Client side introspection issue
See original GitHub issueHi Kevin
I have Introspection set up on my identity server, and I have added the resource name into my ticket like so:
ticket.Principal.SetResources("publicApi");
I can create a ticket in postman, and when I hit the introspection endpoint, I can see it working like so (this token has been revoked):
However, when I use this token to access an endpoint in my client application, it is working as if the token is valid. When I look at my server logs I see that the introspection endpoint is being hit, but that it is querying the OpenIddictApplications table and returning an error saying: “The introspection request was rejected because the client application was not found: ‘{ClientId}’.”
It is not some sort of connection issue, because I can achieve the same result as in Postman if I call /introspect direct from inside my client application. I’m assuming that it is erroring through the client but not through Postman because the client is providing more data and in that case it checks the database - to make this work do I need to put data into the OpenIddictApplications table or can I solve this in the client configuration?
My client config looks like this (I’m not sure what the difference between an Audience and a ClientId is):
services.AddOpenIddict()
.AddValidation(options =>
{
options.SetIssuer(_config["IdentityMicroServiceUrl"]);
options.AddAudiences("publicApi");
options.UseIntrospection()
.SetClientId("publicApi")
.SetClientSecret("846B62D0-DEF9-4215-A99D-86E6B8DAB342");
// Register the System.Net.Http integration.
options.UseSystemNetHttp();
// Register the ASP.NET Core host.
options.UseAspNetCore();
});
Adding this into the server side code made no difference:
options.IgnoreEndpointPermissions()
.IgnoreGrantTypePermissions()
.IgnoreScopePermissions();
I’ve been plugging away at this for a while now, but each step is taking longer and longer, so I would be grateful if you can offer me some pointers to finally getting this working!
Thanks Duncan
Issue Analytics
- State:
- Created 3 years ago
- Comments:9 (4 by maintainers)
Top GitHub Comments
That fixed it, and now this whole process works. Thanks Kevin - it would have taken me forever to find that!
Your ASP.NET Core configuration is invalid: you must register the authentication middleware before the authorization middleware.