Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Identity Server4 connect/token endpoint gives 400 Bad Request

We are using EntityFrameworkCore with Identity Server4. After initial setup, the discovery endpoint of identity server (localhost:6000/.well-known/openid-configuration) is working fine. When we tried to call the connect/token endpoint from postman it gives 400 bad request response. Here is our client:

public static IEnumerable<Client> GetClients()
{
    return new List<Client>
    {
        new Client
        {
            ClientId = "client",

            // no interactive user, use the clientid/secret for authentication
            AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,

            // secret for authentication
            ClientSecrets =
            {
                new Secret("secret".Sha256())
            },

            // scopes that client has access to
            AllowedScopes = { ApiResourceName.Sup_Api.Description() }
        },
        new Client
        {
            ClientId = "client2",

            // no interactive user, use the clientid/secret for authentication
            AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,

            // secret for authentication
            ClientSecrets =
            {
                new Secret("secret".Sha256())
            },

            // scopes that client has access to
            AllowedScopes = { "sup"}
        }
    };
}

Here is postman connect/token post request:

http://localhost:6000/connect/token
  ?client_id=client2
  &client_secret=secret
  &grant_type=client_credentials
  &scope=sup

Response:

{
    "error": "invalid_request"
}
like image 642
Rakesh Kumar Avatar asked Feb 26 '18 07:02

Rakesh Kumar


Video Answer


2 Answers

You don't pass the parameters via the query string. It's meant to be in the body, using a content type of application/x-www-form-urlencoded.

See: https://www.rfc-editor.org/rfc/rfc6749#section-4.1.3

like image 106
Scott Brady Avatar answered Nov 14 '22 14:11

Scott Brady


Make it HTTP POST request instead of browser's HTTP GET request

like image 43
Can PERK Avatar answered Nov 14 '22 13:11

Can PERK