'IdentityServer4.Stores.ValidatingClientStore Invalid client configuration for ... client no allowed grant type specified
Hi I am getting the error...
"IdentityServer4.Stores.ValidatingClientStore Invalid client configuration for ... client no allowed grant type specified"
when using a sql database context initially seeded from static data.
If I use the same static data on an AddInMemoryClients context no errors occurs and everything works fine.
Client definition...
new Client
{
ClientId = "GameMvc",
ClientName = "MGame web client",
ClientSecrets = { new Secret("058dddb593be4e149c19e23fd336e2ed".Sha256()) },
AllowRememberConsent = false,
AllowOfflineAccess = true,
UpdateAccessTokenClaimsOnRefresh = true,
AccessTokenLifetime = 180,
AllowedGrantTypes = GrantTypes.Hybrid,
RedirectUris = { "https://localhost:44330/signin-oidc" },
PostLogoutRedirectUris = { "https://localhost:44330/signout-callback-oidc" },
AllowedScopes =
{
"openid",
"profile",
"email",
"address",
"offline_access",
"role",
}
}
Identity server debug output
fail: IdentityServer4.Stores.ValidatingClientStore[0]
Invalid client configuration for client GameMvc: no allowed grant type specified
info: IdentityServer4.Events.DefaultEventService[0]
{
"Name": "Invalid Client Configuration",
"Category": "Error",
"EventType": "Error",
"Id": 3001,
"ClientId": "GameMvc",
"ClientName": "MGame web client",
"Message": "no allowed grant type specified",
"ActivityId": "0HLUGMDSRD0QH:00000007",
"TimeStamp": "2020-03-25T11:56:22Z",
"ProcessId": 22768,
"LocalIpAddress": "::1:44320",
"RemoteIpAddress": "::1"
}
fail: IdentityServer4.Validation.AuthorizeRequestValidator[0]
Unknown client or not enabled: GameMvc
{
"SubjectId": "anonymous",
"RequestedScopes": "",
"Raw": {
"client_id": "GameMvc",
"redirect_uri": "https://localhost:44330/signin-oidc",
"response_type": "code id_token",
"scope": "openid profile email offline_access role experience subscription_level GameApi",
"response_mode": "form_post",
"nonce": "637207341781609343.NzJmYjQ1ZjgtNDI1Yy00ZWY4LWE2YTItOTE0MWUwNTYwNDIwNzQ0NWJjOWEtN2FhNS00M2NlLTlhMmMtMTlkODBhMTliYjdm",
"state": "CfDJ8H3n8sVeRBlPopiMUAsqux6eF3ZksNANFCae20YtpBRAXjP-7HUxq1--kcY8uMuiT1moapzqik0ifGaLVmBiQw2QcRcNLlJCpN50yy2uHy52-ydsbCEGigE81skOlEalX2fMbjOuVRSC5jT4FaE2DFM-wPj8ndbf_VGYQ-FG5avBp9vsSKMW_CdUaUtrbs4nsEmAn1NTZoXIPTXnzBcCKOPwSpCOalpK1i4SbpKFbvN3PAKCNw1zPi-lFM5_W3icVvD_gazWnP3X1jxp_3XzCSoKIf3bKSL6TKuix28SPJZ_-KnKJtWOAUkkTFu20Qr0DQ",
"x-client-SKU": "ID_NETSTANDARD2_0",
"x-client-ver": "5.5.0.0"
}
}
fail: IdentityServer4.Endpoints.AuthorizeEndpoint[0]
Request validation failed
info: IdentityServer4.Endpoints.AuthorizeEndpoint[0]
{
"SubjectId": "anonymous",
"RequestedScopes": "",
"Raw": {
"client_id": "GameMvc",
"redirect_uri": "https://localhost:44330/signin-oidc",
"response_type": "code id_token",
"scope": "openid profile email offline_access role experience subscription_level GameApi",
"response_mode": "form_post",
"nonce": "637207341781609343.NzJmYjQ1ZjgtNDI1Yy00ZWY4LWE2YTItOTE0MWUwNTYwNDIwNzQ0NWJjOWEtN2FhNS00M2NlLTlhMmMtMTlkODBhMTliYjdm",
"state": "CfDJ8H3n8sVeRBlPopiMUAsqux6eF3ZksNANFCae20YtpBRAXjP-7HUxq1--kcY8uMuiT1moapzqik0ifGaLVmBiQw2QcRcNLlJCpN50yy2uHy52-ydsbCEGigE81skOlEalX2fMbjOuVRSC5jT4FaE2DFM-wPj8ndbf_VGYQ-FG5avBp9vsSKMW_CdUaUtrbs4nsEmAn1NTZoXIPTXnzBcCKOPwSpCOalpK1i4SbpKFbvN3PAKCNw1zPi-lFM5_W3icVvD_gazWnP3X1jxp_3XzCSoKIf3bKSL6TKuix28SPJZ_-KnKJtWOAUkkTFu20Qr0DQ",
"x-client-SKU": "ID_NETSTANDARD2_0",
"x-client-ver": "5.5.0.0"
}
}
however using the same client on in memory scenario with AddInMemoryClients it works... see the debug output below..
dbug: IdentityServer4.Validation.AuthorizeRequestValidator[0]
Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator
dbug: IdentityServer4.Endpoints.AuthorizeEndpoint[0]
ValidatedAuthorizeRequest
{
"ClientId": "GameMvc",
"ClientName": "MGame web client",
"RedirectUri": "https://localhost:44330/signin-oidc",
"AllowedRedirectUris": [
"https://localhost:44330/signin-oidc"
],
"SubjectId": "anonymous",
"ResponseType": "code id_token",
"ResponseMode": "form_post",
"GrantType": "hybrid",
"RequestedScopes": "openid profile email offline_access role experience subscription_level GameApi",
"State": "CfDJ8H3n8sVeRBlPopiMUAsqux7YiGRgIGQOeT0aF9aYMv-a40lLmjS_uEZw_jMeQAgkq7wFGq8mMMekKNm8U6uFL_kruFOX_gYjhJjzRZUKG1aHE0vpcJ0i0zYqd9aTh6elus8MxkP6NaGWszjf0wXSwVNboUdq_7NAvR_b4Pyt0sMkD5LTysTQ4VePtKi-FjDarp5xlRPvQUfiYpZfcyOGi7eqSlHuiVzD83uByMBhJ3cIA6h5n5zDzzotNpwxw_QLQk4A8zN06tgTHhUYTWV-5kxYiX3N84f__eyB3K_TCY94Kbm562BZX4TtfLzJHqJAdg",
"Nonce": "637207668423193165.NjAzZDAwM2UtMjc0Yi00ZTNiLTgyOWYtN2JhYTI5ZTkxNDBlZGJiN2FiZGEtN2ZmYy00OGFkLWE5MGItMzAzNmY3OGM1MGIx",
"SessionId": "",
"Raw": {
"client_id": "GameMvc",
"redirect_uri": "https://localhost:44330/signin-oidc",
"response_type": "code id_token",
"scope": "openid profile email offline_access role experience subscription_level GameApi",
"response_mode": "form_post",
"nonce": "637207668423193165.NjAzZDAwM2UtMjc0Yi00ZTNiLTgyOWYtN2JhYTI5ZTkxNDBlZGJiN2FiZGEtN2ZmYy00OGFkLWE5MGItMzAzNmY3OGM1MGIx",
"state": "CfDJ8H3n8sVeRBlPopiMUAsqux7YiGRgIGQOeT0aF9aYMv-a40lLmjS_uEZw_jMeQAgkq7wFGq8mMMekKNm8U6uFL_kruFOX_gYjhJjzRZUKG1aHE0vpcJ0i0zYqd9aTh6elus8MxkP6NaGWszjf0wXSwVNboUdq_7NAvR_b4Pyt0sMkD5LTysTQ4VePtKi-FjDarp5xlRPvQUfiYpZfcyOGi7eqSlHuiVzD83uByMBhJ3cIA6h5n5zDzzotNpwxw_QLQk4A8zN06tgTHhUYTWV-5kxYiX3N84f__eyB3K_TCY94Kbm562BZX4TtfLzJHqJAdg",
"x-client-SKU": "ID_NETSTANDARD2_0",
"x-client-ver": "5.5.0.0"
}
}
I could check that the data is indeed persisted on the database..
Here below the /.well-known/openid-configuration
/ https://localhost:44320/.well-known/openid-configuration
{
"issuer": "https://localhost:44320",
"jwks_uri": "https://localhost:44320/.well-known/openid-configuration/jwks",
"authorization_endpoint": "https://localhost:44320/connect/authorize",
"token_endpoint": "https://localhost:44320/connect/token",
"userinfo_endpoint": "https://localhost:44320/connect/userinfo",
"end_session_endpoint": "https://localhost:44320/connect/endsession",
"check_session_iframe": "https://localhost:44320/connect/checksession",
"revocation_endpoint": "https://localhost:44320/connect/revocation",
"introspection_endpoint": "https://localhost:44320/connect/introspect",
"device_authorization_endpoint": "https://localhost:44320/connect/deviceauthorization",
"frontchannel_logout_supported": true,
"frontchannel_logout_session_supported": true,
"backchannel_logout_supported": true,
"backchannel_logout_session_supported": true,
"scopes_supported": [
"subscription_level",
"experience",
"role",
"address",
"phone",
"email",
"profile",
"openid",
"GameApiFullAccess",
"GameApiReadWrite",
"GameApiReadOnly",
"GameApi",
"offline_access"
],
"claims_supported": [
"subscription_level",
"experience",
"role",
"address",
"phone_number",
"phone_number_verified",
"email",
"email_verified",
"family_name",
"given_name",
"middle_name",
"nickname",
"preferred_username",
"profile",
"picture",
"website",
"gender",
"name",
"birthdate",
"locale",
"updated_at",
"zoneinfo",
"sub"
],
"grant_types_supported": [
"authorization_code",
"client_credentials",
"refresh_token",
"implicit",
"password",
"urn:ietf:params:oauth:grant-type:device_code"
],
"response_types_supported": [
"code",
"token",
"id_token",
"id_token token",
"code id_token",
"code token",
"code id_token token"
],
"response_modes_supported": [
"form_post",
"query",
"fragment"
],
"token_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"subject_types_supported": [
"public"
],
"code_challenge_methods_supported": [
"plain",
"S256"
],
"request_parameter_supported": true
}
Solution 1:[1]
Finally I had cached the error
The error is produced if...
builder.UseQueryTrackingBehavior(QueryTrackingBehavior.NoTracking) for ConfigurationDbContext
So the desired option for Identity Server dbContext is QueryTrackingBehavior.TrackAll
BR
Solution 2:[2]
For me, I had created a new client and there was a missing configuration in configuration.ClientGrantTypes table.
So I inserted a new ClientGrantType:
INSERT INTO configuration.ClientGrantTypes (GrantType, ClientId) VALUES ('authorization_code', YOURCLIENTID)
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | alhpe |
| Solution 2 | mr_puskala |