I have created an Identity Server by using .net core 3.1 but when I tried to get token I'm taking this error.

Here is my appsettings.json file

"Clients": [
  {
    "ClientId": "portal-api",
    "AlwaysIncludeUserClaimsInIdToken": true,
    "AllowOfflineAccess": true, //support refresh tokens
    "AccessTokenLifetime": 3600,
    "RequireConsent": false,
    "ClientSecrets": [ { "Value": "lxl76J788Cvf1ds8CQJuFYGwTi7e3BXGCRK2JIUekmk=" } ],
    "AllowedGrantTypes": [ "password", "code" ],
    "AllowedScopes": [ "rest.auth" ],
    "RefreshTokenUsage": "OneTimeOnly",
    "RequireClientSecret": true,
    "Enabled": true
  }
]

},

CodePudding user response：

If you look here you see that the appsettings should start with the IdentityServer object, like:

"IdentityServer": {
    "IssuerUri": "urn:sso.company.com",
    "Clients": [
        {
            "Enabled": true,
            "ClientId": "local-dev",
            "ClientName": "Local Development",
            "ClientSecrets": [ { "Value": "<Insert Sha256 hash of the secret encoded as Base64 string>" } ],
            "AllowedGrantTypes": [ "client_credentials" ],
            "AllowedScopes": [ "api1" ],
        }
    ]
}

CodePudding user response：

Not directly related to your question, but using password grant is against current best practices, see https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-18#section-2.4 for details.

I would also recommend to not allow multiple grant types for a single client, as this broadens possible attack vectors.