I have a basic IdentityServer4 token server, an Api, and a test client application setup using client_credentials based on the identityserver4 docs tutorial.
We have a pre-built client application that users log into with their existing credentials which is not tied into IdentityServer4. The client application will call the Api using the client_credentials workflow because I do not want to create multiple users for every client application that may need to access the Api.
Using the above setup with IdentityServer4 I have this working correctly with the client_Credentials workflow. The issue I am facing is although I do not need the individual user to authenticate themselves I still want to know who they are, by way of a user_id. I can simply add &user_id=9999 to the token request but I could not find a way to retrieve this information from the tokenserver at the time the request is made. After some research I came across the IExtensionGrantValidator which would allow me to add a cstom grant type and intercept the request and do some custom processing. The problem is even though it looks as if I set it up correctly I am still getting the invalid_grant error.
Here is the code:
public class CustomGrantValidator : IExtensionGrantValidator
{
public string GrantType => "custom_credentials";
public Task ValidateAsync(ExtensionGrantValidationContext context)
{
return Task.FromResult(context.Result);
}
}
In the new Client block:
AllowedGrantTypes =
{
GrantType.ClientCredentials,
"custom_credentials"
},
In Startup
.AddExtensionGrantValidator<CustomGrantValidator>();
I am new to IdentityServer4 and .net Core so I am sure I am doing something wrong or not understanding a fundamental mechanic here.