Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Always receiving 'invalid_client' error when POSTing to /Token endpoint with ASP Identity 2

Tags:

About a month ago I had a project working perfectly with ASP Identity OAuth. I'd send a POST request to the /Token endpoint with grant_type, username, and password, and all was dandy.

I recently started a new project based off of Visual Studio 2013 RC2's SPA template. It's a bit different than the old template. Authentication is set up to pretty basic defaults,

OAuthOptions = new OAuthAuthorizationServerOptions
{
    TokenEndpointPath = new PathString("/Token"),
    //AuthorizeEndpointPath = new PathString("/Account/Authorize"), 
    Provider = new ApplicationOAuthProvider(PublicClientId),
    AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
    AllowInsecureHttp = true
};

Nothing significant changed from the default template. I can register accounts successfully through a Web API controller method I have implemented;

    // POST: /Account/Register
    [HttpPost]
    [AllowAnonymous]
    public async Task<IHttpActionResult> Register(RegisterBindingModel model)
    {
        if (ModelState.IsValid)
        {
            var user = new TunrUser() { UserName = model.Email, Email = model.Email, DisplayName = model.DisplayName };
            var result = await UserManager.CreateAsync(user, model.Password);
            if (result.Succeeded)
            {
                return Created(new Uri("/api/Users/" + user.Id,UriKind.Relative), user.toViewModel());
            }
            else
            {
                return BadRequest(result.Errors.First());
            }
        }
        return BadRequest(ModelState);
    }

However, no matter what I POST to the /Token endpoint, I always get the same response.

{"error":"invalid_client"}

Normally I pass the following request body

grant_type=password&username=user%40domain.com&password=userpassword

But this results in the same error. This worked in the previous VS2013 SPA template / Identity. What's changed?

Thank you!

like image 685
Hayden McAfee Avatar asked Apr 29 '14 16:04

Hayden McAfee


2 Answers

You have to Override the ValidateClientAuthentication & GrantResourceOwnerCredentials in the OAuthAuthorizationServerProvider.

See example here: http://www.tugberkugurlu.com/archive/simple-oauth-server-implementing-a-simple-oauth-server-with-katana-oauth-authorization-server-components-part-1

like image 130
Kjartan Valur Þórðarson Avatar answered Sep 22 '22 08:09

Kjartan Valur Þórðarson


So it turns out that the new templates don't include a functional implementation of ApplicationOAuthProvider that was present in the older templates.

After watching this build talk, I investigated further and found that a working implementation of ApplicationOAuthProvider is available to check out in this NuGet package! It's very similar to the old implementation.

like image 40
Hayden McAfee Avatar answered Sep 18 '22 08:09

Hayden McAfee