Password flow has invalid_token response
dgxhubbard opened this issue · comments
Confirm you've already contributed to this project or that you sponsor it
- I confirm I'm a sponsor or a contributor
Version
5.0.1
Question
I apologize profusely but I believe this is the last error.
When password flow is used and AuthenticateWithPasswordAsync is called in the client I get
and invalid token exception.
Code is in issue
openiddict/openiddict-core#1952
Log Output
01/16/24 15:25:30 615 {level:uppercase=true} Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker - Executed action method Gt.IDP.Controllers.AuthorizationController.Exchange (Gt.IDP), returned result Microsoft.AspNetCore.Mvc.SignInResult in 1464.9277ms.
01/16/24 15:25:30 615 {level:uppercase=true} Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker - Action Filter: Before executing OnActionExecuted on filter Microsoft.AspNetCore.Mvc.ModelBinding.UnsupportedContentTypeFilter.
01/16/24 15:25:30 615 {level:uppercase=true} Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker - Action Filter: After executing OnActionExecuted on filter Microsoft.AspNetCore.Mvc.ModelBinding.UnsupportedContentTypeFilter.
01/16/24 15:25:30 615 {level:uppercase=true} Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker - Action Filter: After executing OnActionExecutionAsync on filter Microsoft.AspNetCore.Mvc.Filters.ControllerActionFilter.
01/16/24 15:25:30 627 {level:uppercase=true} Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker - Result Filter: Before executing OnResultExecuting on filter Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.SaveTempDataFilter.
01/16/24 15:25:30 627 {level:uppercase=true} Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker - Result Filter: After executing OnResultExecuting on filter Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.SaveTempDataFilter.
01/16/24 15:25:30 627 {level:uppercase=true} Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker - Before executing action result Microsoft.AspNetCore.Mvc.SignInResult.
01/16/24 15:25:30 627 {level:uppercase=true} Microsoft.AspNetCore.Mvc.SignInResult - Executing SignInResult with authentication scheme (OpenIddict.Server.AspNetCore) and the following principal: System.Security.Claims.ClaimsPrincipal.
01/16/24 15:25:30 627 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ProcessSignInContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ResolveHostSignInProperties.
01/16/24 15:25:30 627 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ProcessSignInContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+ValidateSignInDemand.
01/16/24 15:25:30 627 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ProcessSignInContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+RedeemTokenEntry.
01/16/24 15:25:30 627 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ProcessSignInContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+RestoreInternalClaims.
01/16/24 15:25:30 627 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ProcessSignInContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+AttachHostProperties.
01/16/24 15:25:30 627 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ProcessSignInContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+AttachDefaultScopes.
01/16/24 15:25:30 627 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ProcessSignInContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+AttachDefaultPresenters.
01/16/24 15:25:30 627 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ProcessSignInContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+InferResources.
01/16/24 15:25:30 627 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ProcessSignInContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+EvaluateGeneratedTokens.
01/16/24 15:25:30 627 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ProcessSignInContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+AttachAuthorization.
01/16/24 15:25:30 644 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ProcessSignInContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+PrepareAccessTokenPrincipal.
01/16/24 15:25:30 644 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+GenerateTokenContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+Protection+AttachSecurityCredentials.
01/16/24 15:25:30 644 {level:uppercase=true} Microsoft.EntityFrameworkCore.Infrastructure - Entity Framework Core 7.0.14 initialized 'AppDbContext' using provider 'Microsoft.EntityFrameworkCore.Sqlite:7.0.14' with options: None
01/16/24 15:25:30 687 {level:uppercase=true} Microsoft.EntityFrameworkCore.ChangeTracking - Context 'AppDbContext' started tracking 'OpenIddictEntityFrameworkCoreToken' entity. Consider using 'DbContextOptionsBuilder.EnableSensitiveDataLogging' to see key values.
01/16/24 15:25:30 690 {level:uppercase=true} Microsoft.EntityFrameworkCore.Update - SaveChanges starting for 'AppDbContext'.
01/16/24 15:25:30 690 {level:uppercase=true} Microsoft.EntityFrameworkCore.ChangeTracking - DetectChanges starting for 'AppDbContext'.
01/16/24 15:25:30 690 {level:uppercase=true} Microsoft.EntityFrameworkCore.ChangeTracking - DetectChanges completed for 'AppDbContext'.
01/16/24 15:25:30 721 {level:uppercase=true} Microsoft.EntityFrameworkCore.Database.Connection - Creating DbConnection.
01/16/24 15:25:30 721 {level:uppercase=true} Microsoft.EntityFrameworkCore.Database.Connection - Created DbConnection. (0ms).
01/16/24 15:25:30 721 {level:uppercase=true} Microsoft.EntityFrameworkCore.Database.Connection - Opening connection to database 'main' on server 'C:\Repository\Gt\bin\Debug\Gt.IDP\gtauthorize.db'.
01/16/24 15:25:30 721 {level:uppercase=true} Microsoft.EntityFrameworkCore.Database.Connection - Opened connection to database 'main' on server 'C:\Repository\Gt\bin\Debug\Gt.IDP\gtauthorize.db'.
01/16/24 15:25:30 721 {level:uppercase=true} Microsoft.EntityFrameworkCore.Database.Command - Creating DbCommand for 'ExecuteReader'.
01/16/24 15:25:30 721 {level:uppercase=true} Microsoft.EntityFrameworkCore.Database.Command - Created DbCommand for 'ExecuteReader' (0ms).
01/16/24 15:25:30 721 {level:uppercase=true} Microsoft.EntityFrameworkCore.Database.Command - Initialized DbCommand for 'ExecuteReader' (0ms).
01/16/24 15:25:30 721 {level:uppercase=true} Microsoft.EntityFrameworkCore.Database.Command - Executing DbCommand [Parameters=[@p0='?' (Size = 36), @p1='?', @p2='?', @p3='?' (Size = 36), @p4='?' (DbType = DateTime), @p5='?' (DbType = DateTime), @p6='?', @p7='?', @p8='?' (DbType = DateTime), @p9='?', @p10='?' (Size = 5), @p11='?' (Size = 1), @p12='?' (Size = 12)], CommandType='Text', CommandTimeout='30']
INSERT INTO "OpenIddictTokens" ("Id", "ApplicationId", "AuthorizationId", "ConcurrencyToken", "CreationDate", "ExpirationDate", "Payload", "Properties", "RedemptionDate", "ReferenceId", "Status", "Subject", "Type")
VALUES (@p0, @p1, @p2, @p3, @p4, @p5, @p6, @p7, @p8, @p9, @p10, @p11, @p12);
01/16/24 15:25:30 721 {level:uppercase=true} Microsoft.EntityFrameworkCore.Database.Command - Executed DbCommand (5ms) [Parameters=[@p0='?' (Size = 36), @p1='?', @p2='?', @p3='?' (Size = 36), @p4='?' (DbType = DateTime), @p5='?' (DbType = DateTime), @p6='?', @p7='?', @p8='?' (DbType = DateTime), @p9='?', @p10='?' (Size = 5), @p11='?' (Size = 1), @p12='?' (Size = 12)], CommandType='Text', CommandTimeout='30']
INSERT INTO "OpenIddictTokens" ("Id", "ApplicationId", "AuthorizationId", "ConcurrencyToken", "CreationDate", "ExpirationDate", "Payload", "Properties", "RedemptionDate", "ReferenceId", "Status", "Subject", "Type")
VALUES (@p0, @p1, @p2, @p3, @p4, @p5, @p6, @p7, @p8, @p9, @p10, @p11, @p12);
info: Microsoft.EntityFrameworkCore.Database.Command[20101]
Executed DbCommand (5ms) [Parameters=[@p0='?' (Size = 36), @p1='?', @p2='?', @p3='?' (Size = 36), @p4='?' (DbType = DateTime), @p5='?' (DbType = DateTime), @p6='?', @p7='?', @p8='?' (DbType = DateTime), @p9='?', @p10='?' (Size = 5), @p11='?' (Size = 1), @p12='?' (Size = 12)], CommandType='Text', CommandTimeout='30']
INSERT INTO "OpenIddictTokens" ("Id", "ApplicationId", "AuthorizationId", "ConcurrencyToken", "CreationDate", "ExpirationDate", "Payload", "Properties", "RedemptionDate", "ReferenceId", "Status", "Subject", "Type")
VALUES (@p0, @p1, @p2, @p3, @p4, @p5, @p6, @p7, @p8, @p9, @p10, @p11, @p12);
01/16/24 15:25:30 721 {level:uppercase=true} Microsoft.EntityFrameworkCore.Database.Command - Closing data reader to 'main' on server 'C:\Repository\Gt\bin\Debug\Gt.IDP\gtauthorize.db'.
01/16/24 15:25:30 721 {level:uppercase=true} Microsoft.EntityFrameworkCore.Database.Command - A data reader for 'main' on server 'C:\Repository\Gt\bin\Debug\Gt.IDP\gtauthorize.db' is being disposed after spending 1ms reading results.
01/16/24 15:25:30 721 {level:uppercase=true} Microsoft.EntityFrameworkCore.Database.Connection - Closing connection to database 'main' on server 'C:\Repository\Gt\bin\Debug\Gt.IDP\gtauthorize.db'.
01/16/24 15:25:30 721 {level:uppercase=true} Microsoft.EntityFrameworkCore.Database.Connection - Closed connection to database 'main' on server 'C:\Repository\Gt\bin\Debug\Gt.IDP\gtauthorize.db' (0ms).
01/16/24 15:25:30 721 {level:uppercase=true} Microsoft.EntityFrameworkCore.ChangeTracking - An entity of type 'OpenIddictEntityFrameworkCoreToken' tracked by 'AppDbContext' changed state from 'Added' to 'Unchanged'. Consider using 'DbContextOptionsBuilder.EnableSensitiveDataLogging' to see key values.
01/16/24 15:25:30 721 {level:uppercase=true} Microsoft.EntityFrameworkCore.Update - SaveChanges completed for 'AppDbContext' with 1 entities written to the database.
01/16/24 15:25:30 745 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The token entry for 'access_token' token '6c20f256-9c45-4763-9bda-80480e03b393' was successfully created.
01/16/24 15:25:30 745 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+GenerateTokenContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+Protection+CreateTokenEntry.
01/16/24 15:25:30 767 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - A new 'access_token' JSON Web Token was successfully created: eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZDQkMtSFM1MTIiLCJraWQiOiIxNEJEQTk0OTk1RkZBMzU4RDdBMTY4RjFBRTA1NkIwMjBFQ0MyNUE3IiwidHlwIjoiYXQrand0IiwiY3R5IjoiSldUIn0.MB2ayEHq5P6xUQrHtGDHZb5Q7544UYTRjfv60q7eH5icK11Xw3n-4EQTLnkYszXufLXNjgtW4zidCQBymXBtgocHXqNEZRfICZ10xTJRMo0eu0ds_34zGDpvZbb5Q-6LsJD3DGJNYLHiCKyJl49kIfkc6OtH8ZRoYfLwCu4xFkBEjIS4p-DsjbmEnhoXqwY2ipeXU2KDinRnMbuVVj6kXsXmfkWnIQHNDk6UhwIa-0wMPXdiIFqP5olnT99x8LBGTQWR_Z3av0kJuXf__dw-5is1eLZFKidhRTR4rvHeqkIC68X0ryCkosFUgQ7Rxtowu01mr7ZR-5xRJwUOcx9ARg.UC7bthbkIds51uzGNKkRVg.B88n0rVWVaoAWsvMO6N8l9cgm9L9YNozRQvCl7e2Zi3VGnx6gPx-C7RRvaWNWbn8J51afeXkqxq5psCNgXmNRswZSV-WUr0FVXLaAeUFOso-Yxd8bRPQNuwfvSITlWZInubjM4p-wG4-zD_uJ6NnvDUJmFOFcK5CIxYmw3BCHUob6nA3sC8dY8WUJ-NBdE818XZrGzYQVwzOTLKkSGH1543Js9KsKgqwj0TEA7Zu68bQD05xqK4_ZLIWAWxrcbTk84R92v5ulqapFShIuB16H3530dSkkpd9puUwVAVgrS7q2nZb2IEl3A4fzgRcyIg8dBEXjRVK3WODkpYUhDDR03lBRhhUDGWKnhsFc_L8RXOrafc7ApR2gnAFyj4jDsSg_8S7U3JNyxrolPU_LJxHg3klUlC43NCE53iHOVfb2DhT2zX7DRAeQRV-9Bf5wQXC1705VfZ1q_AY408BLIk2JTw6FrJqXAdkS-ZgmkevjIv5P1YMNIaS1HdjziwiQwWMOTghY2-TmaH3sLKghXxElswszZAMvFF3hxQhmrh2b3YAKzuJsGFp_1c_0YaEogTkh4bUxcKPpzZ9oAAHeNQtlYQer7QIi7OXGm0vCQVmIySLmi7vDAFxWZM5lOvffHyJpOqVpbicxe7z9jPFMcSHu7C9f_Mj8LKPcLDtMMFmT5wBYP_gK8BhEKRBItZ7-CKUukpawNvJw5_R4XBgFLfHWyzBPCIfWzJLqficToBayRzqmWJB2JWaWxw-6fuu1oDL4srikINQ5RiWPt7PEOSgppYpNKH_-G2mAVTJc29T4a_EnVpnb4OXuNAwK23y2aGCJm4BqbOW_eKMefgu054-cwZLk-vFC5-y4g2YlItcBvYALiGmFH5xZzLgkMhktLV_fI15yeq9iXSYFKlRcgRriX1LjHcU5raqNYEicin16KobOb6ljBndEG1iBLWqvFZssfaNEf8oVHhLG8cugY6YA4CiS3dRxurheyPBdBHeAqY.deZAhGtYJriX5_sNJF8MUMqTi3YPQgbvJvNOe21Zhfs.
The principal used to create the token contained the following claims: sub: 1, name: Admin, oi_tkn_id: 6c20f256-9c45-4763-9bda-80480e03b393.
01/16/24 15:25:30 767 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+GenerateTokenContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+Protection+GenerateIdentityModelToken.
01/16/24 15:25:30 767 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+GenerateTokenContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+Protection+BeautifyToken.
01/16/24 15:25:30 767 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ProcessSignInContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+GenerateAccessToken.
01/16/24 15:25:30 767 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ProcessSignInContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+AttachCustomSignInParameters.
01/16/24 15:25:30 767 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ProcessSignInContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+AttachSignInParameters.
01/16/24 15:25:30 767 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ApplyTokenResponseContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+Exchange+NormalizeErrorResponse.
01/16/24 15:25:30 767 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ApplyTokenResponseContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+AttachHttpResponseCode`1[[OpenIddict.Server.OpenIddictServerEvents+ApplyTokenResponseContext, OpenIddict.Server, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
01/16/24 15:25:30 767 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ApplyTokenResponseContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+AttachCacheControlHeader`1[[OpenIddict.Server.OpenIddictServerEvents+ApplyTokenResponseContext, OpenIddict.Server, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
01/16/24 15:25:30 767 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ApplyTokenResponseContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+AttachWwwAuthenticateHeader`1[[OpenIddict.Server.OpenIddictServerEvents+ApplyTokenResponseContext, OpenIddict.Server, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
01/16/24 15:25:30 767 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The response was successfully returned as a JSON document: {
"access_token": "[redacted]",
"token_type": "Bearer",
"expires_in": 3599
}.
info: OpenIddict.Server.OpenIddictServerDispatcher[0]
The response was successfully returned as a JSON document: {
"access_token": "[redacted]",
"token_type": "Bearer",
"expires_in": 3599
}.
01/16/24 15:25:30 767 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ApplyTokenResponseContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ProcessJsonResponse`1[[OpenIddict.Server.OpenIddictServerEvents+ApplyTokenResponseContext, OpenIddict.Server, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
01/16/24 15:25:30 767 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ApplyTokenResponseContext was marked as handled by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ProcessJsonResponse`1[[OpenIddict.Server.OpenIddictServerEvents+ApplyTokenResponseContext, OpenIddict.Server, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
01/16/24 15:25:30 767 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ProcessSignInContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+Exchange+ApplyTokenResponse`1[[OpenIddict.Server.OpenIddictServerEvents+ProcessSignInContext, OpenIddict.Server, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
01/16/24 15:25:30 767 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ProcessSignInContext was marked as handled by OpenIddict.Server.OpenIddictServerHandlers+Exchange+ApplyTokenResponse`1[[OpenIddict.Server.OpenIddictServerEvents+ProcessSignInContext, OpenIddict.Server, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
01/16/24 15:25:30 767 {level:uppercase=true} Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker - After executing action result Microsoft.AspNetCore.Mvc.SignInResult.
01/16/24 15:25:30 767 {level:uppercase=true} Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker - Result Filter: Before executing OnResultExecuted on filter Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.SaveTempDataFilter.
01/16/24 15:25:30 767 {level:uppercase=true} Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker - Result Filter: After executing OnResultExecuted on filter Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.SaveTempDataFilter.
01/16/24 15:25:30 767 {level:uppercase=true} Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker - Resource Filter: Before executing OnResourceExecuted on filter Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.SaveTempDataFilter.
01/16/24 15:25:30 767 {level:uppercase=true} Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker - Resource Filter: After executing OnResourceExecuted on filter Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.SaveTempDataFilter.
01/16/24 15:25:30 767 {level:uppercase=true} Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker - Executed action Gt.IDP.Controllers.AuthorizationController.Exchange (Gt.IDP) in 1628.5899ms
01/16/24 15:25:30 767 {level:uppercase=true} Microsoft.AspNetCore.Routing.EndpointMiddleware - Executed endpoint 'Gt.IDP.Controllers.AuthorizationController.Exchange (Gt.IDP)'
01/16/24 15:25:30 767 {level:uppercase=true} Microsoft.AspNetCore.Server.Kestrel.Connections - Connection id "0HN0MS85JLMF2" completed keep alive response.
01/16/24 15:25:30 767 {level:uppercase=true} Microsoft.EntityFrameworkCore.Infrastructure - 'AppDbContext' disposed.
01/16/24 15:25:30 767 {level:uppercase=true} Microsoft.EntityFrameworkCore.Database.Connection - Disposing connection to database 'main' on server 'C:\Repository\Gt\bin\Debug\Gt.IDP\gtauthorize.db'.
01/16/24 15:25:30 767 {level:uppercase=true} Microsoft.EntityFrameworkCore.Database.Connection - Disposed connection to database 'main' on server 'C:\Repository\Gt\bin\Debug\Gt.IDP\gtauthorize.db' (0ms).
01/16/24 15:25:30 786 {level:uppercase=true} Microsoft.AspNetCore.Hosting.Diagnostics - Request finished HTTP/1.1 POST https://localhost:7296/connect/token application/x-www-form-urlencoded 50 - 200 1645 application/json;charset=UTF-8 1692.0662ms
01/16/24 15:25:30 786 {level:uppercase=true} Microsoft.AspNetCore.Hosting.Diagnostics - Request starting HTTP/1.1 GET https://localhost:7296/connect/userinfo - -
01/16/24 15:25:30 786 {level:uppercase=true} Microsoft.AspNetCore.HostFiltering.HostFilteringMiddleware - All hosts are allowed.
01/16/24 15:25:30 786 {level:uppercase=true} Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware - The request path /connect/userinfo does not match a supported file type
01/16/24 15:25:30 786 {level:uppercase=true} Microsoft.AspNetCore.Routing.Matching.DfaMatcher - 2 candidate(s) found for the request path '/connect/userinfo'
01/16/24 15:25:30 786 {level:uppercase=true} Microsoft.AspNetCore.Routing.Matching.DfaMatcher - Endpoint 'Gt.IDP.Controllers.AuthorizationController.Userinfo (Gt.IDP)' with route pattern 'connect/userinfo' is valid for the request path '/connect/userinfo'
01/16/24 15:25:30 786 {level:uppercase=true} Microsoft.AspNetCore.Routing.Matching.DfaMatcher - Endpoint 'Fallback {*path:nonfile}' with route pattern '{*path:nonfile}' is valid for the request path '/connect/userinfo'
01/16/24 15:25:30 786 {level:uppercase=true} Microsoft.AspNetCore.Routing.EndpointRoutingMiddleware - Request matched endpoint 'Gt.IDP.Controllers.AuthorizationController.Userinfo (Gt.IDP)'
01/16/24 15:25:30 786 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ResolveRequestUri.
01/16/24 15:25:30 786 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The request URI matched a server endpoint: Userinfo.
info: OpenIddict.Server.OpenIddictServerDispatcher[0]
The request URI matched a server endpoint: Userinfo.
01/16/24 15:25:30 786 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+InferEndpointType.
01/16/24 15:25:30 786 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ValidateTransportSecurityRequirement.
01/16/24 15:25:30 786 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ValidateHostHeader.
01/16/24 15:25:30 786 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ExtractUserinfoRequestContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ExtractGetOrPostRequest`1[[OpenIddict.Server.OpenIddictServerEvents+ExtractUserinfoRequestContext, OpenIddict.Server, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
01/16/24 15:25:30 786 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ExtractUserinfoRequestContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ExtractAccessToken`1[[OpenIddict.Server.OpenIddictServerEvents+ExtractUserinfoRequestContext, OpenIddict.Server, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
01/16/24 15:25:30 786 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The userinfo request was successfully extracted: {
"access_token": "[redacted]"
}.
info: OpenIddict.Server.OpenIddictServerDispatcher[0]
The userinfo request was successfully extracted: {
"access_token": "[redacted]"
}.
01/16/24 15:25:30 786 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+Userinfo+ExtractUserinfoRequest.
01/16/24 15:25:30 786 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ValidateUserinfoRequestContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+Userinfo+ValidateAccessTokenParameter.
01/16/24 15:25:30 786 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+ValidateAuthenticationDemand.
01/16/24 15:25:30 786 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+EvaluateValidatedTokens.
01/16/24 15:25:30 786 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+ResolveValidatedTokens.
01/16/24 15:25:30 786 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+ValidateRequiredTokens.
01/16/24 15:25:30 800 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+ValidateClientId.
01/16/24 15:25:30 800 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ValidateTokenContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+Protection+ResolveTokenValidationParameters.
01/16/24 15:25:30 800 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ValidateTokenContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+Protection+ValidateReferenceTokenIdentifier.
01/16/24 15:25:30 819 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - An error occurred while validating the token 'eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZDQkMtSFM1MTIiLCJraWQiOiIxNEJEQTk0OTk1RkZBMzU4RDdBMTY4RjFBRTA1NkIwMjBFQ0MyNUE3IiwidHlwIjoiYXQrand0IiwiY3R5IjoiSldUIn0.MB2ayEHq5P6xUQrHtGDHZb5Q7544UYTRjfv60q7eH5icK11Xw3n-4EQTLnkYszXufLXNjgtW4zidCQBymXBtgocHXqNEZRfICZ10xTJRMo0eu0ds_34zGDpvZbb5Q-6LsJD3DGJNYLHiCKyJl49kIfkc6OtH8ZRoYfLwCu4xFkBEjIS4p-DsjbmEnhoXqwY2ipeXU2KDinRnMbuVVj6kXsXmfkWnIQHNDk6UhwIa-0wMPXdiIFqP5olnT99x8LBGTQWR_Z3av0kJuXf__dw-5is1eLZFKidhRTR4rvHeqkIC68X0ryCkosFUgQ7Rxtowu01mr7ZR-5xRJwUOcx9ARg.UC7bthbkIds51uzGNKkRVg.B88n0rVWVaoAWsvMO6N8l9cgm9L9YNozRQvCl7e2Zi3VGnx6gPx-C7RRvaWNWbn8J51afeXkqxq5psCNgXmNRswZSV-WUr0FVXLaAeUFOso-Yxd8bRPQNuwfvSITlWZInubjM4p-wG4-zD_uJ6NnvDUJmFOFcK5CIxYmw3BCHUob6nA3sC8dY8WUJ-NBdE818XZrGzYQVwzOTLKkSGH1543Js9KsKgqwj0TEA7Zu68bQD05xqK4_ZLIWAWxrcbTk84R92v5ulqapFShIuB16H3530dSkkpd9puUwVAVgrS7q2nZb2IEl3A4fzgRcyIg8dBEXjRVK3WODkpYUhDDR03lBRhhUDGWKnhsFc_L8RXOrafc7ApR2gnAFyj4jDsSg_8S7U3JNyxrolPU_LJxHg3klUlC43NCE53iHOVfb2DhT2zX7DRAeQRV-9Bf5wQXC1705VfZ1q_AY408BLIk2JTw6FrJqXAdkS-ZgmkevjIv5P1YMNIaS1HdjziwiQwWMOTghY2-TmaH3sLKghXxElswszZAMvFF3hxQhmrh2b3YAKzuJsGFp_1c_0YaEogTkh4bUxcKPpzZ9oAAHeNQtlYQer7QIi7OXGm0vCQVmIySLmi7vDAFxWZM5lOvffHyJpOqVpbicxe7z9jPFMcSHu7C9f_Mj8LKPcLDtMMFmT5wBYP_gK8BhEKRBItZ7-CKUukpawNvJw5_R4XBgFLfHWyzBPCIfWzJLqficToBayRzqmWJB2JWaWxw-6fuu1oDL4srikINQ5RiWPt7PEOSgppYpNKH_-G2mAVTJc29T4a_EnVpnb4OXuNAwK23y2aGCJm4BqbOW_eKMefgu054-cwZLk-vFC5-y4g2YlItcBvYALiGmFH5xZzLgkMhktLV_fI15yeq9iXSYFKlRcgRriX1LjHcU5raqNYEicin16KobOb6ljBndEG1iBLWqvFZssfaNEf8oVHhLG8cugY6YA4CiS3dRxurheyPBdBHeAqY.deZAhGtYJriX5_sNJF8MUMqTi3YPQgbvJvNOe21Zhfs'. IDX14100: JWT is not well formed, there are no dots (.).
The token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.
IDX14101: Unable to decode the payload '[PII of type 'Microsoft.IdentityModel.Logging.SecurityArtifact' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]' as Base64Url encoded string. at Microsoft.IdentityModel.JsonWebTokens.JsonWebToken.ReadToken(String encodedJson)
at Microsoft.IdentityModel.JsonWebTokens.JsonWebToken..ctor(String jwtEncodedString)
at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ReadToken(String token, TokenValidationParameters validationParameters)
IDX11020: The JSON value of type: 'Number', could not be converted to 'JsonTokenType.String'. Reading: 'Microsoft.IdentityModel.JsonWebTokens.JsonWebToken.sub', Position: '7', CurrentDepth: '1', BytesConsumed: '8'. at Microsoft.IdentityModel.Tokens.Json.JsonSerializerPrimitives.ReadString(Utf8JsonReader& reader, String propertyName, String className, Boolean read)
at Microsoft.IdentityModel.JsonWebTokens.JsonWebToken.CreatePayloadClaimSet(Byte[] bytes, Int32 length)
at Microsoft.IdentityModel.Tokens.Base64UrlEncoding.Decode[T](String input, Int32 offset, Int32 length, Func`3 action)
at Microsoft.IdentityModel.JsonWebTokens.JsonWebToken.CreateClaimSet(String rawString, Int32 startIndex, Int32 length, Func`3 action)
at Microsoft.IdentityModel.JsonWebTokens.JsonWebToken.ReadToken(String encodedJson)
01/16/24 15:25:30 819 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ValidateTokenContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+Protection+ValidateIdentityModelToken.
01/16/24 15:25:30 819 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ValidateTokenContext was marked as rejected by OpenIddict.Server.OpenIddictServerHandlers+Protection+ValidateIdentityModelToken.
01/16/24 15:25:30 819 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+ValidateAccessToken.
01/16/24 15:25:30 819 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ProcessAuthenticationContext was marked as rejected by OpenIddict.Server.OpenIddictServerHandlers+ValidateAccessToken.
01/16/24 15:25:30 819 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ValidateUserinfoRequestContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+Userinfo+ValidateAuthentication.
01/16/24 15:25:30 819 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ValidateUserinfoRequestContext was marked as rejected by OpenIddict.Server.OpenIddictServerHandlers+Userinfo+ValidateAuthentication.
01/16/24 15:25:30 819 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+Userinfo+ValidateUserinfoRequest.
01/16/24 15:25:30 819 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was marked as rejected by OpenIddict.Server.OpenIddictServerHandlers+Userinfo+ValidateUserinfoRequest.
01/16/24 15:25:30 819 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ProcessErrorContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+AttachErrorParameters.
01/16/24 15:25:30 819 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ProcessErrorContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+AttachCustomErrorParameters.
01/16/24 15:25:30 819 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ApplyUserinfoResponseContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+AttachHttpResponseCode`1[[OpenIddict.Server.OpenIddictServerEvents+ApplyUserinfoResponseContext, OpenIddict.Server, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
01/16/24 15:25:30 819 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ApplyUserinfoResponseContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+AttachWwwAuthenticateHeader`1[[OpenIddict.Server.OpenIddictServerEvents+ApplyUserinfoResponseContext, OpenIddict.Server, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
01/16/24 15:25:30 819 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The response was successfully returned as a challenge response: {
"error": "invalid_token",
"error_description": "The specified token is invalid.",
"error_uri": "https://documentation.openiddict.com/errors/ID2004"
}.
info: OpenIddict.Server.OpenIddictServerDispatcher[0]
The response was successfully returned as a challenge response: {
"error": "invalid_token",
"error_description": "The specified token is invalid.",
"error_uri": "https://documentation.openiddict.com/errors/ID2004"
}.
01/16/24 15:25:30 819 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ApplyUserinfoResponseContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ProcessChallengeErrorResponse`1[[OpenIddict.Server.OpenIddictServerEvents+ApplyUserinfoResponseContext, OpenIddict.Server, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
01/16/24 15:25:30 819 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ApplyUserinfoResponseContext was marked as handled by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ProcessChallengeErrorResponse`1[[OpenIddict.Server.OpenIddictServerEvents+ApplyUserinfoResponseContext, OpenIddict.Server, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
01/16/24 15:25:30 830 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ProcessErrorContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+Userinfo+ApplyUserinfoResponse`1[[OpenIddict.Server.OpenIddictServerEvents+ProcessErrorContext, OpenIddict.Server, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
01/16/24 15:25:30 830 {level:uppercase=true} OpenIddict.Server.OpenIddictServerDispatcher - The event OpenIddict.Server.OpenIddictServerEvents+ProcessErrorContext was marked as handled by OpenIddict.Server.OpenIddictServerHandlers+Userinfo+ApplyUserinfoResponse`1[[OpenIddict.Server.OpenIddictServerEvents+ProcessErrorContext, OpenIddict.Server, Version=5.0.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
01/16/24 15:25:30 830 {level:uppercase=true} Microsoft.AspNetCore.Server.Kestrel.Connections - Connection id "0HN0MS85JLMF2" completed keep alive response.
01/16/24 15:25:30 830 {level:uppercase=true} Microsoft.AspNetCore.Hosting.Diagnostics - Request finished HTTP/1.1 GET https://localhost:7296/connect/userinfo - - - 401 0 - 39.4218ms
The error description is
The userinfo request was rejected by the remote server.
Revised Authorization Controller is below and the setup code also. I have a break pt set in UserInfo in Authorization Controller but it is not hit
Setup Code
builder.Services.AddOpenIddict ()
// Register the OpenIddict Core. components
.AddCore ( options =>
{
options.UseEntityFrameworkCore ()
.UseDbContext<AppDbContext> ();
} )
// Register the OpenIddict server components
.AddServer ( options =>
{
options
.SetAuthorizationEndpointUris ( "/connect/authorize" )
.SetTokenEndpointUris ( "/connect/token" )
.SetUserinfoEndpointUris ( "/connect/userinfo" );
options
.AllowAuthorizationCodeFlow ()
//.RequireProofKeyForCodeExchange ()
.AllowPasswordFlow ()
.AllowRefreshTokenFlow ()
.AllowClientCredentialsFlow ();
// Accept anonymous clients (i.e clients that don't send a client_id).
options.AcceptAnonymousClients ();
var xEncrypt = new X509Certificate2 ( File.ReadAllBytes ( idpCertificates.EncryptionCert ), idpCertificates.EncryptionPassword );
var xSigning = new X509Certificate2 ( File.ReadAllBytes ( idpCertificates.SigningCert ), idpCertificates.SigningPassword );
// Register the signing and encryption credentials used to protect
// sensitive data like the state tokens produced by OpenIddict.
options.AddEncryptionCertificate ( xEncrypt )
.AddSigningCertificate ( xSigning );
// Register the ASP.NET Core. host and configure the ASP.NET Core.-specific options
options
.UseAspNetCore ()
.EnableTokenEndpointPassthrough ()
.EnableAuthorizationEndpointPassthrough ()
.EnableUserinfoEndpointPassthrough ();
} )
// Register the OpenIddict validation components
.AddValidation ( options =>
{
// Import the configuration from the local OpenIddict server instance
options.UseLocalServer ();
// Register the ASP.NET Core. host
options.UseAspNetCore ();
} );
Authorization Controller
public class AuthorizationController : Controller
{
#region Constructors
public AuthorizationController ( IOpenIddictApplicationManager applicationManager, IOpenIddictAuthorizationManager authorizationManager, IOpenIddictScopeManager scopeManager )
{
ApplicationManager = applicationManager;
AuthorizationManager = authorizationManager;
ScopeManager = scopeManager;
UserManager = new UserManager ();
if ( UserManager == null )
throw new NullReferenceException ();
}
#endregion
#region Properties
[Inject]
private UserManager UserManager
{ get; set; }
[Inject]
private IOpenIddictApplicationManager ApplicationManager
{ get; set; }
[Inject]
private IOpenIddictAuthorizationManager AuthorizationManager
{ get; set; }
[Inject]
private IOpenIddictScopeManager ScopeManager
{ get; set; }
#endregion
[HttpGet ( "~/connect/authorize" )]
[HttpPost ( "~/connect/authorize" )]
[IgnoreAntiforgeryToken]
public async Task<IActionResult> Authorize ( string returnUrl = null )
{
//ClaimsPrincipal claimsPrincipal = null;
try
{
var request = HttpContext.GetOpenIddictServerRequest () ??
throw new InvalidOperationException ( "The OpenID Connect request cannot be retrieved." );
// Try to retrieve the user principal
var result = await HttpContext.AuthenticateAsync ( CookieAuthenticationDefaults.AuthenticationScheme );
if ( result == null || !result.Succeeded )
{
// If the client application requested promptless authentication,
// return an error indicating that the user is not logged in.
if ( request.HasPrompt ( Prompts.None ) )
{
return Forbid (
authenticationSchemes: OpenIddictServerAspNetCoreDefaults.AuthenticationScheme,
properties: new AuthenticationProperties ( new Dictionary<string, string>
{
[ OpenIddictServerAspNetCoreConstants.Properties.Error ] = Errors.LoginRequired,
[ OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription ] = "The user is not logged in."
} ) );
}
// To avoid endless login -> authorization redirects, the prompt=login flag
// is removed from the authorization request payload before redirecting the user.
var prompt = string.Join ( " ", request.GetPrompts ().Remove ( Prompts.Login ) );
var parameters = Request.HasFormContentType ?
Request.Form.Where ( parameter => parameter.Key != Parameters.Prompt ).ToList () :
Request.Query.Where ( parameter => parameter.Key != Parameters.Prompt ).ToList ();
parameters.Add ( KeyValuePair.Create ( Parameters.Prompt, new StringValues ( prompt ) ) );
var redirectUri = Request.PathBase + Request.Path + QueryString.Create ( parameters );
return Challenge (
authenticationSchemes: CookieAuthenticationDefaults.AuthenticationScheme,
properties: new AuthenticationProperties
{
RedirectUri = redirectUri
} );
}
// Retrieve the profile of the logged in user.
var principal = result.Principal;
// Retrieve the application details from the database.
var application = await ApplicationManager.FindByClientIdAsync ( request.ClientId ) ??
throw new InvalidOperationException ( "Details concerning the calling client application cannot be found." );
// Retrieve the permanent authorizations associated with the user and the calling client application.
var subject = await UserManager.GetUserIdAsync ( principal );
var client = await ApplicationManager.GetIdAsync ( application );
var scopes = request.GetScopes ();
var authorizations = await AuthorizationManager.FindAsync (
subject: subject,
client: client,
status: Statuses.Valid,
type: AuthorizationTypes.Permanent,
scopes: scopes ).ToListAsync ();
var consentType = await ApplicationManager.GetConsentTypeAsync ( application );
switch ( consentType )
{
// If the consent is external (e.g when authorizations are granted by a sysadmin),
// immediately return an error if no authorization can be found in the database.
case ConsentTypes.External when !authorizations.Any ():
return Forbid (
authenticationSchemes: OpenIddictServerAspNetCoreDefaults.AuthenticationScheme,
properties: new AuthenticationProperties ( new Dictionary<string, string>
{
[ OpenIddictServerAspNetCoreConstants.Properties.Error ] = Errors.ConsentRequired,
[ OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription ] =
"The logged in user is not allowed to access this client application."
} ) );
// If the consent is implicit or if an authorization was found,
// return an authorization response without displaying the consent form.
case ConsentTypes.Implicit:
case ConsentTypes.External when authorizations.Any ():
case ConsentTypes.Explicit when authorizations.Any () && !request.HasPrompt ( Prompts.Consent ):
// Create the claims-based identity that will be used by OpenIddict to generate tokens.
var claimsIdentity = new ClaimsIdentity (
authenticationType: OpenIddictServerAspNetCoreDefaults.AuthenticationScheme );
// nameType: Claims.Name );
// roleType: Claims.Role );
var username = await UserManager.GetUsernameAsync ( principal );
var user = await UserManager.FindByUsernameAsync ( username );
// Add the claims that will be persisted in the tokens.
claimsIdentity.SetClaim ( Claims.Subject, user.Id.ToString () )
//.SetClaim ( Claims.Email, userGetEmail )
.SetClaim ( Claims.Username, user.Username );
// Note: in this sample, the granted scopes match the requested scope
// but you may want to allow the user to uncheck specific scopes.
// For that, simply restrict the list of scopes before calling SetScopes.
claimsIdentity.SetScopes ( request.GetScopes () );
claimsIdentity.SetResources ( await ScopeManager.ListResourcesAsync ( claimsIdentity.GetScopes () ).ToListAsync () );
// Automatically create a permanent authorization to avoid requiring explicit consent
// for future authorization or token requests containing the same scopes.
var authorization = authorizations.LastOrDefault ();
authorization ??= await AuthorizationManager.CreateAsync (
identity: claimsIdentity,
subject: user.Id.ToString (),
client: await ApplicationManager.GetIdAsync ( application ),
type: AuthorizationTypes.Permanent,
scopes: claimsIdentity.GetScopes () );
claimsIdentity.SetAuthorizationId ( await AuthorizationManager.GetIdAsync ( authorization ) );
claimsIdentity.SetDestinations ( claim => new [] { Destinations.AccessToken } );
var signinResult = SignIn ( new ClaimsPrincipal ( claimsIdentity ), properties: null, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme );
return signinResult;
//return SignIn ( new ClaimsPrincipal ( claimsIdentity ), OpenIddictServerAspNetCoreDefaults.AuthenticationScheme );
//break;
// At this point, no authorization was found in the database and an error must be returned
// if the client application specified prompt=none in the authorization request.
case ConsentTypes.Explicit when request.HasPrompt ( Prompts.None ):
case ConsentTypes.Systematic when request.HasPrompt ( Prompts.None ):
return Forbid (
authenticationSchemes: OpenIddictServerAspNetCoreDefaults.AuthenticationScheme,
properties: new AuthenticationProperties ( new Dictionary<string, string>
{
[ OpenIddictServerAspNetCoreConstants.Properties.Error ] = Errors.ConsentRequired,
[ OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription ] =
"Interactive user consent is required."
} ) );
}
}
catch ( Exception ex )
{
throw;
}
return Ok ();
}
//[ Authorize ( AuthenticationSchemes = OpenIddictServerAspNetCoreDefaults.AuthenticationScheme )]
[HttpPost ( "~/connect/token" )]
public async Task<IActionResult> Exchange ()
{
var request = HttpContext.GetOpenIddictServerRequest () ??
throw new InvalidOperationException ( "The OpenID Connect request cannot be retrieved." );
ClaimsPrincipal claimsPrincipal;
if ( request.IsClientCredentialsGrantType () )
{
// Note: the client credentials are automatically validated by OpenIddict:
// if client_id or client_secret are invalid, this action won't be invoked.
var application = await ApplicationManager.FindByClientIdAsync ( request.ClientId );
if ( application == null )
{
throw new InvalidOperationException ( "The application details cannot be found in the database." );
}
// Create the claims-based identity that will be used by OpenIddict to generate tokens.
var identity = new ClaimsIdentity (
authenticationType: TokenValidationParameters.DefaultAuthenticationType,
nameType: Claims.Name,
roleType: Claims.Role );
// Add the claims that will be persisted in the tokens (use the client_id as the subject identifier).
identity.SetClaim ( Claims.Audience, "gt_resource_server" );
identity.SetClaim ( Claims.Subject, await ApplicationManager.GetClientIdAsync ( application ) );
identity.SetClaim ( Claims.Name, await ApplicationManager.GetDisplayNameAsync ( application ) );
// Note: In the original OAuth 2.0 specification, the client credentials grant
// doesn't return an identity token, which is an OpenID Connect concept.
//
// As a non-standardized extension, OpenIddict allows returning an id_token
// to convey information about the client application when the "openid" scope
// is granted (i.e specified when calling principal.SetScopes()). When the "openid"
// scope is not explicitly set, no identity token is returned to the client application.
// Set the list of scopes granted to the client application in access_token.
identity.SetScopes ( request.GetScopes () );
identity.SetResources ( await ScopeManager.ListResourcesAsync ( identity.GetScopes () ).ToListAsync () );
identity.SetDestinations ( claim => new [] { Destinations.AccessToken } );
return SignIn ( new ClaimsPrincipal ( identity ), OpenIddictServerAspNetCoreDefaults.AuthenticationScheme );
}
else if ( request.IsPasswordGrantType () )
{
var user = await UserManager.FindByUsernameAsync ( request.Username );
if ( user == null )
{
var properties = new AuthenticationProperties ( new Dictionary<string, string>
{
[ OpenIddictServerAspNetCoreConstants.Properties.Error ] = Errors.InvalidGrant,
[ OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription ] =
"The username/password couple is invalid."
} );
return Forbid ( properties, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme );
}
// Validate the username/password parameters and ensure the account is not locked out.
var res = await UserManager.SigninAsync ( request.Username, request.Password );
if ( !res )
{
var properties = new AuthenticationProperties ( new Dictionary<string, string>
{
[ OpenIddictServerAspNetCoreConstants.Properties.Error ] = Errors.InvalidGrant,
[ OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription ] =
"The username/password couple is invalid."
} );
return Forbid ( properties, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme );
}
// Create the claims-based identity that will be used by OpenIddict to generate tokens.
var identity = new ClaimsIdentity (
authenticationType: TokenValidationParameters.DefaultAuthenticationType );
//nameType: Claims.Name,
//roleType: Claims.Role );
// Add the claims that will be persisted in the tokens.
identity.SetClaim ( Claims.Subject, user.Id )
//.SetClaim ( Claims.Email, user.Email )
.SetClaim ( Claims.Username, user.Username );
// Set the list of scopes granted to the client application.
identity.SetScopes ( new []
{
Scopes.OpenId, "gtapi"
}.Intersect ( request.GetScopes () ) );
identity.SetDestinations ( claim => new [] { Destinations.AccessToken } );
return SignIn ( new ClaimsPrincipal ( identity ), OpenIddictServerAspNetCoreDefaults.AuthenticationScheme );
}
else if ( request.IsAuthorizationCodeGrantType () )
{
// Retrieve the claims principal stored in the authorization code
claimsPrincipal = ( await HttpContext.AuthenticateAsync ( OpenIddictServerAspNetCoreDefaults.AuthenticationScheme ) ).Principal;
}
else if ( request.IsRefreshTokenGrantType () )
{
// Retrieve the claims principal stored in the refresh token.
claimsPrincipal = ( await HttpContext.AuthenticateAsync ( OpenIddictServerAspNetCoreDefaults.AuthenticationScheme ) ).Principal;
}
else
{
throw new InvalidOperationException ( "The specified grant type is not supported." );
}
// Returning a SignInResult will ask OpenIddict to issue the appropriate access/identity tokens.
var result = SignIn ( claimsPrincipal, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme );
return result;
}
[Authorize ( AuthenticationSchemes = OpenIddictServerAspNetCoreDefaults.AuthenticationScheme )]
[HttpGet ( "~/connect/userinfo" )]
public async Task<IActionResult> Userinfo ()
{
var id = User.GetClaim ( Claims.Subject );
var user = await UserManager.FindByIdAsync ( id );
if ( user == null )
{
return Challenge (
authenticationSchemes: OpenIddictServerAspNetCoreDefaults.AuthenticationScheme,
properties: new AuthenticationProperties ( new Dictionary<string, string>
{
[ OpenIddictServerAspNetCoreConstants.Properties.Error ] = Errors.InvalidToken,
[ OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription ] =
"The specified access token is bound to an account that no longer exists."
} ) );
}
var claims =
new Dictionary<string, object> ( StringComparer.Ordinal )
{
// Note: the "sub" claim is a mandatory claim and must be included in the JSON response.
[ Claims.Subject ] = user.Id.ToString ()
};
if ( User.HasScope ( Scopes.Email ) )
{
claims [ Claims.Email ] = user.Email;
claims [ Claims.EmailVerified ] = true;
}
/*
if ( User.HasScope ( Scopes.Phone ) )
{
claims [ Claims.PhoneNumber ] = await UserManager.GetPhoneNumberAsync ( user );
claims [ Claims.PhoneNumberVerified ] = await UserManager.IsPhoneNumberConfirmedAsync ( user );
}
if ( User.HasScope ( Scopes.Roles ) )
{
claims [ Claims.Role ] = await UserManager.GetRolesAsync ( user );
}
*/
// Note: the complete list of standard claims supported by the OpenID Connect specification
// can be found here: http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
return Ok ( claims );
}
private static IEnumerable<string> GetDestinations ( Claim claim )
{
// Note: by default, claims are NOT automatically included in the access and identity tokens.
// To allow OpenIddict to serialize them, you must attach them a destination, that specifies
// whether they should be included in access tokens, in identity tokens or in both.
switch ( claim.Type )
{
case Claims.Name:
yield return Destinations.AccessToken;
if ( claim.Subject.HasScope ( Scopes.Profile ) )
yield return Destinations.IdentityToken;
yield break;
case Claims.Email:
yield return Destinations.AccessToken;
if ( claim.Subject.HasScope ( Scopes.Email ) )
yield return Destinations.IdentityToken;
yield break;
case Claims.Role:
yield return Destinations.AccessToken;
if ( claim.Subject.HasScope ( Scopes.Roles ) )
yield return Destinations.IdentityToken;
yield break;
// Never include the security stamp in the access and identity tokens, as it's a secret value.
case "AspNet.Identity.SecurityStamp": yield break;
default:
yield return Destinations.AccessToken;
yield break;
}
}
In Setup code EnableUserinfoEndpointPassthrough is called does this allow my UserInfo to called?
It's the same exact root cause as the other issue, you just forgot to add a .ToString()
.
@kevinchalet thank you for your help