Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Simple Password Grant fails after alpha2-0410
See original GitHub issueI am able to get a token via password grant flow on version 1.0.0-alpha2-0410 and older, but in any newer versions (NuGet skips forward to 0417) password grant won’t give me a token, it 404s.
The only clue I have is that when it was working it complained : AspNet.Security.OpenIdConnect.Server.OpenIdConnectServerMiddleware: Information: No explicit audience was associated with the access token.
With newer versions it doesn’t complain about audience but doesn’t give me a token either, just 404s. It complains normally about missing fields if I break the request.
This most of my code, it is very simple with nothing custom added in the database (local MS-SQL).
ConfigureServices
services.AddMvc();
// Add the database context, defaults to scoped; new context for each request.
services.AddDbContext<QbDbContext>(
options => { options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")); });
// Adds Identity to IoC and confugres with the database.
services.AddIdentity<QbUser, IdentityRole>(ConfigureIdentityOptions)
.AddEntityFrameworkStores<QbDbContext>()
.AddDefaultTokenProviders();
services.AddOpenIddict<QbUser, QbDbContext>()
.EnableTokenEndpoint("/api/auth/token") // Password grant route
.AllowPasswordFlow() // Enables password grant
.DisableHttpsRequirement() // TODO: Must unset this in production
.AddEphemeralSigningKey() // TODO: Must unset this in production
.SetAccessTokenLifetime(TimeSpan.FromDays(365));
private static void ConfigureIdentityOptions(IdentityOptions options)
{
options.SignIn.RequireConfirmedEmail = false;
options.SignIn.RequireConfirmedPhoneNumber = true;
options.Password.RequireDigit = false;
options.Password.RequireLowercase = false;
options.Password.RequireUppercase = false;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequiredLength = 8;
}
Configure
app.UseIdentity(); // Authorization using ASP Identity.
app.UseOAuthValidation();
app.UseOpenIddict(); // OpenIddict takes care of the token issuing.
app.UseDefaultFiles();
app.UseStaticFiles();
app.UseMvc();
public class QbUser : OpenIddictUser
{
}
public class QbDbContext : OpenIddictDbContext<QbUser>
{
public QbDbContext(DbContextOptions options) : base(options)
{
}
}
Am I doing something obvious wrong or is there a bug?
Issue Analytics
- State:
- Created 7 years ago
- Comments:7 (4 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
It’s definitely an unwanted consequence of the recent design change I mentioned. Looks like we’ll have to rework it a bit 😄
Will be fixed by https://github.com/openiddict/openiddict-core/pull/203. The approach I have in mind is to make having your own “token endpoint action” mandatory to support password token requests. i.e you’ll have to include something like that in your project:
(of course, token requests will still be validated by OpenIddict itself before MVC is invoked)