Menu
I am getting the error 'The client application is not known or is not authorized.' when accessing a protected area of my site.
Here's my Clients:
public static class Clients
{
public static IEnumerable<Client> Get()
{
return new[]
{
new Client
{
Enabled = true,
ClientName = "Web Application",
ClientId = "webapplication",
Flow = Flows.AuthorizationCode,
ClientSecrets = new List<Secret>
{
new Secret("webappsecret".Sha256())
},
RedirectUris = new List<string>
{
UrlManager.WebApplication
},
PostLogoutRedirectUris = new List<string>
{
UrlManager.WebApplication
},
AllowedScopes = new List<string>
{
Constants.StandardScopes.OpenId,
Constants.StandardScopes.Profile,
Constants.StandardScopes.Email,
Constants.StandardScopes.Roles,
Constants.StandardScopes.OfflineAccess,
"read",
"write"
}
}
};
}
}
Here's my web application startup:
public class Startup
{
public void Configuration(IAppBuilder app)
{
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies"
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
Authority = UrlManager.AuthenticationService + "identity",
ClientId = "webapplication",
Scope = "openid profile",
ResponseType = "code id_token",
RedirectUri = UrlManager.WebApplication,
SignInAsAuthenticationType = "Cookies"
});
}
}
This is my authentication service (where IDS3 is installed) startup:
public class Startup
{
public void Configuration(IAppBuilder app)
{
app.Map("/identity", idsrvApp =>
{
idsrvApp.UseIdentityServer(new IdentityServerOptions
{
SiteName = "Authentication Service - Embedded IdentityServer",
SigningCertificate = Certificate.LoadCertificate(),
Factory = new IdentityServerServiceFactory()
.UseInMemoryUsers(Users.Get())
.UseInMemoryClients(Clients.Get())
.UseInMemoryScopes(Scopes.Get())
});
});
}
}
This is UrlManager:
public static class UrlManager
{
public static string WebApplication
{
get { return "https://localhost:44381/"; }
}
public static string AuthenticationService
{
get { return "https://localhost:44329/"; }
}
}
This is my Home Controller:
public class HomeController : Controller
{
public ActionResult Index()
{
return View();
}
[Authorize]
public ActionResult Private()
{
return View((User as ClaimsPrincipal).Claims);
}
}
When I access Private I get an Identity Server 3 screen that gives me the error message 'The client application is not known or is not authorized.'.
I have read that this can come from mis-matches in the redirect URIs but as far as I can see mine are correct. I don't know what else can cause it. The application works perfectly if I change the flow to implicit but I want to implement AuthorizationCode flow.
The documentation does not seem to shed any light on this either.
324
I got this error, and the problem was that RedirectUri. in the Authorization server was http://localhost:56840/ and in the Web App was http://localhost:56840. Note the missing "/" at the end of the url.
159
The Client was configured for Authorization Code flow
Flow = Flows.AuthorizationCode
But the response type in the startup is set to hybrid flow.
ResponseType = "code id_token"
Try changing this to
ResponseType = "code" (or Change the Flow type to Hybrid)
Below is the list of ResponseType and corresponding Flow
24
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
