Machine to machine communication does not work as a client in appsettings.json #43656
Description
Is there an existing issue for this?
- I have searched the existing issues
Describe the bug
We have a SPA application with Angular that we have been developing since dotnet core 2.1.
We recently migrated the code to the new asp.net core 6 template with Angular in order to use the new IdentityServer (Duende).
In the version before the migration we had in the solution a windows service that listens to a port for data to be received and it transmits said data to our application via an API. The service of course, needs to login firstly in order to be able to post data. In the previous version of the application it was much simpler, we requested a Token via a login API, but it was not really safe. Now with the new version of the SPA we need to migrate also the service functionality, but it is much harder to request the token from the Authentication procedure.
A new client was added to the appsettings.json file, but no matter what is changed, it does not work.
The appsettings.json file is:
{
"ConnectionStrings": {
"DefaultConnection": "Server=(localdb)\\mssqllocaldb;Database=aspnet-Project1-53bc9b9d-9d6a-45d4-8429-2a2761773502;Trusted_Connection=True;MultipleActiveResultSets=true"
},
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
},
"IdentityServer": {
"Clients": {
"Project1": {
"Profile": "IdentityServerSPA"
},
"postman": {
"Profile": "IdentityServerSPA",
"scope": "openid",
"allowedGrantTypes": "client_credentials",
"secret": "8CA187C92A6A3892735CA9FDCC5AF91F4F423EE8CDA550158192CFE4219246AD",
"clientSecrets": [ "8CA187C92A6A3892735CA9FDCC5AF91F4F423EE8CDA550158192CFE4219246AD" ],
"allowedScopes": [ "api1", "Project1API", "openid", "offline_access" ]
}
},
"Resources": {
"API.postman": {
"Profile": "API",
"scope": "openid",
"allowedGrantTypes": "client_credentials",
"secret": "8CA187C92A6A3892735CA9FDCC5AF91F4F423EE8CDA550158192CFE4219246AD",
"clientSecrets": [ "8CA187C92A6A3892735CA9FDCC5AF91F4F423EE8CDA550158192CFE4219246AD" ],
"allowedScopes": [ "api1", "Project1API", "openid", "offline_access" ]
}
}
},
"AllowedHosts": "*"
}
As it can be seen, we tried to register postman both as a client and as a Resource.
Trying to connect with Postman as a client does work with the following configuration:
But this opens the Browser, which is not an option for a service, or any machine.
Trying to connect with the following configuration:
does not work with the following response:
Removing the Client "postman" from appsettings.json and trying to connect as a Resource only triggers the error "postman client does not exist".
We also tried to make the service login as a "human" by calling the
HttpClient.GetAsync("https://localhost/connect/authorize?response_type=code&client_id=SIGAD&scope=SIGADAPI%20openid%20profile&redirect_uri=https%3A%2F%2Flocalhost%2Fauthentication%2Flogin-callback&code_challenge=" + code_challenge + "&code_challenge_method=S256");
We receive an OK response, but we are stuck in POST-in the login to receive a token.
How can a service receive a token either as a machine client or POST the login to the Login.cshtml page?
Expected Behavior
A machine should be able to receive a token as in the Duende documentation and be able to POST data.
Steps To Reproduce
Create a new project;
Register a new client in appsettings.json
Try to receive a token with Postman or any other software/service/machine;
Exceptions (if any)
No response
.NET Version
6.0.101
Anything else?
No response