0

I've been trying to use the code mentioned here:

https://stackoverflow.com/a/35882775/7440281

...as a way of solving my own problems. Basically all I want to do - initially anyway - is call a function of some sort and provide it with a user name and password. The validation would be done externally but has been added to my instance of ResourceOwnerPasswordValidator. Note that the interface seems to have changed between when that was written and the present day. All I'm doing as a very first step is checking for a particular name too to try and keep things simple to start with. This is the current content of my class:

public class ResourceOwnerPasswordValidator : IResourceOwnerPasswordValidator
{
    public Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
    {
        if (context.UserName == "PatrickS")
        {
            var result = new GrantValidationResult("PatrickS", "password");
        }
        else
        {
            var result = new GrantValidationResult(TokenRequestErrors.UnauthorizedClient, "Username Or Password Incorrect");
        }
        return Task.FromResult(result);
    }
}

I have both the interfaces mentioned in the comment defined in the comment. I have referred to them in ConfigureServices using services.AddTransient() too. The problem is that all I currently get is 'unauthorised_client'.

This may or may not be down to the configuration of the Client. This is from the settings of the client in question:

AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
RedirectUris = { "http://localhost:5002/signin-oidc" },
PostLogoutRedirectUris = { "http://localhost:5002" },

The RedirectUris was previously set as part of one the quickstart tutorials. I'm guessing this should be changed to something else but it's not clear what this should be. I'm also not clear whether the AllowedGrantTypes has been correctly set. There may be other things of course but I'm still new to Identityserver.

Community
  • 1
  • 1
Patrick
  • 563
  • 1
  • 4
  • 12

1 Answers1

0

Yes, the problem is undoubtedly to do with your client definition, or the way you are calling the connect/token endpoint. In your Post to the connect/token endpoint make sure you provide: - grant_type ('password' in your case) - client_id - username - password - scope - secret (if you are requiring that in your client definition

In your IdentityServer, where you are defining your clients, make sure that the client_id you are using defined:

  • AllowedGrantTypes (that match the grant_type being requested)
  • RequireClientSecret (true/false, and if true then you need to post it) and define them with ClientSecrets
  • AllowedScopes (to match the scope requested)

How are you testing the IdServer endpoint? Postman is a useful tool for keeping things simple and removing any potential problems with the client itself.

If you are using the GrantType.ResourceOwnerPassword then you don't need (and can't use) the redirect URLs.

Mashton
  • 6,037
  • 2
  • 25
  • 35