Base solution for your next web application
Open Closed

Issue with identity server #4577


User avatar
0
rattlehub created

I have logged in to the portal and it works fine but i have enabled the Identity Server to test the console app but keep getting the error {{ "error": "invalid_grant", "error_description": "invalid_username_or_password" }} Any idea how i solve this. The only change i have made was to enable IdentityServer Yet i have double checked the credentials and i can log in. Could it be 2 factor authentication (If so how would we handle this via the API) Thanks


7 Answer(s)
  • User Avatar
    0
    rattlehub created

    To clarify. Do i need to authenticate against the MVC or Host Project as well. Ive only enabled Identity Server on the Host project as i only need it to connect to the API. Also is there a point i can set a breat point to debug. I put a break on every debug point i could find but i get the error almost instantly.

  • User Avatar
    0
    rattlehub created

    I have worked out the issue. The username is encrypted in the db and so i have to look for the encrypted record. The problem is i cant see which controller gets the authentication. Could you please advise me how to attach to the authenticate request.

  • User Avatar
    0
    alper created
    Support Team

    I guess you'r asking this;

    Host URL:

    http://MyDomain.com/api/TokenAuth/Authenticate
    

    Post Data:

    {"userNameOrEmailAddress":"admin","password":"MyPassword","rememberClient":false,"twoFactorRememberClientToken":null,"singleSignIn":false,"returnUrl":null}
    
  • User Avatar
    0
    rattlehub created

    No that is via the api, not using IdentityServer and OAuth. Calling it via the api worksbut im trying to use the OAuth client as its set up in the console app.
    This line of the code ....await tokenClient.RequestResourceOwnerPasswordAsync("admin", "123qwe", "default-api"); I have looked at every controller and added breakpoints on every login i can find but what Controller does RequestResourceOwnerPasswordAsync even call. It sounds simple but i cant find it. I point the Host server at <a class="postlink" href="http://localhost:22742/">http://localhost:22742/</a>

    private static async Task&lt;string&gt; GetAccessTokenViaOwnerPasswordAsync()
    {
        var disco = await DiscoveryClient.GetAsync(ServerUrlBase);
    
        using (var httpHandler = new HttpClientHandler())
        {
            httpHandler.CookieContainer.Add(new Uri(ServerUrlBase), new Cookie(MultiTenancyConsts.TenantIdResolveKey, "1")); //Set TenantId
    
            var tokenClient = new TokenClient(disco.TokenEndpoint, "client", "def2edf7-5d42-4edc-a84a-30136c340e13", httpHandler);
            var tokenResponse = await tokenClient.RequestResourceOwnerPasswordAsync("admin", "123qwe", "default-api");
    
            //.RequestResourceOwnerPasswordAsync("bob", "bob", "read write offline_access").Result
    
            if (tokenResponse.IsError)
            {
                Console.WriteLine("Error: ");
                Console.WriteLine(tokenResponse.Error);
            }
    
            Console.WriteLine(tokenResponse.Json);
    
            return tokenResponse.AccessToken;
        }
    }
    
  • User Avatar
    0
    rattlehub created

    From what i can work out the logic to pass the user name and password is handled by Abp.ZeroCore.IdentityServer4. The IdentityServerRegistrar class in the Web.Core project seems to map it to the user. Is there anyway i can modify the RequestResourceOwnerPasswordAsync without brining in all the BoilerPlate projects into my project.

  • User Avatar
    0
    ismcagdas created
    Support Team

    @RattleHub have you solved your problem ?

  • User Avatar
    0
    rattlehub created

    I created a service to get the encrypted users details and then passed these credentials in the OAuth. I dint want to modify the source in Abp.ZeroCore.IdentityServer4 so i have a workaround thats acceptable. thanks