencoded 107 - 200 1752 application/json;charset=UTF-8 550.9201ms
01/08/24 13:40:51 039 INFO Microsoft.AspNetCore.Hosting.Diagnostics - Request starting HTTP/1.1 GET https://localhost:7296/.well-known/openid-configuration - -
01/08/24 13:40:51 039 INFO OpenIddict.Server.OpenIddictServerDispatcher - The request URI matched a server endpoint: Configuration.
01/08/24 13:40:51 039 INFO OpenIddict.Server.OpenIddictServerDispatcher - The configuration request was successfully extracted: {}.
01/08/24 13:40:51 046 INFO OpenIddict.Server.OpenIddictServerDispatcher - The configuration request was successfully validated.
01/08/24 13:40:51 046 INFO OpenIddict.Server.OpenIddictServerDispatcher - The response was successfully returned as a JSON document: {
"issuer": "https://localhost:7296/",
"authorization_endpoint": "https://localhost:7296/connect/authorize",
"token_endpoint": "https://localhost:7296/connect/token",
"userinfo_endpoint": "https://localhost:7296/connect/userinfo",
"jwks_uri": "https://localhost:7296/.well-known/jwks",
"grant_types_supported": [
"authorization_code",
"password",
"refresh_token",
"client_credentials"
],
"response_types_supported": [
"code"
],
"response_modes_supported": [
"form_post",
"fragment",
"query"
],
"scopes_supported": [
"openid",
"offline_access"
],
"claims_supported": [
"aud",
"exp",
"iat",
"iss",
"sub"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"code_challenge_methods_supported": [
"plain",
"S256"
],
"subject_types_supported": [
"public"
],
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"private_key_jwt",
"client_secret_basic"
],
"claims_parameter_supported": false,
"request_parameter_supported": false,
"request_uri_parameter_supported": false,
"authorization_response_iss_parameter_supported": true
}.
01/08/24 13:40:51 046 INFO Microsoft.AspNetCore.Hosting.Diagnostics - Request finished HTTP/1.1 GET https://localhost:7296/.well-known/openid-configuration - - - 200 1231 application/json;charset=UTF-8 17.0690ms
01/08/24 13:40:51 224 INFO Microsoft.AspNetCore.Hosting.Diagnostics - Request starting HTTP/1.1 GET https://localhost:7296/.well-known/jwks - -
01/08/24 13:40:51 224 INFO OpenIddict.Server.OpenIddictServerDispatcher - The request URI matched a server endpoint: Cryptography.
01/08/24 13:40:51 224 INFO OpenIddict.Server.OpenIddictServerDispatcher - The cryptography request was successfully extracted: {}.
01/08/24 13:40:51 224 INFO OpenIddict.Server.OpenIddictServerDispatcher - The cryptography request was successfully validated.
01/08/24 13:40:51 224 INFO OpenIddict.Server.OpenIddictServerDispatcher - The response was successfully returned as a JSON document: {
"keys": [
{
"kid": "14BDA94995FFA358D7A168F1AE056B020ECC25A7",
"use": "sig",
"kty": "RSA",
"alg": "RS256",
"e": "AQAB",
"n": "rFluvJnu0st_oHIltN3X2MhulUHoBCiN4CpRKlN_QUPcNs6ECf1teP1lfte3wqt1SiaX_99_IQQeOL9rJdC-ubh9AIzfSbUCW3iHyABB-vEWVA7Tzx6eNd2RhGNeRW4fsyJ3Q2TK1-s3-HW-8xvt1XtbP6rK_F_P48rkSQ8lKsWn4ze9p63B8UadypWnhf59MvkUVMdStU-Ca6Uh2FebfeJEHEXEWrmejvGdSO73DoQsz5BpWKTRa0Krf3zC0iUl67sTp5o1LcaACV3BnvVzarmrHzZ3nsPhV6usERlcWv_qHevS6f7VwEvFDoonFiteDqBW68UfTi-nK7sSpVHztQ",
"x5t": "FL2pSZX_o1jXoWjxrgVrAg7MJac",
"x5c": [
"MIIC/zCCAeegAwIBAgIIT6v4tSn5PwIwDQYJKoZIhvcNAQELBQAwFzEVMBMGA1UEAxMMR0FHRXRyYWsgSURQMB4XDTIzMTIyMTIxMTM0OFoXDTI1MTIyMTIxMTM0OFowFzEVMBMGA1UEAxMMR0FHRXRyYWsgSURQMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFluvJnu0st/oHIltN3X2MhulUHoBCiN4CpRKlN/QUPcNs6ECf1teP1lfte3wqt1SiaX/99/IQQeOL9rJdC+ubh9AIzfSbUCW3iHyABB+vEWVA7Tzx6eNd2RhGNeRW4fsyJ3Q2TK1+s3+HW+8xvt1XtbP6rK/F/P48rkSQ8lKsWn4ze9p63B8UadypWnhf59MvkUVMdStU+Ca6Uh2FebfeJEHEXEWrmejvGdSO73DoQsz5BpWKTRa0Krf3zC0iUl67sTp5o1LcaACV3BnvVzarmrHzZ3nsPhV6usERlcWv/qHevS6f7VwEvFDoonFiteDqBW68UfTi+nK7sSpVHztQIDAQABo08wTTA7BgNVHREENDAyhwR/AAABhxAAAAAAAAAAAAAAAAAAAAABgglsb2NhbGhvc3SCDURHWEhVQkJBUkRPTEQwDgYDVR0PAQH/BAQDAgSwMA0GCSqGSIb3DQEBCwUAA4IBAQA7e6tX8VGkvTUtRBRFQ0D0KbjNJV8hbui9Grpq7mH+ABjRy9qJTmH4tCwWcwkigOcY5DJ8vaIRlmVO8Sri6aH1WfcQO6iFZaVqPIv+6A4XQxwDOohc7mak/aUjOIVFW/KyEgTs6ziRGKz+o7Q4EooInam1ZRx6t9YSlLdKpjjSB7eJ5Crq7vkEu9aLV6Z71pYI3vmK/9qRWdU/XkC2QbAz3vpG4790W6wA63WVW7S/VDBpnz8os6CCCkCZjNldJk1b91cBndaWmWWORIXMuqfAupwFKCEgI7kC82LmB38WGaqeMBsLwJPjuB5UpgmL5Yd6iJTS3yw4oGvdsDzyOmXw"
]
}
]
}.
01/08/24 13:40:51 224 INFO Microsoft.AspNetCore.Hosting.Diagnostics - Request finished HTTP/1.1 GET https://localhost:7296/.well-known/jwks - - - 200 1647 application/json;charset=UTF-8 7.1702ms
You need to lower the log level down to Trace to see the root cause of the token validation error.
Both are set to trace. This is log config or both:
// NLog: Setup NLog for Dependency injection
builder.Logging.ClearProviders ();
builder.Logging.SetMinimumLevel ( Microsoft.Extensions.Logging.LogLevel.Trace );
builder.Host.UseNLog ();
builder.Logging.AddConsole ();
I am using client credentials flow and I cannot figure out why this would appear:
enyAnonymousAuthorizationRequirement: Requires an authenticated user.
I thought client credentials did not require user just the secret
Both are set to trace. This is log config or both:
Something's not right: you should get a lot more logs when using Trace. Can you try without NLog?
I can try configuring with Seri Log but that did not work well before.
Should I turn off nlog and just give you console output?
With this as config
// NLog: Setup NLog for Dependency injection
//builder.Logging.ClearProviders ();
builder.Logging.SetMinimumLevel ( Microsoft.Extensions.Logging.LogLevel.Trace );
//builder.Host.UseNLog ();
builder.Logging.AddConsole ();
Web Api Console
info: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler[100]
Start processing HTTP request GET https://localhost:7296/.well-known/openid-configuration
info: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler[100]
Sending HTTP request GET https://localhost:7296/.well-known/openid-configuration
info: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler[101]
Received HTTP response headers after 2202.3437ms - 200
info: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler[101]
End processing HTTP request after 2256.3233ms - 200
info: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The configuration request was successfully sent to https://localhost:7296/.well-known/openid-configuration: {}.
info: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The configuration response returned by https://localhost:7296/.well-known/openid-configuration was successfully extracted: {
"issuer": "https://localhost:7296/",
"authorization_endpoint": "https://localhost:7296/connect/authorize",
"token_endpoint": "https://localhost:7296/connect/token",
"userinfo_endpoint": "https://localhost:7296/connect/userinfo",
"jwks_uri": "https://localhost:7296/.well-known/jwks",
"grant_types_supported": [
"authorization_code",
"password",
"refresh_token",
"client_credentials"
],
"response_types_supported": [
"code"
],
"response_modes_supported": [
"form_post",
"fragment",
"query"
],
"scopes_supported": [
"openid",
"offline_access"
],
"claims_supported": [
"aud",
"exp",
"iat",
"iss",
"sub"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"code_challenge_methods_supported": [
"plain",
"S256"
],
"subject_types_supported": [
"public"
],
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"private_key_jwt",
"client_secret_basic"
],
"claims_parameter_supported": false,
"request_parameter_supported": false,
"request_uri_parameter_supported": false,
"authorization_response_iss_parameter_supported": true
}.
info: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler[100]
Start processing HTTP request GET https://localhost:7296/.well-known/jwks
info: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler[100]
Sending HTTP request GET https://localhost:7296/.well-known/jwks
info: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler[101]
Received HTTP response headers after 10.4656ms - 200
info: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler[101]
End processing HTTP request after 17.0731ms - 200
info: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The cryptography request was successfully sent to https://localhost:7296/.well-known/jwks: {}.
info: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The cryptography response returned by https://localhost:7296/.well-known/jwks was successfully extracted: {
"keys": [
{
"kid": "14BDA94995FFA358D7A168F1AE056B020ECC25A7",
"use": "sig",
"kty": "RSA",
"alg": "RS256",
"e": "AQAB",
"n": "rFluvJnu0st_oHIltN3X2MhulUHoBCiN4CpRKlN_QUPcNs6ECf1teP1lfte3wqt1SiaX_99_IQQeOL9rJdC-ubh9AIzfSbUCW3iHyABB-vEWVA7Tzx6eNd2RhGNeRW4fsyJ3Q2TK1-s3-HW-8xvt1XtbP6rK_F_P48rkSQ8lKsWn4ze9p63B8UadypWnhf59MvkUVMdStU-Ca6Uh2FebfeJEHEXEWrmejvGdSO73DoQsz5BpWKTRa0Krf3zC0iUl67sTp5o1LcaACV3BnvVzarmrHzZ3nsPhV6usERlcWv_qHevS6f7VwEvFDoonFiteDqBW68UfTi-nK7sSpVHztQ",
"x5t": "FL2pSZX_o1jXoWjxrgVrAg7MJac",
"x5c": [
"MIIC/zCCAeegAwIBAgIIT6v4tSn5PwIwDQYJKoZIhvcNAQELBQAwFzEVMBMGA1UEAxMMR0FHRXRyYWsgSURQMB4XDTIzMTIyMTIxMTM0OFoXDTI1MTIyMTIxMTM0OFowFzEVMBMGA1UEAxMMR0FHRXRyYWsgSURQMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFluvJnu0st/oHIltN3X2MhulUHoBCiN4CpRKlN/QUPcNs6ECf1teP1lfte3wqt1SiaX/99/IQQeOL9rJdC+ubh9AIzfSbUCW3iHyABB+vEWVA7Tzx6eNd2RhGNeRW4fsyJ3Q2TK1+s3+HW+8xvt1XtbP6rK/F/P48rkSQ8lKsWn4ze9p63B8UadypWnhf59MvkUVMdStU+Ca6Uh2FebfeJEHEXEWrmejvGdSO73DoQsz5BpWKTRa0Krf3zC0iUl67sTp5o1LcaACV3BnvVzarmrHzZ3nsPhV6usERlcWv/qHevS6f7VwEvFDoonFiteDqBW68UfTi+nK7sSpVHztQIDAQABo08wTTA7BgNVHREENDAyhwR/AAABhxAAAAAAAAAAAAAAAAAAAAABgglsb2NhbGhvc3SCDURHWEhVQkJBUkRPTEQwDgYDVR0PAQH/BAQDAgSwMA0GCSqGSIb3DQEBCwUAA4IBAQA7e6tX8VGkvTUtRBRFQ0D0KbjNJV8hbui9Grpq7mH+ABjRy9qJTmH4tCwWcwkigOcY5DJ8vaIRlmVO8Sri6aH1WfcQO6iFZaVqPIv+6A4XQxwDOohc7mak/aUjOIVFW/KyEgTs6ziRGKz+o7Q4EooInam1ZRx6t9YSlLdKpjjSB7eJ5Crq7vkEu9aLV6Z71pYI3vmK/9qRWdU/XkC2QbAz3vpG4790W6wA63WVW7S/VDBpnz8os6CCCkCZjNldJk1b91cBndaWmWWORIXMuqfAupwFKCEgI7kC82LmB38WGaqeMBsLwJPjuB5UpgmL5Yd6iJTS3yw4oGvdsDzyOmXw"
]
}
]
}.
info: OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler[7]
OpenIddict.Validation.AspNetCore was not authenticated. Failure message: An error occurred while authenticating the current request.
info: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The response was successfully returned as a challenge response: {
"error": "invalid_token",
"error_description": "The specified token is invalid.",
"error_uri": "https://documentation.openiddict.com/errors/ID2004"
}.
info: OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler[12]
AuthenticationScheme: OpenIddict.Validation.AspNetCore was challenged.
Still no Trace here. Are you sure you don't have a filter in appsettings.json?
Trying to re-configure serilog now
Using Serilog
warn: Microsoft.AspNetCore.Server.Kestrel[0]
Overriding address(es) 'https://localhost:7224'. Binding to endpoints defined via IConfiguration and/or UseKestrel() instead.
info: Microsoft.Hosting.Lifetime[14]
Now listening on: https://127.0.0.1:7224
info: Microsoft.Hosting.Lifetime[0]
Application started. Press Ctrl+C to shut down.
info: Microsoft.Hosting.Lifetime[0]
Hosting environment: Development
info: Microsoft.Hosting.Lifetime[0]
Content root path: C:\Repository\Gt\bin\Debug\Gt.WebApi
30/08/24 14:30:57 530 INFO LicenseMiddleware Url: /
30/08/24 14:30:57 532 INFO LicenseMiddleware License Valid
31/08/24 14:31:52 530 INFO LicenseMiddleware Url: /api/v1/Gage/
31/08/24 14:31:52 536 INFO LicenseGateway.GetLicense enter
31/08/24 14:31:52 539 INFO LicenseGateway.GetLicense exit
31/08/24 14:31:52 540 INFO LicenseGateway.ReturnSaasLicense enter
31/08/24 14:31:52 541 INFO LicenseSettings - ReturnSaasLicense start
31/08/24 14:31:52 543 INFO LicenseSettings - ReturnSaasLicense LicenseStatus: PROD_UNDETERMINED
31/08/24 14:31:52 544 INFO LicenseSettings - ReturnSaasLicense LicenseType: Unknown
31/08/24 14:31:52 559 INFO LicenseSettings - ReturnSaasLicense end
31/08/24 14:31:52 560 INFO LicenseGateway.ReturnSaasLicense exit
31/08/24 14:31:52 561 INFO LicenseMiddleware License Valid
info: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler[100]
Start processing HTTP request GET https://localhost:7296/.well-known/openid-configuration
info: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler[100]
Sending HTTP request GET https://localhost:7296/.well-known/openid-configuration
info: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler[101]
Received HTTP response headers after 2202.0567ms - 200
info: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler[101]
End processing HTTP request after 2264.491ms - 200
info: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The configuration request was successfully sent to https://localhost:7296/.well-known/openid-configuration: {}.
info: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The configuration response returned by https://localhost:7296/.well-known/openid-configuration was successfully extracted: {
"issuer": "https://localhost:7296/",
"authorization_endpoint": "https://localhost:7296/connect/authorize",
"token_endpoint": "https://localhost:7296/connect/token",
"userinfo_endpoint": "https://localhost:7296/connect/userinfo",
"jwks_uri": "https://localhost:7296/.well-known/jwks",
"grant_types_supported": [
"authorization_code",
"password",
"refresh_token",
"client_credentials"
],
"response_types_supported": [
"code"
],
"response_modes_supported": [
"form_post",
"fragment",
"query"
],
"scopes_supported": [
"openid",
"offline_access"
],
"claims_supported": [
"aud",
"exp",
"iat",
"iss",
"sub"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"code_challenge_methods_supported": [
"plain",
"S256"
],
"subject_types_supported": [
"public"
],
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"private_key_jwt",
"client_secret_basic"
],
"claims_parameter_supported": false,
"request_parameter_supported": false,
"request_uri_parameter_supported": false,
"authorization_response_iss_parameter_supported": true
}.
info: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler[100]
Start processing HTTP request GET https://localhost:7296/.well-known/jwks
info: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler[100]
Sending HTTP request GET https://localhost:7296/.well-known/jwks
info: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler[101]
Received HTTP response headers after 13.1197ms - 200
info: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler[101]
End processing HTTP request after 19.337ms - 200
info: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The cryptography request was successfully sent to https://localhost:7296/.well-known/jwks: {}.
info: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The cryptography response returned by https://localhost:7296/.well-known/jwks was successfully extracted: {
"keys": [
{
"kid": "14BDA94995FFA358D7A168F1AE056B020ECC25A7",
"use": "sig",
"kty": "RSA",
"alg": "RS256",
"e": "AQAB",
"n": "rFluvJnu0st_oHIltN3X2MhulUHoBCiN4CpRKlN_QUPcNs6ECf1teP1lfte3wqt1SiaX_99_IQQeOL9rJdC-ubh9AIzfSbUCW3iHyABB-vEWVA7Tzx6eNd2RhGNeRW4fsyJ3Q2TK1-s3-HW-8xvt1XtbP6rK_F_P48rkSQ8lKsWn4ze9p63B8UadypWnhf59MvkUVMdStU-Ca6Uh2FebfeJEHEXEWrmejvGdSO73DoQsz5BpWKTRa0Krf3zC0iUl67sTp5o1LcaACV3BnvVzarmrHzZ3nsPhV6usERlcWv_qHevS6f7VwEvFDoonFiteDqBW68UfTi-nK7sSpVHztQ",
"x5t": "FL2pSZX_o1jXoWjxrgVrAg7MJac",
"x5c": [
"MIIC/zCCAeegAwIBAgIIT6v4tSn5PwIwDQYJKoZIhvcNAQELBQAwFzEVMBMGA1UEAxMMR0FHRXRyYWsgSURQMB4XDTIzMTIyMTIxMTM0OFoXDTI1MTIyMTIxMTM0OFowFzEVMBMGA1UEAxMMR0FHRXRyYWsgSURQMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFluvJnu0st/oHIltN3X2MhulUHoBCiN4CpRKlN/QUPcNs6ECf1teP1lfte3wqt1SiaX/99/IQQeOL9rJdC+ubh9AIzfSbUCW3iHyABB+vEWVA7Tzx6eNd2RhGNeRW4fsyJ3Q2TK1+s3+HW+8xvt1XtbP6rK/F/P48rkSQ8lKsWn4ze9p63B8UadypWnhf59MvkUVMdStU+Ca6Uh2FebfeJEHEXEWrmejvGdSO73DoQsz5BpWKTRa0Krf3zC0iUl67sTp5o1LcaACV3BnvVzarmrHzZ3nsPhV6usERlcWv/qHevS6f7VwEvFDoonFiteDqBW68UfTi+nK7sSpVHztQIDAQABo08wTTA7BgNVHREENDAyhwR/AAABhxAAAAAAAAAAAAAAAAAAAAABgglsb2NhbGhvc3SCDURHWEhVQkJBUkRPTEQwDgYDVR0PAQH/BAQDAgSwMA0GCSqGSIb3DQEBCwUAA4IBAQA7e6tX8VGkvTUtRBRFQ0D0KbjNJV8hbui9Grpq7mH+ABjRy9qJTmH4tCwWcwkigOcY5DJ8vaIRlmVO8Sri6aH1WfcQO6iFZaVqPIv+6A4XQxwDOohc7mak/aUjOIVFW/KyEgTs6ziRGKz+o7Q4EooInam1ZRx6t9YSlLdKpjjSB7eJ5Crq7vkEu9aLV6Z71pYI3vmK/9qRWdU/XkC2QbAz3vpG4790W6wA63WVW7S/VDBpnz8os6CCCkCZjNldJk1b91cBndaWmWWORIXMuqfAupwFKCEgI7kC82LmB38WGaqeMBsLwJPjuB5UpgmL5Yd6iJTS3yw4oGvdsDzyOmXw"
]
}
]
}.
info: OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler[7]
OpenIddict.Validation.AspNetCore was not authenticated. Failure message: An error occurred while authenticating the current request.
info: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The response was successfully returned as a challenge response: {
"error": "invalid_token",
"error_description": "The specified token is invalid.",
"error_uri": "https://documentation.openiddict.com/errors/ID2004"
}.
info: OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler[12]
AuthenticationScheme: OpenIddict.Validation.AspNetCore was challenged.
Still no luck. Share your appsettings.json please.
Changed it
{
"Logging": {
"LogLevel": {
"Default": "Trace",
"Microsoft.AspNetCore": "Trace"
}
},
"AllowedHosts": "*"
}
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessRequestContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ResolveRequestUri.
dbug: Microsoft.AspNetCore.Authentication.Certificate.CertificateAuthenticationHandler[0]
No client certificate found.
dbug: Microsoft.AspNetCore.Authentication.Certificate.CertificateAuthenticationHandler[9]
AuthenticationScheme: Certificate was not authenticated.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ValidateHostHeader.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+EvaluateValidatedTokens.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromAuthorizationHeader.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromBodyForm.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromQueryString.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+ValidateRequiredTokens.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+CreateHttpClient`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+PrepareGetHttpRequest`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+AttachHttpVersion`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+AttachJsonAcceptHeaders`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+AttachUserAgentHeader`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+AttachFromHeader`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+AttachHttpParameters`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
info: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler[100]
Start processing HTTP request GET https://localhost:7296/.well-known/openid-configuration
trce: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler[102]
Request Headers:
Accept: application/json
Accept-Charset: utf-8
User-Agent: OpenIddict.Validation.SystemNetHttp/5.0.1.0
info: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler[100]
Sending HTTP request GET https://localhost:7296/.well-known/openid-configuration
trce: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler[102]
Request Headers:
Accept: application/json
Accept-Charset: utf-8
User-Agent: OpenIddict.Validation.SystemNetHttp/5.0.1.0
info: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler[101]
Received HTTP response headers after 2101.6439ms - 200
trce: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler[103]
Response Headers:
Date: Mon, 08 Jan 2024 21:45:27 GMT
Server: Kestrel
Content-Length: 1231
Content-Type: application/json; charset=UTF-8
info: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler[101]
End processing HTTP request after 2138.4178ms - 200
trce: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler[103]
Response Headers:
Date: Mon, 08 Jan 2024 21:45:27 GMT
Server: Kestrel
Content-Length: 1231
Content-Type: application/json; charset=UTF-8
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ApplyConfigurationRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+SendHttpRequest`1[[OpenIddict.Validation.OpenIddictValidationEvents+ApplyConfigurationRequestContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ApplyConfigurationRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+DisposeHttpRequest`1[[OpenIddict.Validation.OpenIddictValidationEvents+ApplyConfigurationRequestContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
info: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The configuration request was successfully sent to https://localhost:7296/.well-known/openid-configuration: {}.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ExtractConfigurationResponseContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+DecompressResponseContent`1[[OpenIddict.Validation.OpenIddictValidationEvents+ExtractConfigurationResponseContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ExtractConfigurationResponseContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+ExtractJsonHttpResponse`1[[OpenIddict.Validation.OpenIddictValidationEvents+ExtractConfigurationResponseContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ExtractConfigurationResponseContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+ExtractWwwAuthenticateHeader`1[[OpenIddict.Validation.OpenIddictValidationEvents+ExtractConfigurationResponseContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ExtractConfigurationResponseContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+ValidateHttpResponse`1[[OpenIddict.Validation.OpenIddictValidationEvents+ExtractConfigurationResponseContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ExtractConfigurationResponseContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+DisposeHttpResponse`1[[OpenIddict.Validation.OpenIddictValidationEvents+ExtractConfigurationResponseContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
info: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The configuration response returned by https://localhost:7296/.well-known/openid-configuration was successfully extracted: {
"issuer": "https://localhost:7296/",
"authorization_endpoint": "https://localhost:7296/connect/authorize",
"token_endpoint": "https://localhost:7296/connect/token",
"userinfo_endpoint": "https://localhost:7296/connect/userinfo",
"jwks_uri": "https://localhost:7296/.well-known/jwks",
"grant_types_supported": [
"authorization_code",
"password",
"refresh_token",
"client_credentials"
],
"response_types_supported": [
"code"
],
"response_modes_supported": [
"form_post",
"fragment",
"query"
],
"scopes_supported": [
"openid",
"offline_access"
],
"claims_supported": [
"aud",
"exp",
"iat",
"iss",
"sub"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"code_challenge_methods_supported": [
"plain",
"S256"
],
"subject_types_supported": [
"public"
],
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"private_key_jwt",
"client_secret_basic"
],
"claims_parameter_supported": false,
"request_parameter_supported": false,
"request_uri_parameter_supported": false,
"authorization_response_iss_parameter_supported": true
}.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+HandleConfigurationResponseContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Discovery+ValidateWellKnownConfigurationParameters.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+HandleConfigurationResponseContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Discovery+HandleConfigurationErrorResponse.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+HandleConfigurationResponseContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Discovery+ValidateIssuer.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+HandleConfigurationResponseContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Discovery+ExtractCryptographyEndpoint.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+HandleConfigurationResponseContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Discovery+ExtractIntrospectionEndpoint.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+HandleConfigurationResponseContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Discovery+ExtractIntrospectionEndpointClientAuthenticationMethods.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+CreateHttpClient`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+PrepareGetHttpRequest`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+AttachHttpVersion`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+AttachJsonAcceptHeaders`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+AttachUserAgentHeader`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+AttachFromHeader`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+AttachHttpParameters`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
info: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler[100]
Start processing HTTP request GET https://localhost:7296/.well-known/jwks
trce: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler[102]
Request Headers:
Accept: application/json
Accept-Charset: utf-8
User-Agent: OpenIddict.Validation.SystemNetHttp/5.0.1.0
info: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler[100]
Sending HTTP request GET https://localhost:7296/.well-known/jwks
trce: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler[102]
Request Headers:
Accept: application/json
Accept-Charset: utf-8
User-Agent: OpenIddict.Validation.SystemNetHttp/5.0.1.0
info: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler[101]
Received HTTP response headers after 18.5023ms - 200
trce: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler[103]
Response Headers:
Date: Mon, 08 Jan 2024 21:45:27 GMT
Server: Kestrel
Content-Length: 1647
Content-Type: application/json; charset=UTF-8
info: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler[101]
End processing HTTP request after 34.8391ms - 200
trce: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler[103]
Response Headers:
Date: Mon, 08 Jan 2024 21:45:27 GMT
Server: Kestrel
Content-Length: 1647
Content-Type: application/json; charset=UTF-8
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ApplyCryptographyRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+SendHttpRequest`1[[OpenIddict.Validation.OpenIddictValidationEvents+ApplyCryptographyRequestContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ApplyCryptographyRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+DisposeHttpRequest`1[[OpenIddict.Validation.OpenIddictValidationEvents+ApplyCryptographyRequestContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
info: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The cryptography request was successfully sent to https://localhost:7296/.well-known/jwks: {}.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ExtractCryptographyResponseContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+DecompressResponseContent`1[[OpenIddict.Validation.OpenIddictValidationEvents+ExtractCryptographyResponseContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ExtractCryptographyResponseContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+ExtractJsonHttpResponse`1[[OpenIddict.Validation.OpenIddictValidationEvents+ExtractCryptographyResponseContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ExtractCryptographyResponseContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+ExtractWwwAuthenticateHeader`1[[OpenIddict.Validation.OpenIddictValidationEvents+ExtractCryptographyResponseContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ExtractCryptographyResponseContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+ValidateHttpResponse`1[[OpenIddict.Validation.OpenIddictValidationEvents+ExtractCryptographyResponseContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ExtractCryptographyResponseContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+DisposeHttpResponse`1[[OpenIddict.Validation.OpenIddictValidationEvents+ExtractCryptographyResponseContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
info: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The cryptography response returned by https://localhost:7296/.well-known/jwks was successfully extracted: {
"keys": [
{
"kid": "14BDA94995FFA358D7A168F1AE056B020ECC25A7",
"use": "sig",
"kty": "RSA",
"alg": "RS256",
"e": "AQAB",
"n": "rFluvJnu0st_oHIltN3X2MhulUHoBCiN4CpRKlN_QUPcNs6ECf1teP1lfte3wqt1SiaX_99_IQQeOL9rJdC-ubh9AIzfSbUCW3iHyABB-vEWVA7Tzx6eNd2RhGNeRW4fsyJ3Q2TK1-s3-HW-8xvt1XtbP6rK_F_P48rkSQ8lKsWn4ze9p63B8UadypWnhf59MvkUVMdStU-Ca6Uh2FebfeJEHEXEWrmejvGdSO73DoQsz5BpWKTRa0Krf3zC0iUl67sTp5o1LcaACV3BnvVzarmrHzZ3nsPhV6usERlcWv_qHevS6f7VwEvFDoonFiteDqBW68UfTi-nK7sSpVHztQ",
"x5t": "FL2pSZX_o1jXoWjxrgVrAg7MJac",
"x5c": [
"MIIC/zCCAeegAwIBAgIIT6v4tSn5PwIwDQYJKoZIhvcNAQELBQAwFzEVMBMGA1UEAxMMR0FHRXRyYWsgSURQMB4XDTIzMTIyMTIxMTM0OFoXDTI1MTIyMTIxMTM0OFowFzEVMBMGA1UEAxMMR0FHRXRyYWsgSURQMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFluvJnu0st/oHIltN3X2MhulUHoBCiN4CpRKlN/QUPcNs6ECf1teP1lfte3wqt1SiaX/99/IQQeOL9rJdC+ubh9AIzfSbUCW3iHyABB+vEWVA7Tzx6eNd2RhGNeRW4fsyJ3Q2TK1+s3+HW+8xvt1XtbP6rK/F/P48rkSQ8lKsWn4ze9p63B8UadypWnhf59MvkUVMdStU+Ca6Uh2FebfeJEHEXEWrmejvGdSO73DoQsz5BpWKTRa0Krf3zC0iUl67sTp5o1LcaACV3BnvVzarmrHzZ3nsPhV6usERlcWv/qHevS6f7VwEvFDoonFiteDqBW68UfTi+nK7sSpVHztQIDAQABo08wTTA7BgNVHREENDAyhwR/AAABhxAAAAAAAAAAAAAAAAAAAAABgglsb2NhbGhvc3SCDURHWEhVQkJBUkRPTEQwDgYDVR0PAQH/BAQDAgSwMA0GCSqGSIb3DQEBCwUAA4IBAQA7e6tX8VGkvTUtRBRFQ0D0KbjNJV8hbui9Grpq7mH+ABjRy9qJTmH4tCwWcwkigOcY5DJ8vaIRlmVO8Sri6aH1WfcQO6iFZaVqPIv+6A4XQxwDOohc7mak/aUjOIVFW/KyEgTs6ziRGKz+o7Q4EooInam1ZRx6t9YSlLdKpjjSB7eJ5Crq7vkEu9aLV6Z71pYI3vmK/9qRWdU/XkC2QbAz3vpG4790W6wA63WVW7S/VDBpnz8os6CCCkCZjNldJk1b91cBndaWmWWORIXMuqfAupwFKCEgI7kC82LmB38WGaqeMBsLwJPjuB5UpgmL5Yd6iJTS3yw4oGvdsDzyOmXw"
]
}
]
}.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+HandleCryptographyResponseContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Discovery+ValidateWellKnownCryptographyParameters.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+HandleCryptographyResponseContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Discovery+HandleCryptographyErrorResponse.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+HandleCryptographyResponseContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Discovery+ExtractSigningKeys.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+ResolveServerConfiguration.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+ResolveIntrospectionEndpoint.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+EvaluateIntrospectionRequest.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ValidateTokenContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Protection+ResolveTokenValidationParameters.
trce: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
An error occurred while validating the token 'eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZDQkMtSFM1MTIiLCJraWQiOiIxNEJEQTk0OTk1RkZBMzU4RDdBMTY4RjFBRTA1NkIwMjBFQ0MyNUE3IiwidHlwIjoiYXQrand0IiwiY3R5IjoiSldUIn0.hioin7kjRWr0ct50_ca_gDpq5ySifj17RUib9sDy_H4jWI3i56-RhAxN8atDHqAPpbeU9WtGFrlQ_EMcv3t0U5Z6Vcy3M0QuGBayFWFt8ZGyTqZ9kaK7L2OEaQ2mcJQehDNB0w2FOG29ETUB0VeymgJRw9bXfaBjmrn8b_UTilxRCJ2oyu6zVV4mgp5Xz7Jek39Jh8U3vaL8ZZBHsBknFWEGgf-n6rjWrgrs-jHnhMUc-iGjvawpxbCh_hmLF-afMP8ebTbhHWq3sys1gnKmj1wpL0Z3QNLayKtV6lOOFMjeXDKNNKX_xv3UAHV-1h36PqeVJCTfg5fsplBaOxOJDg.cKDigrLXstXLmAtsLc693Q.WaPgv7dIq7MButqHrzQcRN6xqHlaAP9gX4L-kV5qPHrR-MeN7jNxx4JxpGLPPWCxFgTpTCu3YVoTpiento4DHZO5qT1nTfvFVZ9u7Vq05YBHzH9zBb8EZzkLpciXZxi2skxBRgECqwmwD-JZnKns1hEQVhZrDp-fzSdIKGTjaap_rVV7Xy6UiK0MGJJUe0cTQhwTuPtuYwAsNYNC6UclRNFBFuh2AXpmWl3EijmPtXEfMhPublEUR1J0u_tAhh-f9xAQ696Xeu2SASCIMTI5qLCGAXXsY_ZS1NwBbz8KrGtLBru7YaiTluMJ6GY_gsKxWfNk2mxtdhJE82HQXlhsgZ3xNI9Vn7tb2cp2i5bQMIh5JtkD9EmgrXjLVRkDsLbz2GV0zrE4_8TkiCN521ZrzrIjlVV-jMM9tDnRMHjNj4uAZfRXXfDBNsohKi5hqdoNqqyq4Gr72Z0PY5e2QqSjhQzh2M7vpn3bw_a1S1XIF0PfTGhhtV_n9TSWjwvvR3cO5r16qfU2lEU9bQQoB2Eq_V3TyHE0otk7LzEoq1bOCb0edd4tQDr929PMPLz1XPHyCFOqftx5LAx4KmoaQaVVsPiQzL8Wl-5Wc52bPeyfQW8ShRDws7-RnfiVVD5MlJcuDzZ-8nGKfRs7afBc_jUQTLt11zItpgXaWgpEWN1ejWMXRgj3bajHbY1qoPkuxmAgUxfIeCYcb7dtPGLYDdG44UIPTN6nmoeC1IEDV3Pf91nmWlC6euEKyzhLxhVY1a-kbu77RHTbNM0kEb01zyvMjBKnm1fcJ5rlztSMDNDSUQWbU6-UCdBSIZD1Tv52ZERJi0oaIGkuD4UVEJuRMU6bgtwL9b0WL8liUPdsOBLUJD94cC2zj83Y9YxC6hZ6CAAejIC64ThJ9iXJILBYtJHTDUFQAzCDpe4cWm4jURkS8brbci7Tr0D7r_dmKtNC53JIASvXZYaUR0Rz-wM6lb3Hq04fLax2vr1o6EGNcitkTjEVvNL0N3PLnIasNfStU0AaCt3pcBl04nQeBQHMAJsbmFGN4pf93ACLTOqXFtyDsDwurismTxQbj701yPhgmNpVtwuVhaB2TL6GqUwjsXHxTw.r1TdZco6B8weKLuk-IvH-4EE4yZsLQWC-QYvXS2gpD4'.
Microsoft.IdentityModel.Tokens.SecurityTokenKeyWrapException: IDX10618: Key unwrap failed using decryption Keys: '[PII of type 'System.Text.StringBuilder' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
Exceptions caught:
'[PII of type 'System.Text.StringBuilder' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
token: '[PII of type 'Microsoft.IdentityModel.JsonWebTokens.JsonWebToken' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.GetContentEncryptionKeys(JsonWebToken jwtToken, TokenValidationParameters validationParameters, BaseConfiguration configuration)
at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.DecryptToken(JsonWebToken jwtToken, TokenValidationParameters validationParameters, BaseConfiguration configuration)
at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateJWEAsync(JsonWebToken jwtToken, TokenValidationParameters validationParameters, BaseConfiguration configuration)
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ValidateTokenContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Protection+ValidateIdentityModelToken.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ValidateTokenContext was marked as rejected by OpenIddict.Validation.OpenIddictValidationHandlers+Protection+ValidateIdentityModelToken.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+ValidateAccessToken.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was marked as rejected by OpenIddict.Validation.OpenIddictValidationHandlers+ValidateAccessToken.
info: OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler[7]
OpenIddict.Validation.AspNetCore was not authenticated. Failure message: An error occurred while authenticating the current request.
info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
Authorization failed. These requirements were not met:
DenyAnonymousAuthorizationRequirement: Requires an authenticated user.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ResolveHostChallengeProperties.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+AttachHostChallengeError.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+AttachDefaultChallengeError.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+AttachCustomChallengeParameters.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+AttachHttpResponseCode`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+AttachCacheControlHeader`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+AttachWwwAuthenticateHeader`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
info: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The response was successfully returned as a challenge response: {
"error": "invalid_token",
"error_description": "The specified token is invalid.",
"error_uri": "https://documentation.openiddict.com/errors/ID2004"
}.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ProcessChallengeErrorResponse`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was marked as handled by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ProcessChallengeErrorResponse`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
info: OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler[12]
AuthenticationScheme: OpenIddict.Validation.AspNetCore was challenged.
dbug: Microsoft.AspNetCore.Server.Kestrel.Connections[9]
Connection id "0HN0GIBK9BQ0M" completed keep alive response.
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished HTTP/1.1 GET https://localhost:7224/api/v1/Gage/ - - - 401 0 - 3152.8064ms
dbug: Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets[6]
Connection id "0HN0GIBK9BPP6" received FIN.
dbug: Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets[7]
Connection id "0HN0GIBK9BPP6" sending FIN because: "The Socket transport's send loop completed gracefully."
dbug: Microsoft.AspNetCore.Server.Kestrel.Connections[10]
Connection id "0HN0GIBK9BPP6" disconnecting.
dbug: Microsoft.AspNetCore.Server.Kestrel.Connections[2]
Connection id "0HN0GIBK9BPP6" stopped.
45/08/24 14:45:53 094 INFO LicenseGateway.SetLicenseSessionId enter
4
The root cause is here:
trce: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
An error occurred while validating the token 'eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZDQkMtSFM1MTIiLCJraWQiOiIxNEJEQTk0OTk1RkZBMzU4RDdBMTY4RjFBRTA1NkIwMjBFQ0MyNUE3IiwidHlwIjoiYXQrand0IiwiY3R5IjoiSldUIn0.hioin7kjRWr0ct50_ca_gDpq5ySifj17RUib9sDy_H4jWI3i56-RhAxN8atDHqAPpbeU9WtGFrlQ_EMcv3t0U5Z6Vcy3M0QuGBayFWFt8ZGyTqZ9kaK7L2OEaQ2mcJQehDNB0w2FOG29ETUB0VeymgJRw9bXfaBjmrn8b_UTilxRCJ2oyu6zVV4mgp5Xz7Jek39Jh8U3vaL8ZZBHsBknFWEGgf-n6rjWrgrs-jHnhMUc-iGjvawpxbCh_hmLF-afMP8ebTbhHWq3sys1gnKmj1wpL0Z3QNLayKtV6lOOFMjeXDKNNKX_xv3UAHV-1h36PqeVJCTfg5fsplBaOxOJDg.cKDigrLXstXLmAtsLc693Q.WaPgv7dIq7MButqHrzQcRN6xqHlaAP9gX4L-kV5qPHrR-MeN7jNxx4JxpGLPPWCxFgTpTCu3YVoTpiento4DHZO5qT1nTfvFVZ9u7Vq05YBHzH9zBb8EZzkLpciXZxi2skxBRgECqwmwD-JZnKns1hEQVhZrDp-fzSdIKGTjaap_rVV7Xy6UiK0MGJJUe0cTQhwTuPtuYwAsNYNC6UclRNFBFuh2AXpmWl3EijmPtXEfMhPublEUR1J0u_tAhh-f9xAQ696Xeu2SASCIMTI5qLCGAXXsY_ZS1NwBbz8KrGtLBru7YaiTluMJ6GY_gsKxWfNk2mxtdhJE82HQXlhsgZ3xNI9Vn7tb2cp2i5bQMIh5JtkD9EmgrXjLVRkDsLbz2GV0zrE4_8TkiCN521ZrzrIjlVV-jMM9tDnRMHjNj4uAZfRXXfDBNsohKi5hqdoNqqyq4Gr72Z0PY5e2QqSjhQzh2M7vpn3bw_a1S1XIF0PfTGhhtV_n9TSWjwvvR3cO5r16qfU2lEU9bQQoB2Eq_V3TyHE0otk7LzEoq1bOCb0edd4tQDr929PMPLz1XPHyCFOqftx5LAx4KmoaQaVVsPiQzL8Wl-5Wc52bPeyfQW8ShRDws7-RnfiVVD5MlJcuDzZ-8nGKfRs7afBc_jUQTLt11zItpgXaWgpEWN1ejWMXRgj3bajHbY1qoPkuxmAgUxfIeCYcb7dtPGLYDdG44UIPTN6nmoeC1IEDV3Pf91nmWlC6euEKyzhLxhVY1a-kbu77RHTbNM0kEb01zyvMjBKnm1fcJ5rlztSMDNDSUQWbU6-UCdBSIZD1Tv52ZERJi0oaIGkuD4UVEJuRMU6bgtwL9b0WL8liUPdsOBLUJD94cC2zj83Y9YxC6hZ6CAAejIC64ThJ9iXJILBYtJHTDUFQAzCDpe4cWm4jURkS8brbci7Tr0D7r_dmKtNC53JIASvXZYaUR0Rz-wM6lb3Hq04fLax2vr1o6EGNcitkTjEVvNL0N3PLnIasNfStU0AaCt3pcBl04nQeBQHMAJsbmFGN4pf93ACLTOqXFtyDsDwurismTxQbj701yPhgmNpVtwuVhaB2TL6GqUwjsXHxTw.r1TdZco6B8weKLuk-IvH-4EE4yZsLQWC-QYvXS2gpD4'.
Microsoft.IdentityModel.Tokens.SecurityTokenKeyWrapException: IDX10618: Key unwrap failed using decryption Keys: '[PII of type 'System.Text.StringBuilder' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
Exceptions caught:
'[PII of type 'System.Text.StringBuilder' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
token: '[PII of type 'Microsoft.IdentityModel.JsonWebTokens.JsonWebToken' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.GetContentEncryptionKeys(JsonWebToken jwtToken, TokenValidationParameters validationParameters, BaseConfiguration configuration)
at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.DecryptToken(JsonWebToken jwtToken, TokenValidationParameters validationParameters, BaseConfiguration configuration)
at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateJWEAsync(JsonWebToken jwtToken, TokenValidationParameters validationParameters, BaseConfiguration configuration)
For some reason, the JWT handler cannot decrypt the received token. Are you sure the encryption certificate added in the validation options is the same as the encryption certificate used in the authorization server app? (by looking at the code, I'd say it's okay, but we never know). You mentioned a certificates store: is it on Windows? Did you grant the app access to the private key of the certificate?
It looks like it both web api and idp project have file links to the same thing. Will do more checking
================ Certificate 0 ================
================ Begin Nesting Level 1 ================
Element 0:
Serial Number: 4fabf8b529f93f02
Issuer: CN=XXXXX
NotBefore: 12/21/2023 2:13 PM
NotAfter: 12/21/2025 2:13 PM
Subject: CN=XXXXX
Signature matches Public Key
Root Certificate: Subject matches Issuer
Cert Hash(sha1): 14bda94995ffa358d7a168f1ae056b020ecc25a7
---------------- End Nesting Level 1 ----------------
Provider = Microsoft Software Key Storage Provider
Private key is NOT plain text exportable
Encryption test passed
CertUtil: -dump command completed successfully.
Element 0:
Serial Number: 4fabf8b529f93f02
Issuer: CN=XXXXX
NotBefore: 12/21/2023 2:13 PM
NotAfter: 12/21/2025 2:13 PM
Subject: CN=XXXXX
Signature matches Public Key
Root Certificate: Subject matches Issuer
Cert Hash(sha1): 14bda94995ffa358d7a168f1ae056b020ecc25a7
---------------- End Nesting Level 1 ----------------
Provider = Microsoft Software Key Storage Provider
Private key is NOT plain text exportable
Encryption test passed
CertUtil: -dump command completed successfully.
The client app uses a different cert
The client app uses a different cert
That's fine (and even recommended).
Can you set IdentityModelEventSource.ShowPII = true as indicated by https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/wiki/PII?
I am not using asp.net identity. With client, idp and web api using same encryption I get the following:
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessRequestContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ResolveRequestUri.
dbug: Microsoft.AspNetCore.Authentication.Certificate.CertificateAuthenticationHandler[0]
No client certificate found.
dbug: Microsoft.AspNetCore.Authentication.Certificate.CertificateAuthenticationHandler[9]
AuthenticationScheme: Certificate was not authenticated.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ValidateHostHeader.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+EvaluateValidatedTokens.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromAuthorizationHeader.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromBodyForm.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromQueryString.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+ValidateRequiredTokens.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+CreateHttpClient`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+PrepareGetHttpRequest`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+AttachHttpVersion`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+AttachJsonAcceptHeaders`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+AttachUserAgentHeader`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+AttachFromHeader`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+AttachHttpParameters`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareConfigurationRequestContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
info: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler[100]
Start processing HTTP request GET https://localhost:7296/.well-known/openid-configuration
trce: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler[102]
Request Headers:
Accept: application/json
Accept-Charset: utf-8
User-Agent: OpenIddict.Validation.SystemNetHttp/5.0.1.0
info: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler[100]
Sending HTTP request GET https://localhost:7296/.well-known/openid-configuration
trce: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler[102]
Request Headers:
Accept: application/json
Accept-Charset: utf-8
User-Agent: OpenIddict.Validation.SystemNetHttp/5.0.1.0
info: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler[101]
Received HTTP response headers after 2181.609ms - 200
trce: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler[103]
Response Headers:
Date: Mon, 08 Jan 2024 23:01:27 GMT
Server: Kestrel
Content-Length: 1231
Content-Type: application/json; charset=UTF-8
info: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler[101]
End processing HTTP request after 2231.8606ms - 200
trce: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler[103]
Response Headers:
Date: Mon, 08 Jan 2024 23:01:27 GMT
Server: Kestrel
Content-Length: 1231
Content-Type: application/json; charset=UTF-8
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ApplyConfigurationRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+SendHttpRequest`1[[OpenIddict.Validation.OpenIddictValidationEvents+ApplyConfigurationRequestContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ApplyConfigurationRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+DisposeHttpRequest`1[[OpenIddict.Validation.OpenIddictValidationEvents+ApplyConfigurationRequestContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
info: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The configuration request was successfully sent to https://localhost:7296/.well-known/openid-configuration: {}.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ExtractConfigurationResponseContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+DecompressResponseContent`1[[OpenIddict.Validation.OpenIddictValidationEvents+ExtractConfigurationResponseContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ExtractConfigurationResponseContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+ExtractJsonHttpResponse`1[[OpenIddict.Validation.OpenIddictValidationEvents+ExtractConfigurationResponseContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ExtractConfigurationResponseContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+ExtractWwwAuthenticateHeader`1[[OpenIddict.Validation.OpenIddictValidationEvents+ExtractConfigurationResponseContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ExtractConfigurationResponseContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+ValidateHttpResponse`1[[OpenIddict.Validation.OpenIddictValidationEvents+ExtractConfigurationResponseContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ExtractConfigurationResponseContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+DisposeHttpResponse`1[[OpenIddict.Validation.OpenIddictValidationEvents+ExtractConfigurationResponseContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
info: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The configuration response returned by https://localhost:7296/.well-known/openid-configuration was successfully extracted: {
"issuer": "https://localhost:7296/",
"authorization_endpoint": "https://localhost:7296/connect/authorize",
"token_endpoint": "https://localhost:7296/connect/token",
"userinfo_endpoint": "https://localhost:7296/connect/userinfo",
"jwks_uri": "https://localhost:7296/.well-known/jwks",
"grant_types_supported": [
"authorization_code",
"password",
"refresh_token",
"client_credentials"
],
"response_types_supported": [
"code"
],
"response_modes_supported": [
"form_post",
"fragment",
"query"
],
"scopes_supported": [
"openid",
"offline_access"
],
"claims_supported": [
"aud",
"exp",
"iat",
"iss",
"sub"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"code_challenge_methods_supported": [
"plain",
"S256"
],
"subject_types_supported": [
"public"
],
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"private_key_jwt",
"client_secret_basic"
],
"claims_parameter_supported": false,
"request_parameter_supported": false,
"request_uri_parameter_supported": false,
"authorization_response_iss_parameter_supported": true
}.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+HandleConfigurationResponseContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Discovery+ValidateWellKnownConfigurationParameters.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+HandleConfigurationResponseContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Discovery+HandleConfigurationErrorResponse.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+HandleConfigurationResponseContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Discovery+ValidateIssuer.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+HandleConfigurationResponseContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Discovery+ExtractCryptographyEndpoint.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+HandleConfigurationResponseContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Discovery+ExtractIntrospectionEndpoint.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+HandleConfigurationResponseContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Discovery+ExtractIntrospectionEndpointClientAuthenticationMethods.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+CreateHttpClient`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+PrepareGetHttpRequest`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+AttachHttpVersion`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+AttachJsonAcceptHeaders`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+AttachUserAgentHeader`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+AttachFromHeader`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+AttachHttpParameters`1[[OpenIddict.Validation.OpenIddictValidationEvents+PrepareCryptographyRequestContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
info: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler[100]
Start processing HTTP request GET https://localhost:7296/.well-known/jwks
trce: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler[102]
Request Headers:
Accept: application/json
Accept-Charset: utf-8
User-Agent: OpenIddict.Validation.SystemNetHttp/5.0.1.0
info: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler[100]
Sending HTTP request GET https://localhost:7296/.well-known/jwks
trce: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler[102]
Request Headers:
Accept: application/json
Accept-Charset: utf-8
User-Agent: OpenIddict.Validation.SystemNetHttp/5.0.1.0
info: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler[101]
Received HTTP response headers after 11.4566ms - 200
trce: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.ClientHandler[103]
Response Headers:
Date: Mon, 08 Jan 2024 23:01:27 GMT
Server: Kestrel
Content-Length: 1647
Content-Type: application/json; charset=UTF-8
info: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler[101]
End processing HTTP request after 25.7504ms - 200
trce: System.Net.Http.HttpClient.OpenIddict.Validation.SystemNetHttp.LogicalHandler[103]
Response Headers:
Date: Mon, 08 Jan 2024 23:01:27 GMT
Server: Kestrel
Content-Length: 1647
Content-Type: application/json; charset=UTF-8
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ApplyCryptographyRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+SendHttpRequest`1[[OpenIddict.Validation.OpenIddictValidationEvents+ApplyCryptographyRequestContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ApplyCryptographyRequestContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+DisposeHttpRequest`1[[OpenIddict.Validation.OpenIddictValidationEvents+ApplyCryptographyRequestContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
info: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The cryptography request was successfully sent to https://localhost:7296/.well-known/jwks: {}.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ExtractCryptographyResponseContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+DecompressResponseContent`1[[OpenIddict.Validation.OpenIddictValidationEvents+ExtractCryptographyResponseContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ExtractCryptographyResponseContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+ExtractJsonHttpResponse`1[[OpenIddict.Validation.OpenIddictValidationEvents+ExtractCryptographyResponseContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ExtractCryptographyResponseContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+ExtractWwwAuthenticateHeader`1[[OpenIddict.Validation.OpenIddictValidationEvents+ExtractCryptographyResponseContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ExtractCryptographyResponseContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+ValidateHttpResponse`1[[OpenIddict.Validation.OpenIddictValidationEvents+ExtractCryptographyResponseContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ExtractCryptographyResponseContext was successfully processed by OpenIddict.Validation.SystemNetHttp.OpenIddictValidationSystemNetHttpHandlers+DisposeHttpResponse`1[[OpenIddict.Validation.OpenIddictValidationEvents+ExtractCryptographyResponseContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
info: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The cryptography response returned by https://localhost:7296/.well-known/jwks was successfully extracted: {
"keys": [
{
"kid": "14BDA94995FFA358D7A168F1AE056B020ECC25A7",
"use": "sig",
"kty": "RSA",
"alg": "RS256",
"e": "AQAB",
"n": "rFluvJnu0st_oHIltN3X2MhulUHoBCiN4CpRKlN_QUPcNs6ECf1teP1lfte3wqt1SiaX_99_IQQeOL9rJdC-ubh9AIzfSbUCW3iHyABB-vEWVA7Tzx6eNd2RhGNeRW4fsyJ3Q2TK1-s3-HW-8xvt1XtbP6rK_F_P48rkSQ8lKsWn4ze9p63B8UadypWnhf59MvkUVMdStU-Ca6Uh2FebfeJEHEXEWrmejvGdSO73DoQsz5BpWKTRa0Krf3zC0iUl67sTp5o1LcaACV3BnvVzarmrHzZ3nsPhV6usERlcWv_qHevS6f7VwEvFDoonFiteDqBW68UfTi-nK7sSpVHztQ",
"x5t": "FL2pSZX_o1jXoWjxrgVrAg7MJac",
"x5c": [
"MIIC/zCCAeegAwIBAgIIT6v4tSn5PwIwDQYJKoZIhvcNAQELBQAwFzEVMBMGA1UEAxMMR0FHRXRyYWsgSURQMB4XDTIzMTIyMTIxMTM0OFoXDTI1MTIyMTIxMTM0OFowFzEVMBMGA1UEAxMMR0FHRXRyYWsgSURQMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFluvJnu0st/oHIltN3X2MhulUHoBCiN4CpRKlN/QUPcNs6ECf1teP1lfte3wqt1SiaX/99/IQQeOL9rJdC+ubh9AIzfSbUCW3iHyABB+vEWVA7Tzx6eNd2RhGNeRW4fsyJ3Q2TK1+s3+HW+8xvt1XtbP6rK/F/P48rkSQ8lKsWn4ze9p63B8UadypWnhf59MvkUVMdStU+Ca6Uh2FebfeJEHEXEWrmejvGdSO73DoQsz5BpWKTRa0Krf3zC0iUl67sTp5o1LcaACV3BnvVzarmrHzZ3nsPhV6usERlcWv/qHevS6f7VwEvFDoonFiteDqBW68UfTi+nK7sSpVHztQIDAQABo08wTTA7BgNVHREENDAyhwR/AAABhxAAAAAAAAAAAAAAAAAAAAABgglsb2NhbGhvc3SCDURHWEhVQkJBUkRPTEQwDgYDVR0PAQH/BAQDAgSwMA0GCSqGSIb3DQEBCwUAA4IBAQA7e6tX8VGkvTUtRBRFQ0D0KbjNJV8hbui9Grpq7mH+ABjRy9qJTmH4tCwWcwkigOcY5DJ8vaIRlmVO8Sri6aH1WfcQO6iFZaVqPIv+6A4XQxwDOohc7mak/aUjOIVFW/KyEgTs6ziRGKz+o7Q4EooInam1ZRx6t9YSlLdKpjjSB7eJ5Crq7vkEu9aLV6Z71pYI3vmK/9qRWdU/XkC2QbAz3vpG4790W6wA63WVW7S/VDBpnz8os6CCCkCZjNldJk1b91cBndaWmWWORIXMuqfAupwFKCEgI7kC82LmB38WGaqeMBsLwJPjuB5UpgmL5Yd6iJTS3yw4oGvdsDzyOmXw"
]
}
]
}.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+HandleCryptographyResponseContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Discovery+ValidateWellKnownCryptographyParameters.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+HandleCryptographyResponseContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Discovery+HandleCryptographyErrorResponse.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+HandleCryptographyResponseContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Discovery+ExtractSigningKeys.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+ResolveServerConfiguration.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+ResolveIntrospectionEndpoint.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+EvaluateIntrospectionRequest.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ValidateTokenContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Protection+ResolveTokenValidationParameters.
trce: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The token 'eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZDQkMtSFM1MTIiLCJraWQiOiIxNEJEQTk0OTk1RkZBMzU4RDdBMTY4RjFBRTA1NkIwMjBFQ0MyNUE3IiwidHlwIjoiYXQrand0IiwiY3R5IjoiSldUIn0.GTgSGHKBStkKD1JoEUX9a9jQboWAa8jfabFEAcpLYJBVE4KvXLsh9tYxkn4bu0WIX24NcZ4htjShn_I8s9bsCv7c2GbBSrDWRlgbh2YPIh3zC8VVVCW-AN5VanZMf7FS7UAgrnfb6VJ68cIer307fxG_RiWlFL22J-eo2azFo1qb65-odbK_yRVuxv6dtMiyXEmOM90U5Z6GdGb3AC8GLhGPwoMwbr2kcEBVOwTCsyVzTuf8w2_8FvgL40NPdUMtcV4TiN2py4OAj7VMlFGdPz8uDSEzUXOsIMwQfPyWWBonPniUfBYQhBXSXtKrUBJqikciB_RtszZcNSK2OTJ2zg.cDT1xeWsdvf1OmLZrbUJaw.0pKDddBoJLsDm7HGfNAsjScVht6gVM_IS_HN0Lj6Zm1cK6rrDoNWHwfBE1R5FJflKwooLorvUnVCoTlQiJJl27jzptgaQXzBIxLOizo33Mv04BfxG79U-LMj7lMIYMWMasANo-6nhTmO0W9pm75Do4NPKWMMXqzje_Mup4bz3se2yWMYXnKvKGYTbF0eCA_3bmY99yUX1xNUOkFP9CU0gKpbH_kSti7IxaRTmgDtf-rtNX_cFkOuH-kz7DIpO8rBx48aG2VzAzSl-oZfh94APGxfIyz-NfXNwlrvU3vCykJ5oRidS1UqStg7JwGLb4n7t-WfC875I8PlAqRUCZqxPgrzW7D5zWNYmq9KOD5TtwKjIZKP7NxX6y6KYTtXCfYvggqE6rEDVRxvrbR34rB_cB-0BfV_XWfXId48KSRb6QI-Sx-e8FP8o1Bv5Jp_YEA9TH294LeynCATt2DTmt6iWUNWehD2xz-KhRkF7juHKlPGiWhrELT3_8TD8d6huRZeSFqmzLOHmShZh5O6vBKkjsBCVl_8xK1fp7FyDzAF68lHelAECintQDQBozf0j9jIsnxfNs-pNujHgpbEl-JsE-DO-KLFTfbAeLjA5l4TBTrH4sXvpHgV8fbo54jWxPLEpYay8eG_CEwQnSWR3lsVtoqpm3sNicgYe6J_sGvEpO9SNDOYNnX1bI2lalTeyKc5IcIkIDVuKPIE3JW_PQTjIeF604X0Yb7eMq2jgoRf1Xa6DSnWLMdqhXE8Oe6NB_UYtXNIOMc-3-Wnm0fbKAnO3nnFKkmXLVvMygXolsA4G9uDNYWZLDzzW3PuUgnb6j-5WpIwtTClkG_G6bVLO0eH1-Tea9tzKbcRU3nlWGQ1FfOGiNFWlHByGtN1EfP3w26zYDsrIBgs4GQzayiZZOFjgtEtXo7-O30aR2AZciM3IgI-Gc3SwGCVU2q5tgMxNvYOVkpa8sNOwGgrgfopaRSQK_vg059IicDAe5zXuAQl-pjJpjq9ewMHMp2cPKgH_nvQPnRAytbgwG5WYBUtpY0u0weg29CEu4bQQNLdnl-uCT6fk2uyzWpr7S-HEm3MQ28SGVbX6-IpbuquoTPRaRCi1Q.Dvew9jpknC_sFRXOmfpNVLzbTGl3MVHVft3fjpvJEm4' was successfully validated and the following claims could be extracted: sub: core_api_console, oi_prst: core_api_console, client_id: core_api_console, oi_tkn_id: ebac730f-c640-40f5-9eea-deb50b72f243, jti: 3cb5afa4-9cfb-407f-9a4e-bdab0151ed24, iss: https://localhost:7296/, exp: 1704758475, iat: 1704754875, oi_tkn_typ: access_token.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ValidateTokenContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Protection+ValidateIdentityModelToken.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ValidateTokenContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Protection+NormalizeScopeClaims.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ValidateTokenContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Protection+MapInternalClaims.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ValidateTokenContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Protection+ValidatePrincipal.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ValidateTokenContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Protection+ValidateExpirationDate.
info: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The authentication demand was rejected because the token had no audience attached.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ValidateTokenContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+Protection+ValidateAudience.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ValidateTokenContext was marked as rejected by OpenIddict.Validation.OpenIddictValidationHandlers+Protection+ValidateAudience.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+ValidateAccessToken.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was marked as rejected by OpenIddict.Validation.OpenIddictValidationHandlers+ValidateAccessToken.
info: OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler[7]
OpenIddict.Validation.AspNetCore was not authenticated. Failure message: An error occurred while authenticating the current request.
info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
Authorization failed. These requirements were not met:
DenyAnonymousAuthorizationRequirement: Requires an authenticated user.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ResolveHostChallengeProperties.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+AttachHostChallengeError.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+AttachDefaultChallengeError.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+AttachCustomChallengeParameters.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+AttachHttpResponseCode`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+AttachCacheControlHeader`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+AttachWwwAuthenticateHeader`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
info: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The response was successfully returned as a challenge response: {
"error": "invalid_token",
"error_description": "The specified token doesn't contain any audience.",
"error_uri": "https://documentation.openiddict.com/errors/ID2093"
}.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ProcessChallengeErrorResponse`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was marked as handled by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ProcessChallengeErrorResponse`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
info: OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler[12]
AuthenticationScheme: OpenIddict.Validation.AspNetCore was challenged.
dbug: Microsoft.AspNetCore.Server.Kestrel.Connections[9]
Connection id "0HN0GJM16O8UD" completed keep alive response.
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished HTTP/1.1 GET https://localhost:7224/api/v1/Gage/ - - - 401 0 - 3039.1408ms
01/08/24 16:01:45 997 INFO LicenseGateway.SetLicenseSessionId enter
01/08/24 16:01:46 002 INFO LicenseGateway.SetLicenseSessionId exit
Using client credentials do we require an audience:
"The specified token doesn't contain any audience."
will get back to it tomorrow.
I am not using asp.net identity. With client, idp and web api using same encryption I get the following:
ASP.NET Core Identity != IdentityModel (which is the low-level stack used by OpenIddict to validate and generate JWT tokens). You're definitely using IdentityModel 😃
"The specified token doesn't contain any audience."
You configured the validation handler to require an audience (gt_resource_server): either remove that or call principal.SetResources("gt_resource_server") in your authorization controller to issue an access token with a gt_resource_server audience.
I am using client credentials flow and I cannot figure out why this would appear:
enyAnonymousAuthorizationRequirement: Requires an authenticated user.
I thought client credentials did not require user just the secret
It's a generic message logged by the ASP.NET Core authentication stack, which isn't unaware you're using a user-less flow. Requires an authenticated principal would likely be a better message. I'll open a ticket tomorrow to suggest that to the ASP.NET team.
@kevinchalet Thank you for your help worked perfectly
Great to hear it's working ❤️
Closing, but feel free to reopen if needed.