1

When performing an ajax call into my MVC application more than 5 minutes after my AccessTokenLifetime, the ClaimsPrincipal value for access_token is null.

I have tried RequestAuthorizationCodeAsync and RequestRefreshTokenAsync, using cached values of code & redirect_uri, and refresh_token respectively, but these calls both return an invalid_grant error. Our openId-configuration does list authorization_code and refresh_token under grant_types_supported. I have tried running this code before timeout, and I get the same error for both calls.

Is the fact that the request is coming in from javascript preventing me from getting a new access code? Thanks in advance for your consideration and help

Here are some samples of my setup:

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    AuthenticationType = "Cookies",
    SlidingExpiration = true,
    ExpireTimeSpan = TimeSpan.FromMinutes(60)
});

app.Map("/js", api =>
{
    api.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
    {
        Authority = Constants.IdentityServerUrl,
        RequiredScopes = new[] { "scope1", "offline_access" },
        ValidationMode = ValidationMode.Both
    });
});

if (string.IsNullOrEmpty(accessToken))
{
    var client = new TokenClient(
        Identity.Constants.TokenEndpoint,
        Identity.Constants.IdentityClientId,
        Identity.Constants.IdentityClientSecret);
    var tokenResponse = client.RequestRefreshTokenAsync(refreshToken).Result;

Identity Server Logs

9/26/2016, 2:30:59 PM - REQUEST GET /api/users Request URL: local-urlcode: 401Server response time: 15.26 msRequest URL base: /api/users

9/26/2016, 2:30:59 PM - CUSTOM EVENT Secret validator success: {0} Device type: PC

9/26/2016, 2:30:59 PM - CUSTOM EVENT End token request Device type: PC

9/26/2016, 2:30:59 PM - CUSTOM EVENT Returning error: invalid_grant Device type: PC

9/26/2016, 2:30:59 PM - CUSTOM EVENT Start token request validation Device type: PC

9/26/2016, 2:30:59 PM - CUSTOM EVENT Invalid authorization code: f2e8a4ce0eef941ab883344559a7183e { "ClientId": "identitymgmt", "ClientName": "Identity Management", "GrantType": "authorization_code", "AuthorizationCode": "f2e8a4ce0eef941ab883344559a7183e", "... Device type: PC

9/26/2016, 2:30:59 PM - CUSTOM EVENT Client validation success Device type: PC

9/26/2016, 2:30:59 PM - CUSTOM EVENT Start validation of authorization code token request Device type: PC

9/26/2016, 2:30:58 PM - CUSTOM EVENT Start token request Device type: PC

9/26/2016, 2:30:58 PM - CUSTOM EVENT Parser found secret: {0} Device type: PC

9/26/2016, 2:30:58 PM - CUSTOM EVENT Start parsing Basic Authentication secret Device type: PC

9/26/2016, 2:30:58 PM - CUSTOM EVENT No secret in post body found Device type: PC

9/26/2016, 2:30:58 PM - CUSTOM EVENT Secret id found: {0} Device type: PC

9/26/2016, 2:30:58 PM - CUSTOM EVENT client_id is not found in post body Device type: PC

9/26/2016, 2:30:58 PM - CUSTOM EVENT Start parsing for X.509 certificate Device type: PC

9/26/2016, 2:30:58 PM - CUSTOM EVENT Start client validation Device type: PC

9/26/2016, 2:30:58 PM - CUSTOM EVENT Start parsing for secret in post body Device type: PC

9/26/2016, 2:30:58 PM - REQUEST POST /core/connect/token Request URL: http :// [idp-server-address] /core/connect/tokenResponse code: 400Server response time: 23.62 msRequest URL base: /core/connect/token

9/26/2016, 2:30:58 PM - CUSTOM EVENT End token request Device type: PC

9/26/2016, 2:30:58 PM - CUSTOM EVENT Returning error: invalid_grant Device type: PC

9/26/2016, 2:30:58 PM - CUSTOM EVENT Invalid authorization code: f2e8a4ce0eef941ab883344559a7183e { "ClientId": "identitymgmt", "ClientName": "Identity Management", "GrantType": "authorization_code", "AuthorizationCode": "f2e8a4ce0eef941ab883344559a7183e", "... Device type: PC

9/26/2016, 2:30:58 PM - CUSTOM EVENT Start validation of authorization code token request Device type: PC

9/26/2016, 2:30:58 PM - CUSTOM EVENT Start token request validation Device type: PC

9/26/2016, 2:30:58 PM - CUSTOM EVENT Secret validator success: {0} Device type: PC

9/26/2016, 2:30:58 PM - CUSTOM EVENT Client validation success Device type: PC

9/26/2016, 2:30:58 PM - CUSTOM EVENT Parser found secret: {0} Device type: PC

9/26/2016, 2:30:58 PM - CUSTOM EVENT Secret id found: {0} Device type: PC

9/26/2016, 2:30:58 PM - CUSTOM EVENT Start parsing Basic Authentication secret Device type: PC

9/26/2016, 2:30:58 PM - CUSTOM EVENT Start parsing for secret in post body Device type: PC

9/26/2016, 2:30:58 PM - CUSTOM EVENT No secret in post body found Device type: PC

9/26/2016, 2:30:58 PM - CUSTOM EVENT client_id is not found in post body Device type: PC

9/26/2016, 2:30:58 PM - CUSTOM EVENT Start parsing for X.509 certificate Device type: PC

9/26/2016, 2:30:58 PM - CUSTOM EVENT Start client validation Device type: PC

9/26/2016, 2:30:58 PM - CUSTOM EVENT Start token request Device type: PC

9/26/2016, 2:30:58 PM - REQUEST POST /core/connect/token Request URL: http: // [idp-server-address] /core/connect/tokenResponse code: 400Server response time: 584.15 msRequest URL base: /core/connect/token

user3246499
  • 11
  • 1
  • 4
  • Does your IdentityServer configuration have the offline_access scope set for your client? Also see http://stackoverflow.com/questions/31385593/identity-server-not-returning-refresh-token – ranieuwe Sep 26 '16 at 19:01
  • My client does have offline_access scope in ScopeRestrictions. Thanks for the link. I do have a refresh token: I'm unable to use it to get a new access_token. – user3246499 Sep 26 '16 at 19:07
  • I recommend taking a look at the IdSrv3 logs to see what is causing the invalid_grant error. – ranieuwe Sep 26 '16 at 19:10
  • Did you ever figure this out? We're having a similar problem. – Sam Mar 08 '19 at 17:58

0 Answers0