Issue with identity server #4577

rattlehub created 6 years ago

I have logged in to the portal and it works fine but i have enabled the Identity Server to test the console app but keep getting the error {{ "error": "invalid_grant", "error_description": "invalid_username_or_password" }} Any idea how i solve this. The only change i have made was to enable IdentityServer Yet i have double checked the credentials and i can log in. Could it be 2 factor authentication (If so how would we handle this via the API) Thanks

7 Answer(s)

0

rattlehub created 6 years ago

To clarify. Do i need to authenticate against the MVC or Host Project as well. Ive only enabled Identity Server on the Host project as i only need it to connect to the API. Also is there a point i can set a breat point to debug. I put a break on every debug point i could find but i get the error almost instantly.
0

rattlehub created 6 years ago

I have worked out the issue. The username is encrypted in the db and so i have to look for the encrypted record. The problem is i cant see which controller gets the authentication. Could you please advise me how to attach to the authenticate request.

alper created 6 years ago

Support Team

I guess you'r asking this;

Host URL:

http://MyDomain.com/api/TokenAuth/Authenticate

Post Data:

{"userNameOrEmailAddress":"admin","password":"MyPassword","rememberClient":false,"twoFactorRememberClientToken":null,"singleSignIn":false,"returnUrl":null}

rattlehub created 6 years ago

No that is via the api, not using IdentityServer and OAuth. Calling it via the api worksbut im trying to use the OAuth client as its set up in the console app.
This line of the code ....await tokenClient.RequestResourceOwnerPasswordAsync("admin", "123qwe", "default-api"); I have looked at every controller and added breakpoints on every login i can find but what Controller does RequestResourceOwnerPasswordAsync even call. It sounds simple but i cant find it. I point the Host server at <a class="postlink" href="http://localhost:22742/">http://localhost:22742/</a>

private static async Task&lt;string&gt; GetAccessTokenViaOwnerPasswordAsync()
{
    var disco = await DiscoveryClient.GetAsync(ServerUrlBase);

    using (var httpHandler = new HttpClientHandler())
    {
        httpHandler.CookieContainer.Add(new Uri(ServerUrlBase), new Cookie(MultiTenancyConsts.TenantIdResolveKey, "1")); //Set TenantId

        var tokenClient = new TokenClient(disco.TokenEndpoint, "client", "def2edf7-5d42-4edc-a84a-30136c340e13", httpHandler);
        var tokenResponse = await tokenClient.RequestResourceOwnerPasswordAsync("admin", "123qwe", "default-api");

        //.RequestResourceOwnerPasswordAsync("bob", "bob", "read write offline_access").Result

        if (tokenResponse.IsError)
        {
            Console.WriteLine("Error: ");
            Console.WriteLine(tokenResponse.Error);
        }

        Console.WriteLine(tokenResponse.Json);

        return tokenResponse.AccessToken;
    }
}

0

rattlehub created 6 years ago

From what i can work out the logic to pass the user name and password is handled by Abp.ZeroCore.IdentityServer4. The IdentityServerRegistrar class in the Web.Core project seems to map it to the user. Is there anyway i can modify the RequestResourceOwnerPasswordAsync without brining in all the BoilerPlate projects into my project.
0

ismcagdas created 6 years ago
Support Team

@RattleHub have you solved your problem ?
0

rattlehub created 6 years ago

I created a service to get the encrypted users details and then passed these credentials in the OAuth. I dint want to modify the source in Abp.ZeroCore.IdentityServer4 so i have a workaround thats acceptable. thanks

Have an answer to this question? Log in and write your answer.