Identityserver implicit flow unauthorized_client

4
votes

I cannot seem to understand why do I get unauthorized_client from identityserver. I use oidc-client with Angular 4 ui and asp.net core of web APIs. I cannot connect to identity server as every time it is returning my client is unauthorized_client.

This is the registered client:

new Client
{
    ClientId = "EStudent",
    ClientName = "EStudent",
    AllowedGrantTypes = GrantTypes.Implicit,
    RequireClientSecret = false,
    AllowAccessTokensViaBrowser = true,
    AllowedCorsOrigins = { "http://localhost:63150" },
    LogoutSessionRequired = false,
    RequireConsent = false,
    AllowedScopes = new List<string>
    {
        IdentityServerConstants.StandardScopes.OpenId,
        IdentityServerConstants.StandardScopes.Profile,
        "UsersAPI",
    },
    AlwaysIncludeUserClaimsInIdToken = true,
    RedirectUris = {
        "http://localhost:63150/oauth.html"
    },
    PostLogoutRedirectUris = {
        "http://localhost:63150/",
        $"{this._baseAddress}/index.html"
    },
    AllowOfflineAccess = true,
}

This is the auth service in Angular: 

import { Injectable, EventEmitter } from '@angular/core';
import { Http, Headers, RequestOptions, Response } from '@angular/http';
import { Observable } from 'rxjs/Rx';

import { UserManager, User } from 'oidc-client';
import { environment } from '../../../environments/environment';

const settings: any = {
    authority: 'http://localhost:8200/oauth',
    client_id: 'EStudent',
    redirect_uri: 'http://localhost:63150/auth.html',
    post_logout_redirect_uri: 'http://localhost:63150/index.html',
    response_type: 'id_token token',
    scope: 'openid profile UsersAPI',

    silent_redirect_uri: 'http://localhost:63150/silent-renew.html',
    automaticSilentRenew: true,
    accessTokenExpiringNotificationTime: 4,
    // silentRequestTimeout:10000,

    filterProtocolClaims: true,
    loadUserInfo: true
};

@Injectable()
export class AuthService {
    mgr: UserManager = new UserManager(settings);
    userLoadededEvent: EventEmitter<User> = new EventEmitter<User>();
    currentUser: User;
    loggedIn = false;
    authHeaders: Headers;

    constructor(private http: Http) {
        this.mgr.getUser().then((user) => {
            if (user) {
                this.loggedIn = true;
                this.currentUser = user;
                this.userLoadededEvent.emit(user);
            } else {
                this.loggedIn = false;
            }
        }).catch((err) => {
            this.loggedIn = false;
        });

        this.mgr.events.addUserLoaded((user) => {
            this.currentUser = user;
            this.loggedIn = !(user === undefined);
            if (!environment.production) {
                console.log('authService addUserLoaded', user);
            }
        });

        this.mgr.events.addUserUnloaded((e) => {
            if (!environment.production) {
              console.log('user unloaded');
            }
            this.loggedIn = false;
        });
    }
}

And finally I make the call to identityserver like this: 

constructor(public oidcSecurityService: AuthService) { }

ngOnInit() {
    this.oidcSecurityService.mgr.signinRedirect();
}

The request which is sent looks like this: http://localhost:8200/oauth/connect/authorize?client_id=EStudent&redirect_uri=http%3A%2F%2Flocalhost%3A63150%2Fauth.html&response_type=id_token%20token&scope=openid%20profile%20UsersAPI&state=91ea5de6886a49a997704bbdb4beda0c&nonce=295e6bf737274ea18ee2f575c93d150b

1
angularasp.net-coreidentityserver4

1 Answers

8
votes

Your IdentityServer Client has a redirectUri that does not match that being used in the request:

http://localhost:63150/oauth.html

In the request, you use:

http://localhost:63150/auth.html

Note the missing o.