Squidex.Identity not working

Chris_G · March 28, 2019, 8:23am

This is from Squidex.Identity

fail: IdentityServer4.Validation.ScopeValidator[0]
      Invalid scope: permissions
fail: IdentityServer4.Endpoints.AuthorizeEndpoint[0]
      Request validation failed

Sebastian · March 28, 2019, 8:34am

I mean the code snippet. Sorry

Sebastian · March 28, 2019, 8:34am

If you are really interested and also want to help to drive it forward we could also make a skype session together.

Chris_G · March 28, 2019, 9:23am

github.com

Squidex/squidex-identity/blob/master/Squidex.Identity/Model/ClientStore.cs#L43


if (client == null)
{
    return null;
}


return new Client
{
    AllowAccessTokensViaBrowser = true,
    AllowedCorsOrigins = client.Data.AllowedCorsOrigins.OrDefault(),
    AllowedGrantTypes = client.Data.AllowedGrantTypes.OrDefault(),
    AllowedScopes = client.Data.AllowedScopes.OrDefault(),
    AllowOfflineAccess = client.Data.AllowOfflineAccess,
    ClientId = clientId,
    ClientName = client.Data.ClientName,
    ClientSecrets = client.Data.ClientSecrets.ToSecrets(),
    ClientUri = client.Data.ClientUri,
    LogoUri = apiClientManager.GenerateImageUrl(client.Data.Logo),
    RedirectUris = client.Data.RedirectUris.OrDefault(),
    RequireConsent = client.Data.RequireConsent,
    PostLogoutRedirectUris = client.Data.PostLogoutRedirectUris.OrDefault()
};

Sebastian · March 28, 2019, 9:34am

I don’t understand where this snippet is from:

What do you want to tell me with this screenshot?

And I also do not understand how you can still get the error about the permission scope.

What is a scope?

Scopes are identifiers for resources that a client wants to access. This identifier is sent to the OP during an authentication or token request.

By default every client is allowed to request tokens for every scope, but you can restrict that.

They come in two flavours.

Identity scopes = API Resources

Requesting identity information (aka claims) about a user, e.g. his name or email address is modeled as a scope in OpenID Connect.

There is e.g. a scope called profile that includes first name, last name, preferred username, gender, profile picture and more. You can read about the standard scopes here and you can create your own scopes in IdentityServer to model your own requirements.

Resource scopes = Identity Resources

Resource scopes identify web APIs (also called resource servers) - you could have e.g. a scope named calendar that represents your calendar API.

if you use a custom scope like permission you have to define it first.

There are a view default scopes: openid, email, profile (Casing is important)

More information about scopes: https://auth0.com/docs/scopes/current/oidc-scopes

Chris_G · March 28, 2019, 12:35pm

Oh~ I don’t need any extra scopes even ‘permission’, I don’t know how this error ‘Invalid scope: permissions’ come out, I just run and click Login or Signup it will be error. I type scopes in dashboard or source code just only because I wanner debug this error(but failed). So, I think it’s a bug too, ‘Invalid scope: permissions’ come out with original code and data.

The error message appeared inexplicable before I made the changes. I modified it(screenshots, input and snippet) just to debug this error. I don’t need any extra scopes including permissions.
Run and login -> error(‘Invalid scope: permissions’) -> input / code (try to debug) -> error too -> remove input / revert code -> same error.

I just hope that the login registration can be used successfully(No any other changes). I didn’t expect these problems along the way. I’m sorry, It is really troublesome for you.

Chris_G · April 1, 2019, 1:45pm

This issue has been fixed.

https://docs.squidex.io/getting-started/use-squidex-identity