Open Closed

"error": "invalid_grant", "error_description": "The specified token is invalid." #9981


User avatar
0
LiSong created

I am creating a react app and use the SSO, it worked locally, however, the production env gives me this error

{ "error": "invalid_grant", "error_description": "The specified token is invalid.", "error_uri": "https://documentation.openiddict.com/errors/ID2004" }

from Request URL https://trust.itotem.io/connect/token Request Method POST

any suggestions


9 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Can you check and share the logs.txt of https://trust.itotem.io website?

    Thanks.

  • User Avatar
    0
    LiSong created

    2025-10-10 04:09:46.295 +00:00 [Information] The authorization request was successfully validated. 2025-10-10 04:09:46.331 +00:00 [Information] Executing endpoint '"Volo.Abp.OpenIddict.Controllers.AuthorizeController.HandleAsync (Volo.Abp.OpenIddict.AspNetCore)"' 2025-10-10 04:09:46.332 +00:00 [Information] Route matched with "{action = "Handle", controller = "Authorize", area = "", page = ""}". Executing controller action with signature "System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] HandleAsync()" on controller "Volo.Abp.OpenIddict.Controllers.AuthorizeController" ("Volo.Abp.OpenIddict.AspNetCore"). 2025-10-10 04:09:46.332 +00:00 [Information] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy 2025-10-10 04:09:46.465 +00:00 [Information] Executing SignInResult with authentication scheme ("OpenIddict.Server.AspNetCore") and the following principal: "System.Security.Claims.ClaimsPrincipal". 2025-10-10 04:09:46.644 +00:00 [Information] The authorization response was successfully returned to '"https://gray-rock-056a6cb1e.2.azurestaticapps.net/signin-oidc"' using the query response mode: "{ "code": "[redacted]", "state": "b0g5g4", "iss": "https://trust.itotem.io/", "culture": "en", "ui-culture": "en" }". 2025-10-10 04:09:46.644 +00:00 [Information] Executed action "Volo.Abp.OpenIddict.Controllers.AuthorizeController.HandleAsync (Volo.Abp.OpenIddict.AspNetCore)" in 312.6752ms 2025-10-10 04:09:46.650 +00:00 [Information] Request finished "HTTP/1.1" "GET" "https"://"trust.itotem.io""""/connect/authorize""?client_id=Tapp_App_gray&response_type=code&scope=offline_access+Tapp&redirect_uri=https%3A%2F%2Fgray-rock-056a6cb1e.2.azurestaticapps.net%2Fsignin-oidc&code_challenge=pYIZGk8YxxxxWa8 DNDakcLe84&code_challenge_method=S256&state=b0g5g4" - 302 null null 418.6565ms 2025-10-10 04:09:47.952 +00:00 [Information] Request starting "HTTP/1.1" "POST" "https"://"trust.itotem.io""""/connect/token""" - "application/x-www-form-urlencoded" 301 2025-10-10 04:09:47.952 +00:00 [Information] CORS policy execution successful. 2025-10-10 04:09:47.952 +00:00 [Information] The request URI matched a server endpoint: Token. 2025-10-10 04:09:47.953 +00:00 [Information] The token request was successfully extracted: "{ "grant_type": "authorization_code", "client_id": "Tapp_App_gray", "client_secret": "[redacted]", "code": "[redacted]", "redirect_uri": "https://gray-rock-056a6cb1e.2.azurestaticapps.net/signin-oidc", "code_verifier": "mOMqU5xxxxxx" }". 2025-10-10 04:09:48.051 +00:00 [Information] The response was successfully returned as a JSON document: "{ "error": "invalid_grant", "error_description": "The specified token is invalid.", "error_uri": "https://documentation.openiddict.com/errors/ID2004" }". 2025-10-10 04:09:48.051 +00:00 [Information] Request finished "HTTP/1.1" "POST" "https"://"trust.itotem.io""""/connect/token""" - 400 161 "application/json;charset=UTF-8" 99.2881ms 2025-10-10 04:09:49.158 +00:00 [Information] Start processing HTTP request "GET" "http://greendrop9-prod-pre.azurewebsites.net/health-status" 2025-10-10 04:09:49.166 +00:00 [Information] End processing HTTP request after 8.0969ms - 200 2025-10-10 04:12:22.050 +00:00 [Information] Request starting "HTTP/1.1" "HEAD" "https"://"trust.itotem.io""""/""" - null null 2025-10-10 04:12:22.052 +00:00 [Information] Authorization failed. "These requirements were not met: DenyAnonymousAuthorizationRequirement: Requires an authenticated user." 2025-10-10 04:12:22.140 +00:00 [Information] Executing endpoint '"/Account/Login"' 2025-10-10 04:12:22.253 +00:00 [Information] Executing handler method "Volo.Abp.Account.Public.Web.Pages.Account.LoginModel.OnGetAsync" - ModelState is Invalid 2025-10-10 04:12:22.306 +00:00 [Information] Executed handler method "OnGetAsync", returned result "Microsoft.AspNetCore.Mvc.RazorPages.PageResult". 2025-10-10 04:12:23.885 +00:00 [Information] Executed page "/Account/Login" in 1744.5354ms 2025-10-10 04:13:46.988 +00:00 [Information] Request starting "HTTP/1.1" "GET" "https"://"trust.itotem.io""""/connect/token""" - null null 2025-10-10 04:13:46.990 +00:00 [Information] The request was rejected because an invalid HTTP method was specified: "GET". 2025-10-10 04:13:47.748 +00:00 [Information] Request starting "HTTP/1.1" "GET" "https"://"trust.itotem.io""""/Error""?httpStatusCode=404" - null null 2025-10-10 04:13:47.752 +00:00 [Information] Executing endpoint '"Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)"' 2025-10-10 04:13:47.821 +00:00 [Information] Executing ViewResult, running view "~/Views/Error/404.cshtml". 2025-10-10 04:13:48.968 +00:00 [Information] Request finished "HTTP/1.1" "GET" "https"://"trust.itotem.io""""/Error""?httpStatusCode=404" - 404 null "text/html; charset=utf-8" 1223.0922ms 2025-10-10 04:13:58.310 +00:00 [Information] Request starting "HTTP/1.1" "GET" "https"://"trust.itotem.io""""/""" - null null 2025-10-10 04:13:58.315 +00:00 [Information] Authorization failed. "These requirements were not met: DenyAnonymousAuthorizationRequirement: Requires an authenticated user."

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Please set your log level to Debug and share the full logs.txt to liming.ma@volosoft.com

    see https://abp.io/support/questions/8622/How-to-enable-Debug-logs-for-troubleshoot-problems

    Thanks.

  • User Avatar
    0
    LiSong created

    thanks, will do. by the way, how can I see the source code for this endpoint: connect/token?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    The source code ofconnect/token is in the OpenIddict library, and it is not a single endpoint. It has many handlers.

    Thanks.

  • User Avatar
    0
    LiSong created

    just sent, thanks

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    the production env gives me this error

    Can you share your EncryptionAndSigningCertificate code?

    if (!hostingEnvironment.IsDevelopment())
    {
        PreConfigure<AbpOpenIddictAspNetCoreOptions>(options =>
        {
            options.AddDevelopmentEncryptionAndSigningCertificate = false;
        });
    
        PreConfigure<OpenIddictServerBuilder>(serverBuilder =>
        {
            serverBuilder.AddProductionEncryptionAndSigningCertificate("openiddict.pfx", configuration["AuthServer:CertificatePassPhrase"]!);
            serverBuilder.SetIssuer(new Uri(configuration["AuthServer:Authority"]!));
        });
    }
    
  • User Avatar
    0
    LiSong created

    I have just sent you via email thx

  • User Avatar
    0
    LiSong created

    I manually created the new application here, should I update db migrator, add the application in and run it?

    "OpenIddict": { "Applications": { "Tapp_Web_Public": { "ClientId": "Tapp_Web_Public", "ClientSecret": "xxxxx", "RootUrl": "https://trust.itotem.io" },

    1. maybe it has sth to do with the way I created this new application, do you have an instruction for this?

    2. when should we use public client vs confidential client, I am using a react app to connect, should I use public client?

    3. what's hybird flow, password flow, etc..

    4. what's extension grant types

Boost Your Development
ABP Live Training
Packages
See Trainings
Mastering ABP Framework Book
The Official Guide
Mastering
ABP Framework
Learn More
Mastering ABP Framework Book
Made with ❤️ on ABP v10.1.0-preview. Updated on October 07, 2025, 05:59