IdentityServer - Client cannot request OpenID scopes in client credent - Enhance your coding expertise with Ganu on @onlycoders.net

1 year ago

#305713

Ganu

IdentityServer - Client cannot request OpenID scopes in client credentials flow

I have a IdentityServer4 Admin client with Hybrid flow and it is working fine. The Admin client has some controllers (APIs) and I want to expose them as API for other applications. To achieve that I am following this guide:

https://docs.identityserver.io/en/release/quickstarts/5_hybrid_and_api_access.html#modifying-the-client-configuration

Code to add admin client added in IdentityServer server. "admin_api" is added as ApiResource in IdentityServer.

Client identityServerAmin = new Client
        {
            ClientId = "adminClient",
            ClientName = "adminClient",
            ClientUri = "adminClientURL",

            AllowedGrantTypes = <GrantTypes.Hybrid, GrantTypes.ClientCredentials>
          

            RedirectUris = { $"{adminClientURL}/signin-oidc" },
            FrontChannelLogoutUri = $"{adminClientURLl}/signout-oidc",
            PostLogoutRedirectUris = { $"{adminClientURL}/signout-callback-oidc" },
            AllowedCorsOrigins = { adminClientURL },

            AllowedScopes =
            {
                openid,
                profile,
                email,
                offline_access,
                admin_api,
                "roles"
            }
        };

Code to register IdentityServer in the AdminClient

.AddOpenIdConnect(AuthenticationConsts.OidcAuthenticationScheme, options =>
{
    options.Authority = <IS4 STS server URL>;
    options.ClientId = "adminClient";
    options.ClientSecret = "adminClientSecret";
    options.ResponseType = "code id_token";
    adminConfiguration.Scopes = "openid admin_api roles profile email offline_access";
    options.Scope.Clear();
    foreach (var scope in adminConfiguration.Scopes)
    {
       options.Scope.Add(scope);
    }

    options.SaveTokens = true;

    options.GetClaimsFromUserInfoEndpoint = true; }

From the consuming application I am trying to get the access token via

var disco = await _httpclient.GetDiscoveryDocumentAsync(<IdentityServer URL>);

        var clientCredentialsTokenRequest = new ClientCredentialsTokenRequest
        {
            Address = disco.TokenEndpoint,
            ClientId = "adminClient",
            ClientSecret = "adminClientSecret",
            Scope = "openid admin_api roles profile email offline_access"
        };

        TokenResponse tokenResponse = await _httpclient.RequestClientCredentialsTokenAsync(clientCredentialsTokenRequest);
        return tokenResponse.AccessToken;

When trying to get the accessToken I am getting the following error: "Client cannot request OpenID scopes in client credentials flow"

The issue is not with the scope OpenId, as I removed them from the scope and I still get the same error. Can someone please help?

identityserver4

clientcredential

0 Answers

Your Answer

Posts

Questions

Blogs

Jobs