I have created an Identity Server by using .net core 3.1 but when I tried to get token I'm taking this error.
Here is my appsettings.json file
"Clients": [
{
"ClientId": "portal-api",
"AlwaysIncludeUserClaimsInIdToken": true,
"AllowOfflineAccess": true, //support refresh tokens
"AccessTokenLifetime": 3600,
"RequireConsent": false,
"ClientSecrets": [ { "Value": "lxl76J788Cvf1ds8CQJuFYGwTi7e3BXGCRK2JIUekmk=" } ],
"AllowedGrantTypes": [ "password", "code" ],
"AllowedScopes": [ "rest.auth" ],
"RefreshTokenUsage": "OneTimeOnly",
"RequireClientSecret": true,
"Enabled": true
}
]
},
CodePudding user response:
If you look here you see that the appsettings should start with the IdentityServer object, like:
"IdentityServer": {
"IssuerUri": "urn:sso.company.com",
"Clients": [
{
"Enabled": true,
"ClientId": "local-dev",
"ClientName": "Local Development",
"ClientSecrets": [ { "Value": "<Insert Sha256 hash of the secret encoded as Base64 string>" } ],
"AllowedGrantTypes": [ "client_credentials" ],
"AllowedScopes": [ "api1" ],
}
]
}
CodePudding user response:
Not directly related to your question, but using password grant is against current best practices, see https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-18#section-2.4 for details.
I would also recommend to not allow multiple grant types for a single client, as this broadens possible attack vectors.