3

I'm trying to create an API for an SPA. I'm using the latest .NET Core, MVC and EF. I'd like to authenticate users using JWT, so I decided to use openiddict core. I've tried setting it up according to the examples at the github page and this blog post. The problem is that I get "The specified grant type is not supported." when requesting a token.

Here's screenshot of postman request: Postman request

Here's my ConfigureServices method:

public void ConfigureServices(IServiceCollection services)
{
    // Add framework services.
    services.AddApplicationInsightsTelemetry(Configuration);

    services.AddMvc();

    services.AddDbContext<ApplicationDbContext>(
        options => options.UseSqlServer(Configuration["Data:DefaultConnection:ConnectionString"])
    );

    services.AddIdentity<ApplicationUser, ApplicationRole>()
        .AddEntityFrameworkStores<ApplicationDbContext>()
        .AddDefaultTokenProviders();

    services.AddOpenIddict<ApplicationDbContext>()
        .UseJsonWebTokens()
        .EnableTokenEndpoint("/connect/token")
        .AllowPasswordFlow()
        .DisableHttpsRequirement()  // TODO: remove in production
        .AddEphemeralSigningKey();  // TODO: replace with a certificate, this should be used for development only
}

And the Configure method:

public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
    loggerFactory.AddConsole(Configuration.GetSection("Logging"));
    loggerFactory.AddDebug();

    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }

    app.UseApplicationInsightsRequestTelemetry();

    app.UseApplicationInsightsExceptionTelemetry();

    // don't use identity as this is a wrapper for using cookies, not needed
    // app.UseIdentity();

    app.UseJwtBearerAuthentication(new JwtBearerOptions
    {
        AutomaticAuthenticate = true,
        AutomaticChallenge = true,
        RequireHttpsMetadata = false,  // TODO: remove, dev only
        Audience = "http://localhost:42443/",  // TODO: ???
        Authority = "http://localhost:42443/"  // TODO: ???
    });

    app.UseOpenIddict();

    app.UseMvcWithDefaultRoute();
}

I'm using the AuthorizationController from the samples to handle the token requests. By observing the contents of the request argument of the Exchange method, which handles the /connect/token requests, I've discovered that it receives all the fields as nulls: Debugger

I have no idea why. The postman request should be correct according to this and this blog post. Where is the problem?

Tseng
  • 61,549
  • 15
  • 193
  • 205
Jan Kalfus
  • 5,422
  • 2
  • 30
  • 38

1 Answers1

4

As mentioned in the samples, you must register the OpenIddict MVC model binder to be able to use OpenIdConnectRequest as an action parameter.

Reference the OpenIddict.Mvc package and call AddMvcBinders and it should work:

services.AddOpenIddict<ApplicationDbContext>()
    // Register the ASP.NET Core MVC binder used by OpenIddict.
    // Note: if you don't call this method, you won't be able to
    // bind OpenIdConnectRequest or OpenIdConnectResponse parameters.
    .AddMvcBinders()

...
Kévin Chalet
  • 39,509
  • 7
  • 121
  • 131
  • Ah, completely missed that part... I didn't even know there was another package required :) That was it! Thanks! :) – Jan Kalfus Oct 22 '16 at 20:32
  • 1
    @HonzaKalfus note that this package is only needed if you want to be able to bind `OpenIdConnectRequest` parameters. You can still use `HttpContext.GetOpenIdConnectRequest()` if you prefer the low-level API. – Kévin Chalet Oct 22 '16 at 22:46