I am creating a react app and use the SSO, it worked locally, however, the production env gives me this error
{ "error": "invalid_grant", "error_description": "The specified token is invalid.", "error_uri": "https://documentation.openiddict.com/errors/ID2004" }
from Request URL https://trust.itotem.io/connect/token Request Method POST
any suggestions
9 Answer(s)
-
0
hi
Can you check and share the logs.txt of https://trust.itotem.io website?
Thanks.
-
0
2025-10-10 04:09:46.295 +00:00 [Information] The authorization request was successfully validated. 2025-10-10 04:09:46.331 +00:00 [Information] Executing endpoint '"Volo.Abp.OpenIddict.Controllers.AuthorizeController.HandleAsync (Volo.Abp.OpenIddict.AspNetCore)"' 2025-10-10 04:09:46.332 +00:00 [Information] Route matched with "{action = "Handle", controller = "Authorize", area = "", page = ""}". Executing controller action with signature "System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] HandleAsync()" on controller "Volo.Abp.OpenIddict.Controllers.AuthorizeController" ("Volo.Abp.OpenIddict.AspNetCore"). 2025-10-10 04:09:46.332 +00:00 [Information] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy 2025-10-10 04:09:46.465 +00:00 [Information] Executing SignInResult with authentication scheme ("OpenIddict.Server.AspNetCore") and the following principal: "System.Security.Claims.ClaimsPrincipal". 2025-10-10 04:09:46.644 +00:00 [Information] The authorization response was successfully returned to '"https://gray-rock-056a6cb1e.2.azurestaticapps.net/signin-oidc"' using the query response mode: "{ "code": "[redacted]", "state": "b0g5g4", "iss": "https://trust.itotem.io/", "culture": "en", "ui-culture": "en" }". 2025-10-10 04:09:46.644 +00:00 [Information] Executed action "Volo.Abp.OpenIddict.Controllers.AuthorizeController.HandleAsync (Volo.Abp.OpenIddict.AspNetCore)" in 312.6752ms 2025-10-10 04:09:46.650 +00:00 [Information] Request finished "HTTP/1.1" "GET" "https"://"trust.itotem.io""""/connect/authorize""?client_id=Tapp_App_gray&response_type=code&scope=offline_access+Tapp&redirect_uri=https%3A%2F%2Fgray-rock-056a6cb1e.2.azurestaticapps.net%2Fsignin-oidc&code_challenge=pYIZGk8YxxxxWa8 DNDakcLe84&code_challenge_method=S256&state=b0g5g4" - 302 null null 418.6565ms 2025-10-10 04:09:47.952 +00:00 [Information] Request starting "HTTP/1.1" "POST" "https"://"trust.itotem.io""""/connect/token""" - "application/x-www-form-urlencoded" 301 2025-10-10 04:09:47.952 +00:00 [Information] CORS policy execution successful. 2025-10-10 04:09:47.952 +00:00 [Information] The request URI matched a server endpoint: Token. 2025-10-10 04:09:47.953 +00:00 [Information] The token request was successfully extracted: "{ "grant_type": "authorization_code", "client_id": "Tapp_App_gray", "client_secret": "[redacted]", "code": "[redacted]", "redirect_uri": "https://gray-rock-056a6cb1e.2.azurestaticapps.net/signin-oidc", "code_verifier": "mOMqU5xxxxxx" }". 2025-10-10 04:09:48.051 +00:00 [Information] The response was successfully returned as a JSON document: "{ "error": "invalid_grant", "error_description": "The specified token is invalid.", "error_uri": "https://documentation.openiddict.com/errors/ID2004" }". 2025-10-10 04:09:48.051 +00:00 [Information] Request finished "HTTP/1.1" "POST" "https"://"trust.itotem.io""""/connect/token""" - 400 161 "application/json;charset=UTF-8" 99.2881ms 2025-10-10 04:09:49.158 +00:00 [Information] Start processing HTTP request "GET" "http://greendrop9-prod-pre.azurewebsites.net/health-status" 2025-10-10 04:09:49.166 +00:00 [Information] End processing HTTP request after 8.0969ms - 200 2025-10-10 04:12:22.050 +00:00 [Information] Request starting "HTTP/1.1" "HEAD" "https"://"trust.itotem.io""""/""" - null null 2025-10-10 04:12:22.052 +00:00 [Information] Authorization failed. "These requirements were not met: DenyAnonymousAuthorizationRequirement: Requires an authenticated user." 2025-10-10 04:12:22.140 +00:00 [Information] Executing endpoint '"/Account/Login"' 2025-10-10 04:12:22.253 +00:00 [Information] Executing handler method "Volo.Abp.Account.Public.Web.Pages.Account.LoginModel.OnGetAsync" - ModelState is Invalid 2025-10-10 04:12:22.306 +00:00 [Information] Executed handler method "OnGetAsync", returned result "Microsoft.AspNetCore.Mvc.RazorPages.PageResult". 2025-10-10 04:12:23.885 +00:00 [Information] Executed page "/Account/Login" in 1744.5354ms 2025-10-10 04:13:46.988 +00:00 [Information] Request starting "HTTP/1.1" "GET" "https"://"trust.itotem.io""""/connect/token""" - null null 2025-10-10 04:13:46.990 +00:00 [Information] The request was rejected because an invalid HTTP method was specified: "GET". 2025-10-10 04:13:47.748 +00:00 [Information] Request starting "HTTP/1.1" "GET" "https"://"trust.itotem.io""""/Error""?httpStatusCode=404" - null null 2025-10-10 04:13:47.752 +00:00 [Information] Executing endpoint '"Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)"' 2025-10-10 04:13:47.821 +00:00 [Information] Executing ViewResult, running view "~/Views/Error/404.cshtml". 2025-10-10 04:13:48.968 +00:00 [Information] Request finished "HTTP/1.1" "GET" "https"://"trust.itotem.io""""/Error""?httpStatusCode=404" - 404 null "text/html; charset=utf-8" 1223.0922ms 2025-10-10 04:13:58.310 +00:00 [Information] Request starting "HTTP/1.1" "GET" "https"://"trust.itotem.io""""/""" - null null 2025-10-10 04:13:58.315 +00:00 [Information] Authorization failed. "These requirements were not met: DenyAnonymousAuthorizationRequirement: Requires an authenticated user."
-
0
hi
Please set your log level to
Debug
and share the full logs.txt to liming.ma@volosoft.comsee https://abp.io/support/questions/8622/How-to-enable-Debug-logs-for-troubleshoot-problems
Thanks.
-
0
thanks, will do. by the way, how can I see the source code for this endpoint: connect/token?
-
0
hi
The source code of
connect/token
is in the OpenIddict library, and it is not a single endpoint. It has many handlers.Thanks.
-
0
just sent, thanks
-
0
hi
the production env gives me this error
Can you share your
EncryptionAndSigningCertificate
code?if (!hostingEnvironment.IsDevelopment()) { PreConfigure<AbpOpenIddictAspNetCoreOptions>(options => { options.AddDevelopmentEncryptionAndSigningCertificate = false; }); PreConfigure<OpenIddictServerBuilder>(serverBuilder => { serverBuilder.AddProductionEncryptionAndSigningCertificate("openiddict.pfx", configuration["AuthServer:CertificatePassPhrase"]!); serverBuilder.SetIssuer(new Uri(configuration["AuthServer:Authority"]!)); }); }
-
0
I have just sent you via email thx
-
0
I manually created the new application here, should I update db migrator, add the application in and run it?
"OpenIddict": { "Applications": { "Tapp_Web_Public": { "ClientId": "Tapp_Web_Public", "ClientSecret": "xxxxx", "RootUrl": "https://trust.itotem.io" },
maybe it has sth to do with the way I created this new application, do you have an instruction for this?
when should we use public client vs confidential client, I am using a react app to connect, should I use public client?
what's hybird flow, password flow, etc..
what's extension grant types