IdentityServer introspect and userinfo endpoint not available #10294

nagib.aouini created 2 years ago

Prerequisites

Please answer the following questions before submitting an issue. YOU MAY DELETE THE PREREQUISITES SECTION.

What is your product version? 10.3
What is your product type (Angular or MVC)? Angular
What is product framework type (.net framework or .net core)? .net core 5

Questions

We activated the IdentitServer
We access the .well-known/openid-configuration properly

"IdentityServer": { "IsEnabled": "true", "Authority": "https://localhost:44301/", "ApiName": "default-api",

The endpoint introspect https:/<app>/connect/introspect return an Error 404 ! like explained here https://identityserver4.readthedocs.io/en/latest/endpoints/introspection.html

<head> <title>ADMIN - Error</title>

&lt;link href=&quot;/view-resources/Views/Error/Index.css?v=8chyDsqrMk2dqzEb9NwpgKudCaENhDdlvh6dpWmjNzY&quot; rel=&quot;stylesheet&quot; /&gt;

</head> <div class="m-error_container"> <span class="m-error_title"> <h1> Error! </h1> </span> <p class="m-error_subtitle"> An internal error occurred during your request! </p> <p class="m-error_description"> </p> </div>

How we can access all IdentityServer endpoint so an external app can check accessToken and userInfo ?

7 Answer(s)

0

ismcagdas created 3 years ago
Support Team

Hi @nagib.aouini

As I can see, endpoint exists in the latest version. Could you share how do you call this endpoint ?

Thanks,
0

nagib.aouini created 3 years ago

Hi This shows on error logs

Exceptions caught: 'System.NotSupportedException: IDX10634: Unable to create the SignatureProvider. Algorithm: 'HS256', SecurityKey: 'Microsoft.IdentityModel.Tokens.RsaSecurityKey, KeyId: '8754EC1B28DDFA079D97CF996304434D', InternalId: '9n57E3u1vGm2iMFnZ88ZR-wxeDNgPVQ1Z8zDUeKWTqs'.' is not supported. The list of supported algorithms is available here: https://aka.ms/IdentityModel/supported-algorithms at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateSignatureProvider(SecurityKey key, String algorithm, Boolean willCreateSignatures, Boolean cacheProvider) at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateForVerifying(SecurityKey key, String algorithm, Boolean cacheProvider) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(Byte[] encodedBytes, Byte[] signature, SecurityKey key, String algorithm, SecurityToken securityToken, TokenValidationParameters validationParameters) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters) '. token: '{"alg":"HS256","typ":"JWT"}.{"sub":"2","name":"admin","http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress":"[email protected]","aspnet.identity.securitystamp":"NTYXATPGVEXNZTKHHHVUE6DX6I3276UF","role":["Admin","2e4f924305dd44ec8270d07ddec8ae4d","fd553750180b45479df2f646d6cd782a"],"http://www.aspnetboilerplate.com/identity/claims/tenantId":"1","jti":"ebdc1c24-f310-4e52-9f0a-ef3b50ed4146","iat":1620030164,"token_validity_key":"e9ab3352-67c5-4b39-84ba-0d81be05e62a","user_identifier":"2@1","token_type":"0","refresh_token_validity_key":"7db0b7f6-1731-4ff2-bd9e-7784967a2125","nbf":1620030164,"exp":1620116564,"iss":"ADMIN","aud":"ADMIN"}'. at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken) at IdentityServer4.Validation.TokenValidator.ValidateJwtAsync(String jwt, IEnumerable`1 validationKeys, Boolean validateLifetime, String audience)
0

ismcagdas created 3 years ago
Support Team

Hi,

By default, AspNet Zero only configures AddDeveloperSigningCredential. Could you share how do you configure production certificate for Identity Server ? I think the problem is related to that.
0

nagib.aouini created 3 years ago

Hi Team,

I am following below urls. https://support.aspnetzero.com/QA/Questions/9495/Identity-server4-integration-EntityFramework-EF-as-the-storage-mechanism https://github.com/aspnetboilerplate/aspnetboilerplate/issues/5757

I am implementing and creating the tables. I just wanted to confirm that am I on the right track? Is there any other help document which you can provide?
0

ismcagdas created 3 years ago
Support Team

Previously I used OpenSSL, you can check out https://benjii.me/2017/06/creating-self-signed-certificate-identity-server-azure/
0

nagib.aouini created 3 years ago

Dear Support Team,

I am getting the unauthenticated error on localhost. I am able to create the access token using the https://localhost:44301/connect/token (screenshot 1) but the introspection is not working. It is giving an unauthorized error (screenshot 2).
0

ismcagdas created 3 years ago
Support Team

Hi,

Could you check the server side log file and see if there are any details about this error ?

Thanks,

Have an answer to this question? Log in and write your answer.