Identity Server 4 certificate signed by External Certificate Authority

Question

We are trying to implement OpenId Connect Code flow between Identity Server 4 (provider) and SalesForce (Client) but it seems SalesForce does not like self signed certificate (we get error AuthorizationError?ErrorCode=No_Oauth_Token&ErrorDescription=invalid_client in salesforce after successfull login in IDP)

Following this thread https://salesforce.stackexchange.com/questions/94492/openid-connect-with-custom-idp-authorizationerror-no-oauth-token-empty-respons this could be because our Identity Server certificate is self signed.

How do I create a signing certificate for Identity Server and get is signed by an External Certificate Authority so that it get accepted by SalesForce ?

Answer 1

So as @identigral posted, this error has nothing to do with certificates.

This is client setup code in identity server that is working for me:

new Client {
  ClientId = "SF",
  ClientName = "SalesForce",
  RequireConsent = false,
  AllowedGrantTypes = GrantTypes.CodeAndClientCredentials,
  ClientSecrets = {
    new Secret(SalesForceSecretKey.Sha256())
  },
  RequireClientSecret = false,
  AllowAccessTokensViaBrowser = true,
  AccessTokenLifetime = 3600,
  RedirectUris = {
    SalesForceCallBackURI
  },
  AllowedScopes = {
    IdentityServerConstants.StandardScopes.OpenId,
    IdentityServerConstants.StandardScopes.Profile                           
  }
});

in SalesForce, this is the setup: