IResourceOwnerPasswordValidator isn't being called?

[dasjestyr]

• I read and understood how to enable logging

Issue / Steps to reproduce the problem

Relevant parts of the log file

<log goes here>

Using stackoverflow as a reference: http://stackoverflow.com/questions/35304038/identityserver4-register-userservice-and-get-users-from-database-in-asp-net-core/35306021

I'm really just trying to progress beyond the quickstart and implement my own user store, etc. From what little I can find around the net, it seems that I just need to implement IProfileService and IResourceOwnerPasswordValidator. I've done so, but during login, all user/password combos just fail. I can't even get a breakpoint to be hit in the IResourceOwnerPasswordValidator implementation. A couple questions: 1) Am I missing something? and 2) Is there somewhere in the docs where it shows a more practical setup for IdentityServer4 (using real user, claims, client, etc., providers?

In Startup.cs

public void ConfigureServices(IServiceCollection services)
{
	TelemetryConfiguration.Active.DisableTelemetry = true;
	var identityServerConfig = services.AddIdentityServer();
	identityServerConfig.AddInMemoryIdentityResources(Config.GetIdentityResources());
	identityServerConfig.AddInMemoryClients(Config.GetClients());
	identityServerConfig.AddInMemoryPersistedGrants();
	identityServerConfig.Services.AddTransient<IProfileService, ProfileService>();
	identityServerConfig.Services.AddTransient<IResourceOwnerPasswordValidator, PasswordValidator>();

	services.AddMvc();
}

The implementations

public class ProfileService : IProfileService
{
	public async Task GetProfileDataAsync(ProfileDataRequestContext context)
	{
		var subject = context.Subject;
	}

	public async Task IsActiveAsync(IsActiveContext context)
	{
		context.IsActive = false;
	}
}

public class PasswordValidator : IResourceOwnerPasswordValidator
{
	public async Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
	{
		var userName = context.UserName;
		var password = context.Password;

		context.Result = new GrantValidationResult(
			subject: userName,
			authenticationMethod: "",
			claims: new []{new Claim("name", "whatever")});
	}
}

Thanks

[leastprivilege]

In which situation do you expect the resource owner validator to be called?

[dasjestyr]

Define "situation" ?

Shouldn't this be called right when the user enters their username and password?

[brockallen]

Shouldn't this be called right when the user enters their username and password?

Only if the client is collecting them and using resource owner password grant type.

[kazantsev-nikita]

@brockallen @leastprivilege I have the same issue, but problem is with AddCustomAuthorizeRequestValidator. I can't even get a breakpoint to be hit in the ICustomAuthorizeRequestValidator implementation of method ValidateAsync. Is there any settings that I could miss?

[Icad1]

I added the 2.0.0 release nuget of IdentityServer4 into my solution manually and the validator was called afterwards. Now that the new VS version is released it should work as nuget as well but I did not test it so far. The previous nuget version did not work for me too.
kazantsev-nikita did you update your Visual Studio to the newest version, so you can import the 2.0.0 nuget?

[kazantsev-nikita]

@Icad1 are you talking about preview version?

2.0.0 release nuget of IdentityServer4

I'm using VS 2017 15.3, so I haven't any problems to install IdentityServer4 2.0.0-preview3 version with Package Manager. But I still have problem with breakpoint hitting. I asked question on stackoverflow but nobody tell me what I miss.

[alexandra142]

I had the same problem. I created custom grant instead.
Create a class CustomValidationGrant which implements : IExtensionGrantValidator where TUser : IdentityUser, new(), there is a parameter GrantType , for this instance I can call it"custom"
in startUp.cs add services.AddIdentityServer() .AddExtensionGrantValidator<CustomValidationGrant >()
Don't forget to allow a grantType for your client.

In consolle Application you can use something like this:

var discoveryClient = new DiscoveryClient("http://localhost:5000");
discoveryClient.Policy.RequireHttps = false;
var doc = await discoveryClient.GetAsync();
var parameters = new Dictionary<string, string>();
parameters.Add("scope", "MyScope");
parameters.Add("client_secret", "SomeSecret");
parameters.Add("UserName", "UserName");
parameters.Add("Password", "Password");

        var tokenResponse = await client.RequestTokenAsync(new TokenRequest
        {
            Address = tokenEndpoint,
            ClientId = "your client",
            GrantType = "custom",
            Parameters = parameters
        });

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.