Good day everyone,
So I successfully integrated IdentityServer 4 using AspNet Identity for authentication into my project. It redirects to the client after authentication, so thats fine. The problem now is that I would like to get the user details on the client, like their username, email, firstname and lastname. I wanted to call the userinfo endpoint with a token, but I cannot get a token. I get the following errors:
- Client not authorized for client credentials flow, check the AllowedGrantTypes setting - When I use
GrantType.AuthorizationCode in client config - client cannot request openid scopes in client credentials flow - When I use
GrantType.ClientCredentials
The The client has been setup in startup.cs as;
services.AddAuthentication(options =>
{
options.DefaultScheme = "cookie";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie("cookie")
.AddOpenIdConnect("oidc", options =>
{
options.Authority = ConfigurationManager.AppSettings["AuthorityUrl"];
options.ClientId = ConfigurationManager.AppSettings["ClientId"];
options.ClientSecret = ConfigurationManager.AppSettings["ClientSecret"];
options.RequireHttpsMetadata = false;
options.GetClaimsFromUserInfoEndpoint = true;
options.ResponseType = "code";
options.UsePkce = true;
options.ResponseMode = "query";
options.Scope.Add("openid");
options.Scope.Add("profile");
options.SaveTokens = true;
});
And my client configuration currently is as follows;
new Client
{
ClientName = "Admin Client",
ClientId = "admin.client",
AllowedGrantTypes = GrantTypes.Code,
ClientSecrets = { new Secret("secretkey".Sha256()) },
AllowedScopes =new List<string> {
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile
},
RedirectUris = {"https://localhost:44324/signin-oidc"},
FrontChannelLogoutUri = "https://localhost:44324/signout-oidc",
PostLogoutRedirectUris = {"https://localhost:44324/signout-callback-oidc"},
AllowOfflineAccess = true,
RequirePkce = true,
RequireConsent = false,
AllowPlainTextPkce = false
}
To get token, I do this (when I use GrantType.ClientCredentials in Client config;
using var client = new HttpClient();
var tokenResponse = await client.RequestClientCredentialsTokenAsync(new ClientCredentialsTokenRequest
{
Address = _discoveryDocument.TokenEndpoint,
ClientId = ConfigurationManager.AppSettings["ClientId"],
ClientSecret = ConfigurationManager.AppSettings["ClientSecret"],
Scope = "openid"
});
And I call user like this:
var response = await client.GetUserInfoAsync(new UserInfoRequest
{
Address = _discoveryDocument.UserInfoEndpoint,
Token = token
});
but it never gets to the userinfo though.
Please note that I have been changing the GrantTypes in the client config to Hybrid, AuhorizationCode, it still doesn't work. When I use AuthorizationCode grantType and Use RequestAuthorizationCodeTokenAsync, it request for Code in the parameters, but I don't know how to get the authorization code (sorry, I'm new to this please).
So please how should I configure my client in order to be able to request token that I can use in the userinfo endpoint or is there any way I can get the user info?
Please help. Thanks.
CodePudding user response:
To get the user detail you use Claims
basically you call it like this
@User.Claims.FirstOrDefault(c => c.Type == "name")?.Value (on cshtml page)
or
User.Claims.Where(c => c.Type == "mail").First().Value (on .cs class)