0

I can successfully call my Api via a web browser. Using IdentityModel works fine. But when I try to call the Api via Fiddler I get invalid_client. My client information comes from a database based on the MembershipReboot Client tables.

I tried passing data via the Post Body and via Authentication basic. Both fail.

When calling using Authentication Basic encoded parameters I have the following>

    User-Agent: Fiddler
Host: qaquasaridentity
Content-Length: 0
Content-Type: application/x-www-form-urlencoded
Authorization: Basic  dGVzdC5hcGk6c2VjcmV0

The actual encoded value in Fiddler shows:

    No Proxy-Authorization Header is present.

Authorization Header is present: Basic  dGVzdC5hcGk6c2VjcmV0
Decoded Username:Password= test.api:secret

When I call using the Post Body for parameters the data passed is:

client_id=test.api
&client_secret=secret
&grant_type=client_credentials
&scope=testapi

The Server log says

2017-01-20 12:06:13.968 -06:00 [Debug] Start client validation
2017-01-20 12:06:13.971 -06:00 [Debug] Start parsing Basic Authentication secret
2017-01-20 12:06:13.973 -06:00 [Debug] Start parsing for secret in post body
2017-01-20 12:06:13.973 -06:00 [Debug] No secret in post body found
2017-01-20 12:06:13.976 -06:00 [Debug] Start parsing for X.509 certificate
2017-01-20 12:06:13.976 -06:00 [Debug] client_id is not found in post body
w3wp.exe Information: 0 : 2017-01-20 12:06:13.976 -06:00 [Information] Parser found no secret
w3wp.exe Information: 0 : 2017-01-20 12:06:13.981 -06:00 [Information] No client secret found
w3wp.exe Information: 0 : 2017-01-20 12:06:13.983 -06:00 [Information] End token request
w3wp.exe Information: 0 : 2017-01-20 12:06:13.988 -06:00 [Information] Returning error: invalid_client

enter image description here I have the client_id and client_secret but the error log says otherwise. Can anyone explain what I am doing wrong? I can get my access_token via .NET on the backend but not via Fiddler.

Nate
  • 2,044
  • 4
  • 23
  • 47

1 Answers1

1

enter image description hereThe token endpoint does not take JSON, but form-data.

POST /connect/token

grant_type=client_credentials&client_id=test.api&client_secret=secret&scope=api

http://openid.net/specs/openid-connect-core-1_0.html#TokenRequest https://identityserver.github.io/Documentation/docsv2/endpoints/token.html

John Korsnes
  • 2,277
  • 2
  • 20
  • 31
  • I get the same error doing that as well. But the error log now says invalid hashing algorithm. I am providing the information via the PostBody as in your example. – Nate Jan 20 '17 at 20:33
  • Looks like there's en extra white space between "Basic " and your base64 encoded clientid:clientsecret. Could that be it? – John Korsnes Jan 20 '17 at 20:36
  • Isn't Authentication basic optional? if I use the PostBody as in your example then I do not need Authentication Basic XXXXX. Correct? – Nate Jan 20 '17 at 20:37
  • Not sure what you're doing wrong - it works fine against the demo site (see pic) – John Korsnes Jan 20 '17 at 20:44
  • The error of "invalid hashing algorithm" : how are you storing the secrets? Are they stored hashed using sha256 or sha512? https://github.com/IdentityServer/IdentityServer3/blob/93bc6bc9b536146b9e3fa0bed21d77283d07f788/source/Core/Validation/HashedSharedSecretValidator.cs#L85 – John Korsnes Jan 20 '17 at 20:54
  • Yes it is stored as a Sha256 hash – Nate Jan 21 '17 at 02:48
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/133698/discussion-between-john-korsnes-and-nate). – John Korsnes Jan 21 '17 at 10:54
  • I will contact you via the chat in the morning. Thanks – Nate Jan 23 '17 at 04:55
  • did this get resolved? i have a client_credential grant type with the same issue. – Jeyenne Sep 26 '19 at 22:05