Well done, it works like a charm!
I got it. But, RefreshToken property is null in the response of Request Token:
If I use refreshToken.Text, which is empty, it will raise this exception:
System.ArgumentException: Parameter is required (Parameter 'refresh_token')
Endpoint is exactly the same. Here is my code:
var response = await httpClient.Value.RequestRefreshTokenAsync(new RefreshTokenRequest()
{
Address = disco.TokenEndpoint,
ClientId = clientId.Text,
ClientSecret = secret.Text,
RefreshToken = refreshToken.Text,
});
Hi Maliming,
For Introspect it is working fine. But, for RefreshToken it is saying the grant_type is invalid. Have you managed to make it work?
hi
Can you share a simple project to reproduce? liming.ma@volosoft.com
I've sent a Windows Form project. Just change the fields using your remote server with a valid client.
Another thing that I found. If I update a Client (just edit, change some field, can save), it doesn't work anymore. It says that the secret is invalid. Looking at the database, table IdentityServerClientSecrets, I found that the column "Value" was modified and it has the same value as the previous record. Can you have a look at that as well?
Does this resolve the problem? https://support.abp.io/QA/Questions/3404#answer-5bd6d8f3-7f01-53fa-6050-3a05049ffeee
Yes, it seems that worked. Cheers!
Yes, I can do it. Just need a few minutes to create it and will email you.
Another thing that I found. If I update a Client (just edit, change some field, can save), it doesn't work anymore. It says that the secret is invalid. Looking at the database, table IdentityServerClientSecrets, I found that the column "Value" was modified and it has the same value as the previous record. Can you have a look at that as well?
Yes, I have a secret in my client. I'm using the IdentityModel class library.
Here is my method to Introspect the token:
public async Task<bool> ValidateToken(string accessToken)
{
Console.WriteLine("ValidateToken Init");
var authority = _baseUrl;
var discoveryCache = new DiscoveryCache(authority);
var disco = await discoveryCache.GetAsync();
var httpClient = new Lazy<HttpClient>(() => new HttpClient());
Console.WriteLine("ValidateToken 1");
var response = await httpClient.Value.IntrospectTokenAsync(new TokenIntrospectionRequest
{
Address = disco.IntrospectionEndpoint,
ClientId = "xxx",
ClientSecret = "xxx",
Token = accessToken,
});
Console.WriteLine("ValidateToken 2 - response: {0}", JsonSerializer.Serialize(response));
return !response.IsError && response.IsActive;
}
There are two things that I notice wrong:
Here are the logs when the ClientId is the API Resource ID:
[14:37:27 INF] Request starting HTTP/2 POST https://localhost:44364/connect/introspect application/x-www-form-urlencoded 1201
[14:37:27 INF] CORS policy execution successful.
[14:37:27 DBG] CORS request made for path: /connect/introspect from origin: https://localhost:7044 but was ignored because path was not for an allowed IdentityServer CORS endpoint
[14:37:27 INF] No CORS policy found for the specified request.
[14:37:27 DBG] Request path /connect/introspect matched to endpoint type Introspection
[14:37:27 DBG] Endpoint enabled: Introspection, successfully created handler: IdentityServer4.Endpoints.IntrospectionEndpoint
[14:37:27 INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.IntrospectionEndpoint for /connect/introspect
[14:37:27 DBG] Starting introspection request.
[14:37:27 DBG] Start parsing Basic Authentication secret
[14:37:27 DBG] Start parsing for secret in post body
[14:37:27 DBG] Parser found secret: PostBodySecretParser
**[14:37:27 DBG] Secret id found: SBC**
[14:37:27 DBG] No shared secret configured for client.
[14:37:27 DBG] Secret validators could not validate secret
[14:37:27 INF] {"ApiName": "SBC", "Category": "Authentication", "Name": "API Authentication Failure", "EventType": "Failure", "Id": 1021, "Message": **"Invalid API secret"**, "ActivityId": "40000025-0006-cc00-b63f-84710c7967bb", "TimeStamp": "2022-07-15T02:37:27.0000000Z", "ProcessId": 35360, "LocalIpAddress": "::1:44364", "RemoteIpAddress": "::1", "$type": "ApiAuthenticationFailureEvent"}
[14:37:27 ERR] API validation failed.
[14:37:27 ERR] API unauthorized to call introspection endpoint. aborting.
[14:37:27 INF] Request finished HTTP/2 POST https://localhost:44364/connect/introspect application/x-www-form-urlencoded 1201 - 401 - - 11.6988ms
Here are the logs the ClientId is the ClientId indeed:
[14:38:51 DBG] CORS request made for path: /connect/introspect from origin: https://localhost:7044 but was ignored because path was not for an allowed IdentityServer CORS endpoint
[14:38:51 INF] No CORS policy found for the specified request.
[14:38:51 DBG] Request path /connect/introspect matched to endpoint type Introspection
[14:38:51 DBG] Endpoint enabled: Introspection, successfully created handler: IdentityServer4.Endpoints.IntrospectionEndpoint
[14:38:51 INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.IntrospectionEndpoint for /connect/introspect
[14:38:51 DBG] Starting introspection request.
[14:38:51 DBG] Start parsing Basic Authentication secret
[14:38:51 DBG] Start parsing for secret in post body
[14:38:51 DBG] Parser found secret: PostBodySecretParser
**[14:38:51 DBG] Secret id found: SBC_Mobile**
[14:38:51 INF] {"ApiName": "SBC_Mobile", "Category": "Authentication", "Name": "API Authentication Failure", "EventType": "Failure", "Id": 1021, "Message": **"Unknown API resource", **"ActivityId": "400000eb-0008-f200-b63f-84710c7967bb", "TimeStamp": "2022-07-15T02:38:51.0000000Z", "ProcessId": 35360, "LocalIpAddress": "::1:44364", "RemoteIpAddress": "::1", "$type": "ApiAuthenticationFailureEvent"}
[14:38:51 ERR] No API resource with that name found. aborting
[14:38:51 ERR] API unauthorized to call introspection endpoint. aborting.
[14:38:51 INF] Request finished HTTP/2 POST https://localhost:44364/connect/introspect application/x-www-form-urlencoded 1208 - 401 - - 21.0535ms
Hi,
I'm still struggling to create the application and create a decent login system for it.
How can I validate and refresh a token? Currently, I'm saving the date/time expiration in the session. If that is expired, I'm trying to call connect/introspect, but, no success. Same error as described on this item: https://github.com/abpframework/abp/issues/12394
I've tried to use refresh_token grant_type, as per IdentityServer4 documentation, but, it is also not working. It is saying Grant is invalid. Besides, there is no refresh_token token in the Identity Server > Client form. I had to add a custom grant type.
Hi Maliming,
I got a bit confused now. Where can I check HttpContext.User and where I can set the types exactly?
See if this image answers your question:
