How to get Api token using client secret key ? #1088 | Support Center | ABP Commercial

Naren created 3 years ago

need full steps to set client secret key and how to use in postman to get token.

I want to get api token based on client secrete key and gives error "Invalid_Client" when we set require client secret in abp commercial settings.hope now you understand. give us the steps to use client secret as required and how to get the token with client secret key in postman.

10 Answer(s)

0

maliming created 3 years ago
Support Team Fullstack Developer

hi Naren

I will try to share the full steps and code.

maliming created 3 years ago

Support Team Fullstack Developer

[10:24:04 DBG] Secret validators could not validate secret
[10:24:04 INF] {"ClientId": "QAX_App", "Category": "Authentication", "Name": "Client Authentication Failure", "EventType": "Failure", "Id": 1011, "Message": "Invalid client secret", "ActivityId": "0HM7F6ITJS7FV:00000006", "TimeStamp": "2021-03-25T02:24:04.0000000Z", "ProcessId": 16676, "LocalIpAddress":
"::1:44328", "RemoteIpAddress": "::1", "$type": "ClientAuthenticationFailureEvent"}
[10:24:04 ERR] Client secret validation failed for client: QAX_App.
[10:24:04 INF] Request finished HTTP/1.1 POST https://localhost:44328/connect/token application/x-www-form-urlencoded 71 - 400 - application/json;+charset=UTF-8 43.6361ms

After add Client_Secret:

[10:26:16 INF] Request starting HTTP/1.1 POST https://localhost:44328/connect/token application/x-www-form-urlencoded 95
[10:26:16 DBG] Request path /connect/token matched to endpoint type Token
[10:26:16 DBG] Endpoint enabled: Token, successfully created handler: IdentityServer4.Endpoints.TokenEndpoint
[10:26:16 INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.TokenEndpoint for /connect/token
[10:26:16 DBG] Start token request.
[10:26:16 DBG] Start client validation
[10:26:16 DBG] Start parsing Basic Authentication secret
[10:26:16 DBG] Start parsing for secret in post body
[10:26:16 DBG] Parser found secret: PostBodySecretParser
[10:26:16 DBG] Secret id found: QAX_App
[10:26:16 DBG] client configuration validation for client QAX_App succeeded.
[10:26:16 DBG] Secret validator success: HashedSharedSecretValidator
[10:26:16 DBG] Client validation success
[10:26:16 INF] {"ClientId": "QAX_App", "AuthenticationMethod": "SharedSecret", "Category": "Authentication", "Name": "Client Authentication Success", "EventType": "Success", "Id": 1010, "Message": null, "ActivityId": "0HM7F6ITJS7FV:00000008", "TimeStamp": "2021-03-25T02:26:16.0000000Z", "ProcessId": 1667
6, "LocalIpAddress": "::1:44328", "RemoteIpAddress": "::1", "$type": "ClientAuthenticationSuccessEvent"}
[10:26:16 DBG] Start token request validation
[10:26:16 DBG] Start resource owner password token request validation
[10:26:16 WRN] Ldap login feature is not enabled!
[10:26:16 INF] Credentials validated for username: admin
[10:26:16 INF] {"Username": "admin", "Provider": null, "ProviderUserId": null, "SubjectId": "8a0ff9af-ed31-29e9-fc65-39fb795c9baa", "DisplayName": null, "Endpoint": "Token", "ClientId": "QAX_App", "Category": "Authentication", "Name": "User Login Success", "EventType": "Success", "Id": 1000, "Message": n
ull, "ActivityId": "0HM7F6ITJS7FV:00000008", "TimeStamp": "2021-03-25T02:26:16.0000000Z", "ProcessId": 16676, "LocalIpAddress": "::1:44328", "RemoteIpAddress": "::1", "$type": "UserLoginSuccessEvent"}
[10:26:16 DBG] Resource owner password token request validation success.
[10:26:16 INF] Token request validation success, {"ClientId": "QAX_App", "ClientName": "QAX_App", "GrantType": "password", "Scopes": "address email offline_access openid phone profile QAX role", "AuthorizationCode": "********", "RefreshToken": "********", "UserName": "admin", "AuthenticationContextRefere
nceClasses": null, "Tenant": null, "IdP": null, "Raw": {"Client_Id": "QAX_App", "UserName": "admin", "Password": "***REDACTED***", "grant_type": "password", "Client_Secret": "***REDACTED***"}, "$type": "TokenRequestValidationLog"}
[10:26:16 DBG] Getting claims for access token for client: QAX_App
[10:26:16 DBG] Getting claims for access token for subject: 8a0ff9af-ed31-29e9-fc65-39fb795c9baa
[10:26:16 DBG] Creating refresh token
[10:26:16 DBG] Setting an absolute lifetime: 31536000
[10:26:16 INF] {"ClientId": "QAX_App", "ClientName": "QAX_App", "RedirectUri": null, "Endpoint": "Token", "SubjectId": "8a0ff9af-ed31-29e9-fc65-39fb795c9baa", "Scopes": "address email offline_access openid phone profile QAX role", "GrantType": "password", "Tokens": [{"TokenType": "refresh_token", "TokenV
alue": "****B62F", "$type": "Token"}, {"TokenType": "access_token", "TokenValue": "****497A", "$type": "Token"}], "Category": "Token", "Name": "Token Issued Success", "EventType": "Success", "Id": 2000, "Message": null, "ActivityId": "0HM7F6ITJS7FV:00000008", "TimeStamp": "2021-03-25T02:26:16.0000000Z",
"ProcessId": 16676, "LocalIpAddress": "::1:44328", "RemoteIpAddress": "::1", "$type": "TokenIssuedSuccessEvent"}
[10:26:16 DBG] Token request success.
[10:26:16 INF] Request finished HTTP/1.1 POST https://localhost:44328/connect/token application/x-www-form-urlencoded 95 - 200 - application/json;+charset=UTF-8 220.1673ms

0

Naren created 3 years ago

We set secret client required here. using this secret key in postman. getting same invalid_client
0

maliming created 3 years ago
Support Team Fullstack Developer

hi

Please share the error logs of invalid_client.
0

Naren created 3 years ago

Hi Where we will get this error log?
0

maliming created 3 years ago
Support Team Fullstack Developer

It's located at Logs/logs.txt by default.
0

Naren created 3 years ago

2021-03-25 11:56:57.205 +05:30 [INF] Request starting HTTP/1.1 POST https://localhost:44318/connect/token application/x-www-form-urlencoded 137 2021-03-25 11:56:57.221 +05:30 [DBG] Request path /connect/token matched to endpoint type Token 2021-03-25 11:56:57.236 +05:30 [DBG] Endpoint enabled: Token, successfully created handler: IdentityServer4.Endpoints.TokenEndpoint 2021-03-25 11:56:57.236 +05:30 [INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.TokenEndpoint for /connect/token 2021-03-25 11:56:57.236 +05:30 [DBG] Start token request. 2021-03-25 11:56:57.236 +05:30 [DBG] Start client validation 2021-03-25 11:56:57.236 +05:30 [DBG] Start parsing Basic Authentication secret 2021-03-25 11:56:57.236 +05:30 [DBG] Start parsing for secret in post body 2021-03-25 11:56:57.236 +05:30 [DBG] Parser found secret: PostBodySecretParser 2021-03-25 11:56:57.236 +05:30 [DBG] Secret id found: xxxxx 2021-03-25 11:56:57.248 +05:30 [DBG] client configuration validation for client xxxxx succeeded. 2021-03-25 11:56:57.248 +05:30 [DBG] No matching hashed secret found. 2021-03-25 11:56:57.248 +05:30 [DBG] Secret validators could not validate secret 2021-03-25 11:56:57.248 +05:30 [INF] {"ClientId":"xxxxx","Category":"Authentication","Name":"Client Authentication Failure","EventType":"Failure","Id":1011,"Message":"Invalid client secret","ActivityId":","TimeStamp":"2021-03-25T06:26:57.0000000Z","ProcessId":,"LocalIpAddress,"RemoteIpAddress"","$type":"ClientAuthenticationFailureEvent"} 2021-03-25 11:56:57.248 +05:30 [ERR] Client secret validation failed for client: xxxxx.
0

maliming created 3 years ago
Support Team Fullstack Developer

hi

I want to check it remotely.

https://zoom.us/j/99623357334?pwd=YXFPK3A2QWQxUDJTK1ZONXg5cXBRZz09
0

maliming created 3 years ago
Support Team Fullstack Developer

Solved
0

Naren created 3 years ago

Thanks

Have an answer to this question? Log in and write your answer.