Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Latest version not working with CustomFlow #548

Closed
Gillardo opened this issue Feb 5, 2018 · 3 comments
Closed

Latest version not working with CustomFlow #548

Gillardo opened this issue Feb 5, 2018 · 3 comments
Labels
question

Comments

@Gillardo
Copy link

Gillardo commented Feb 5, 2018

Not sure which version i was using before, 2.0.0-* but custom flows were working fine. Now i have updated and my custom flows are broken.

I am getting an error saying

This client application is not allowed to use the token endpoint.

Any idea why i am getting this??
@Gillardo
Copy link
Author

Gillardo commented Feb 5, 2018

I deleted all my openIddict tables, and wipes the initialCreate so all has setup fresh... Using the following code

// Create a new service scope to ensure the database context is correctly disposed when this methods returns.
using (var scope = app.ApplicationServices.GetRequiredService<IServiceScopeFactory>().CreateScope())
{
	// setup application
	var applicationDbContext = scope.ServiceProvider.GetRequiredService<ApplicationDbContext>();
	applicationDbContext.Database.Initialize(false);

	var manager = scope.ServiceProvider.GetRequiredService<OpenIddictApplicationManager<OpenIddictApplication>>();

	if (await manager.FindByClientIdAsync("api", cancellationToken) == null)
	{
		logger.LogInformation("Application missing in database, adding now...");

		var descriptor = new OpenIddictApplicationDescriptor
		{
			ClientId = "api",
			DisplayName = "m2iActiv Api",
			RedirectUris = { new Uri("http://www.my-url.com/signin-oidc") },
			PostLogoutRedirectUris = { new Uri("http://www.my-url.com/") }
		};

		await manager.CreateAsync(descriptor, cancellationToken);
	}
}

... save later

noticed there are a properties and permissions column now in openiddictapplications table, but they are blank??

@kevinchalet
Copy link
Member

kevinchalet commented Feb 5, 2018
edited

Applications must now be granted permissions to use the OAuth2/OIDC endpoints/flows.

The migration guide I wrote includes a script that adds all the permissions to existing applications. Since you didn't follow it, your Permissions column is empty.

Simply add the permissions you need and it will work. E.g:

var descriptor = new OpenIddictApplicationDescriptor
{
    ClientId = "api",
    DisplayName = "m2iActiv Api",
    RedirectUris = { new Uri("http://www.my-url.com/signin-oidc") },
    PostLogoutRedirectUris = { new Uri("http://www.my-url.com/") },
    Permissions =
    {
        OpenIddictConstants.Permissions.Endpoints.Token,
        OpenIddictConstants.Permissions.GrantTypes.Password,
        OpenIddictConstants.Permissions.GrantTypes.RefreshToken,
        OpenIddictConstants.Permissions.Prefixes.GrantType + "your custom grant type name",
    }
};

@kevinchalet kevinchalet mentioned this issue Feb 5, 2018
Closed
@kevinchalet
Copy link
Member

For the record, the application permissions feature is now optional. It's documented here: https://openiddict.github.io/openiddict-documentation/features/application-permissions.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kevinchalet @Gillardo