'IdentityServer4.Stores.ValidatingClientStore Invalid client configuration for ... client no allowed grant type specified

Hi I am getting the error...

"IdentityServer4.Stores.ValidatingClientStore Invalid client configuration for ... client no allowed grant type specified"

when using a sql database context initially seeded from static data.

If I use the same static data on an AddInMemoryClients context no errors occurs and everything works fine.

Client definition...

        new Client
        {
            ClientId = "GameMvc",
            ClientName = "MGame web client",
            ClientSecrets =  { new Secret("058dddb593be4e149c19e23fd336e2ed".Sha256()) },
            AllowRememberConsent = false,
            AllowOfflineAccess = true,
            UpdateAccessTokenClaimsOnRefresh = true,
            AccessTokenLifetime = 180,
            AllowedGrantTypes = GrantTypes.Hybrid,
            RedirectUris = { "https://localhost:44330/signin-oidc" },
            PostLogoutRedirectUris = { "https://localhost:44330/signout-callback-oidc" },
            AllowedScopes =
            {
                "openid",
                "profile",
                "email",
                "address",
                "offline_access",
                "role",
            }
        }

Identity server debug output

fail: IdentityServer4.Stores.ValidatingClientStore[0]
      Invalid client configuration for client GameMvc: no allowed grant type specified
info: IdentityServer4.Events.DefaultEventService[0]
      {
        "Name": "Invalid Client Configuration",
        "Category": "Error",
        "EventType": "Error",
        "Id": 3001,
        "ClientId": "GameMvc",
        "ClientName": "MGame web client",
        "Message": "no allowed grant type specified",
        "ActivityId": "0HLUGMDSRD0QH:00000007",
        "TimeStamp": "2020-03-25T11:56:22Z",
        "ProcessId": 22768,
        "LocalIpAddress": "::1:44320",
        "RemoteIpAddress": "::1"
      }
fail: IdentityServer4.Validation.AuthorizeRequestValidator[0]
      Unknown client or not enabled: GameMvc
{
        "SubjectId": "anonymous",
        "RequestedScopes": "",
        "Raw": {
          "client_id": "GameMvc",
          "redirect_uri": "https://localhost:44330/signin-oidc",
          "response_type": "code id_token",
          "scope": "openid profile email offline_access role experience subscription_level GameApi",
          "response_mode": "form_post",
          "nonce": "637207341781609343.NzJmYjQ1ZjgtNDI1Yy00ZWY4LWE2YTItOTE0MWUwNTYwNDIwNzQ0NWJjOWEtN2FhNS00M2NlLTlhMmMtMTlkODBhMTliYjdm",
          "state": "CfDJ8H3n8sVeRBlPopiMUAsqux6eF3ZksNANFCae20YtpBRAXjP-7HUxq1--kcY8uMuiT1moapzqik0ifGaLVmBiQw2QcRcNLlJCpN50yy2uHy52-ydsbCEGigE81skOlEalX2fMbjOuVRSC5jT4FaE2DFM-wPj8ndbf_VGYQ-FG5avBp9vsSKMW_CdUaUtrbs4nsEmAn1NTZoXIPTXnzBcCKOPwSpCOalpK1i4SbpKFbvN3PAKCNw1zPi-lFM5_W3icVvD_gazWnP3X1jxp_3XzCSoKIf3bKSL6TKuix28SPJZ_-KnKJtWOAUkkTFu20Qr0DQ",
          "x-client-SKU": "ID_NETSTANDARD2_0",
          "x-client-ver": "5.5.0.0"
        }
      }
fail: IdentityServer4.Endpoints.AuthorizeEndpoint[0]
      Request validation failed
info: IdentityServer4.Endpoints.AuthorizeEndpoint[0]
      {
        "SubjectId": "anonymous",
        "RequestedScopes": "",
        "Raw": {
          "client_id": "GameMvc",
          "redirect_uri": "https://localhost:44330/signin-oidc",
          "response_type": "code id_token",
          "scope": "openid profile email offline_access role experience subscription_level GameApi",
          "response_mode": "form_post",
          "nonce": "637207341781609343.NzJmYjQ1ZjgtNDI1Yy00ZWY4LWE2YTItOTE0MWUwNTYwNDIwNzQ0NWJjOWEtN2FhNS00M2NlLTlhMmMtMTlkODBhMTliYjdm",
          "state": "CfDJ8H3n8sVeRBlPopiMUAsqux6eF3ZksNANFCae20YtpBRAXjP-7HUxq1--kcY8uMuiT1moapzqik0ifGaLVmBiQw2QcRcNLlJCpN50yy2uHy52-ydsbCEGigE81skOlEalX2fMbjOuVRSC5jT4FaE2DFM-wPj8ndbf_VGYQ-FG5avBp9vsSKMW_CdUaUtrbs4nsEmAn1NTZoXIPTXnzBcCKOPwSpCOalpK1i4SbpKFbvN3PAKCNw1zPi-lFM5_W3icVvD_gazWnP3X1jxp_3XzCSoKIf3bKSL6TKuix28SPJZ_-KnKJtWOAUkkTFu20Qr0DQ",
          "x-client-SKU": "ID_NETSTANDARD2_0",
          "x-client-ver": "5.5.0.0"
        }
      }

however using the same client on in memory scenario with AddInMemoryClients it works... see the debug output below..

dbug: IdentityServer4.Validation.AuthorizeRequestValidator[0]
      Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator
dbug: IdentityServer4.Endpoints.AuthorizeEndpoint[0]
      ValidatedAuthorizeRequest
      {
        "ClientId": "GameMvc",
        "ClientName": "MGame web client",
        "RedirectUri": "https://localhost:44330/signin-oidc",
        "AllowedRedirectUris": [
          "https://localhost:44330/signin-oidc"
        ],
        "SubjectId": "anonymous",
        "ResponseType": "code id_token",
        "ResponseMode": "form_post",
        "GrantType": "hybrid",
        "RequestedScopes": "openid profile email offline_access role experience subscription_level GameApi",
        "State": "CfDJ8H3n8sVeRBlPopiMUAsqux7YiGRgIGQOeT0aF9aYMv-a40lLmjS_uEZw_jMeQAgkq7wFGq8mMMekKNm8U6uFL_kruFOX_gYjhJjzRZUKG1aHE0vpcJ0i0zYqd9aTh6elus8MxkP6NaGWszjf0wXSwVNboUdq_7NAvR_b4Pyt0sMkD5LTysTQ4VePtKi-FjDarp5xlRPvQUfiYpZfcyOGi7eqSlHuiVzD83uByMBhJ3cIA6h5n5zDzzotNpwxw_QLQk4A8zN06tgTHhUYTWV-5kxYiX3N84f__eyB3K_TCY94Kbm562BZX4TtfLzJHqJAdg",
        "Nonce": "637207668423193165.NjAzZDAwM2UtMjc0Yi00ZTNiLTgyOWYtN2JhYTI5ZTkxNDBlZGJiN2FiZGEtN2ZmYy00OGFkLWE5MGItMzAzNmY3OGM1MGIx",
        "SessionId": "",
        "Raw": {
          "client_id": "GameMvc",
          "redirect_uri": "https://localhost:44330/signin-oidc",
          "response_type": "code id_token",
          "scope": "openid profile email offline_access role experience subscription_level GameApi",
          "response_mode": "form_post",
          "nonce": "637207668423193165.NjAzZDAwM2UtMjc0Yi00ZTNiLTgyOWYtN2JhYTI5ZTkxNDBlZGJiN2FiZGEtN2ZmYy00OGFkLWE5MGItMzAzNmY3OGM1MGIx",
          "state": "CfDJ8H3n8sVeRBlPopiMUAsqux7YiGRgIGQOeT0aF9aYMv-a40lLmjS_uEZw_jMeQAgkq7wFGq8mMMekKNm8U6uFL_kruFOX_gYjhJjzRZUKG1aHE0vpcJ0i0zYqd9aTh6elus8MxkP6NaGWszjf0wXSwVNboUdq_7NAvR_b4Pyt0sMkD5LTysTQ4VePtKi-FjDarp5xlRPvQUfiYpZfcyOGi7eqSlHuiVzD83uByMBhJ3cIA6h5n5zDzzotNpwxw_QLQk4A8zN06tgTHhUYTWV-5kxYiX3N84f__eyB3K_TCY94Kbm562BZX4TtfLzJHqJAdg",
          "x-client-SKU": "ID_NETSTANDARD2_0",
          "x-client-ver": "5.5.0.0"
        }
      }

I could check that the data is indeed persisted on the database.. enter image description here

Here below the /.well-known/openid-configuration

/ https://localhost:44320/.well-known/openid-configuration

{
  "issuer": "https://localhost:44320",
  "jwks_uri": "https://localhost:44320/.well-known/openid-configuration/jwks",
  "authorization_endpoint": "https://localhost:44320/connect/authorize",
  "token_endpoint": "https://localhost:44320/connect/token",
  "userinfo_endpoint": "https://localhost:44320/connect/userinfo",
  "end_session_endpoint": "https://localhost:44320/connect/endsession",
  "check_session_iframe": "https://localhost:44320/connect/checksession",
  "revocation_endpoint": "https://localhost:44320/connect/revocation",
  "introspection_endpoint": "https://localhost:44320/connect/introspect",
  "device_authorization_endpoint": "https://localhost:44320/connect/deviceauthorization",
  "frontchannel_logout_supported": true,
  "frontchannel_logout_session_supported": true,
  "backchannel_logout_supported": true,
  "backchannel_logout_session_supported": true,
  "scopes_supported": [
    "subscription_level",
    "experience",
    "role",
    "address",
    "phone",
    "email",
    "profile",
    "openid",
    "GameApiFullAccess",
    "GameApiReadWrite",
    "GameApiReadOnly",
    "GameApi",
    "offline_access"
  ],
  "claims_supported": [
    "subscription_level",
    "experience",
    "role",
    "address",
    "phone_number",
    "phone_number_verified",
    "email",
    "email_verified",
    "family_name",
    "given_name",
    "middle_name",
    "nickname",
    "preferred_username",
    "profile",
    "picture",
    "website",
    "gender",
    "name",
    "birthdate",
    "locale",
    "updated_at",
    "zoneinfo",
    "sub"
  ],
  "grant_types_supported": [
    "authorization_code",
    "client_credentials",
    "refresh_token",
    "implicit",
    "password",
    "urn:ietf:params:oauth:grant-type:device_code"
  ],
  "response_types_supported": [
    "code",
    "token",
    "id_token",
    "id_token token",
    "code id_token",
    "code token",
    "code id_token token"
  ],
  "response_modes_supported": [
    "form_post",
    "query",
    "fragment"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "subject_types_supported": [
    "public"
  ],
  "code_challenge_methods_supported": [
    "plain",
    "S256"
  ],
  "request_parameter_supported": true
}


Solution 1:[1]

Finally I had cached the error

The error is produced if...

builder.UseQueryTrackingBehavior(QueryTrackingBehavior.NoTracking) for ConfigurationDbContext

So the desired option for Identity Server dbContext is QueryTrackingBehavior.TrackAll

BR

Solution 2:[2]

For me, I had created a new client and there was a missing configuration in configuration.ClientGrantTypes table.

So I inserted a new ClientGrantType:

INSERT INTO configuration.ClientGrantTypes (GrantType, ClientId) VALUES ('authorization_code', YOURCLIENTID)

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 alhpe
Solution 2 mr_puskala