Can you share the exact logs from identity server?
Hi Sebastian,
Below are the logs from the Identity Server.
fail: IdentityServer4.Stores.ValidatingClientStore[0]
Invalid client configuration for client 930857497838-gos2rg1mvcmpo3q234jdvmmkl1gq5ov8.apps.googleusercontent.com: no allowed grant type specified
fail: IdentityServer4.Validation.AuthorizeRequestValidator[0]
Unknown client or not enabled: 930857497838-gos2rg1mvcmpo3q234jdvmmkl1gq5ov8.apps.googleusercontent.com
{
"SubjectId": "anonymous",
"RequestedScopes": "",
"Raw": {
"scope": "openid",
"redirect_uri": "http://squidex.centralus.cloudapp.azure.com/profile",
"state": "abc",
"nonce": "xyz",
"client_secret": "12345",
"response_type": "token",
"grant_type": "client_credentials",
"client_id": "930857497838-gos2rg1mvcmpo3q234jdvmmkl1gq5ov8.apps.googleusercontent.com"
}
}
fail: IdentityServer4.Endpoints.AuthorizeEndpoint[0]
Request validation failed
Have you sent the grant type for your client to client_credentials?
Yes it is sent as client_credentials. I got it working on my app. But when I register it doesn’t automatically redirect me to the app even though i have mentioned the correct redirect_uri.
What have you done to fix it? Have you got any logs about redirect urls?
I changed the grant type to implicit and attached nonce and state with the endpoint call.
There are no logs coming up. I think there is no as such error. I want to redirect the user to my app when the registration is done on the identity server which is not happening currently
Have you added the allowed redirect uri to your app?
If this does not work either, it would be very great to get something to reproduce it, for example a simple html app that implements login as well and access to your production system.’
You can also debug the identity server, there is no guarantee that it is bug free. Unfortunately I do not have that much time for identity server at the moment as there is so much to do.
Yes i have added the allowed redirect uri to the android app. I’ll try the other part you mentioned.
1 Like
@Sebastian The redirect is working now but when i am trying to get the token it does not show anything in the app. I am sending the client secret as well in the URL. Does it have to be encoded?
Logs:
IdentityServer4.Validation.ClientSecretValidator[0]
Client secret validation failed for client: 930857497838-gos2rg1mvcmpo3q234jdvmmkl1gq5ov8.apps.googleusercontent.com.
When you create the secret you have to enter it as a hash, e.g.use a random value and then hash it with: https://emn178.github.io/online-tools/sha256.html
What was the problem with redirect?
It was related to passing correct scope and all the other related parameters.
For the client secret, i have to update the same on the client in CMS as well right?
Yes, that’s correct. Btw: It would be very awesome if you could write a page for the docs about it
Sure… Will do. 
And I am still not able to get the token even though I am passing the same hashed client secret which is mentioned in CMS. It still throws the same error. I don’t know if i am missing a step or something.
What token are you talking about?
With client_credentials flow you do not get that much information, because you are not authenticating in the name of a user.
The token which i’ll get from http://URL/connect/token by passing the authorization code which will then be used to get the user info from the cms using http://URL/connect/userinfo endpoint.
Also the response type which I am requesting is code which gives the authorization code not client_credentials anymore as we want authentication.
I think you need the implicit flow and response type should be id_token token
But if i use id_token token and implicit flow, I am not able to get the authorization_code while calling the http://url/connect/authorize endpoint.
I think you do not have to call the endpoint manually.
Hey Sebastian, I am now able to get the user info by passing the access token. Can you please help me regarding how to refresh a token… And also is there a way to extend the expiry time of the token in the identity server. @Sebastian