You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Dec 13, 2022. It is now read-only.
The HashedSharedSecretValidator does not check for nulls before trying to Convert from Base64.
Issue / Steps to reproduce the problem
Good question. Actually I do not know what is causing this.
I added to a working instance of IdentityServer4 (v2.4.0) a MVC Client as described in the samples. Whenever I try to Authenticate from that MVC Client, I am getting an HTML Error Page send back to the Client using Post instead of the Json Token.
I already tried the sample MVC Client and the same happens, so it seems to be related to the IdentityServer configuration(?).
Nevertheless - as I am still investigating this issue offline - a better exception message could have already helped me finding the position.
Relevant parts of the log file
[15:18:50 VRB] Calling into client configuration validator: IdentityServer4.Validation.DefaultClientConfigurationValidator
[15:18:50 DBG] client configuration validation for client ManagementAPIClient succeeded.
[15:18:50 FTL] Unhandled exception: Value cannot be null.
Parameter name: s
System.ArgumentNullException: Value cannot be null.
Parameter name: s
at System.Convert.FromBase64String(String s)
at IdentityServer4.Validation.HashedSharedSecretValidator.ValidateAsync(IEnumerable`1 secrets, ParsedSecret parsedSecret) in C:\local\identity\server4\IdentityServer4\src\IdentityServer4\src\Validation\Default\HashedSharedSecretValidator.cs:line 71
at IdentityServer4.Validation.SecretValidator.ValidateAsync(ParsedSecret parsedSecret, IEnumerable`1 secrets) in C:\local\identity\server4\IdentityServer4\src\IdentityServer4\src\Validation\Default\SecretValidator.cs:line 59
at IdentityServer4.Validation.ClientSecretValidator.ValidateAsync(HttpContext context) in C:\local\identity\server4\IdentityServer4\src\IdentityServer4\src\Validation\Default\ClientSecretValidator.cs:line 83
at IdentityServer4.Endpoints.TokenEndpoint.ProcessTokenRequestAsync(HttpContext context) in C:\local\identity\server4\IdentityServer4\src\IdentityServer4\src\Endpoints\TokenEndpoint.cs:line 78
at IdentityServer4.Endpoints.TokenEndpoint.ProcessAsync(HttpContext context) in C:\local\identity\server4\IdentityServer4\src\IdentityServer4\src\Endpoints\TokenEndpoint.cs:line 70
at IdentityServer4.Hosting.IdentityServerMiddleware.Invoke(HttpContext context, IEndpointRouter router, IUserSession session, IEventService events) in C:\local\identity\server4\IdentityServer4\src\IdentityServer4\src\Hosting\IdentityServerMiddleware.cs:line 54
The text was updated successfully, but these errors were encountered:
The HashedSharedSecretValidator does not check for nulls before trying to Convert from Base64.
Issue / Steps to reproduce the problem
Good question. Actually I do not know what is causing this.
I added to a working instance of IdentityServer4 (v2.4.0) a MVC Client as described in the samples. Whenever I try to Authenticate from that MVC Client, I am getting an HTML Error Page send back to the Client using Post instead of the Json Token.
I already tried the sample MVC Client and the same happens, so it seems to be related to the IdentityServer configuration(?).
Nevertheless - as I am still investigating this issue offline - a better exception message could have already helped me finding the position.
Relevant parts of the log file
The text was updated successfully, but these errors were encountered: