User Activities - jopperman@waltons.co.za

Identity Server client_credentials Grant Type #3834

2 years ago Question

ABP Framework version: v5.3.3
UI type: Blazor Server
DB provider: EF Core
Tiered (MVC) or Identity Server Separated (Angular): no
Exception message and stack trace: [23:06:20 INF] Request starting HTTP/2 GET https://localhost:44308/api/app/invoices?AccountCode=GPXYZ824&CreatedDateTimeMin=2022-09-01&CreatedDateTimeMax=2022-12-31 - - [23:06:21 DBG] PermissionStore.GetCacheItemAsync: pn:C,pk:ClientDemo,n:Titan.Invoices [23:06:21 DBG] Found in the cache: pn:C,pk:ClientDemo,n:Titan.Invoices [23:06:21 INF] Authorization failed. These requirements were not met: PermissionRequirement: Titan.Invoices [23:06:21 INF] AuthenticationScheme: Bearer was forbidden. [23:06:21 INF] Request finished HTTP/2 GET https://localhost:44308/api/app/invoices?AccountCode=GPXYZ824&CreatedDateTimeMin=2022-09-01&CreatedDateTimeMax=2022-12-31 - - - 403 - - 4.2358ms

Hi, we are attempting to authenticate an external system using the client_credentials grant type.

We have setup the client through the Identity Server UI and granted permission. We are able to retrieve a token from /connect/token that includes a scope and the audience however when we use the token to access any API we receive the above error stating that permissions are not granted.

If we create a regular user and authenticate through the password grant type we are able to access the API however this is not what we want as the credentials could be used to access the frontend.

I have aligned the settings (incl permissions) for the new client with the default ProjectName_App client. If I use ProjectName_App as the client_id the API calls complete successfully. if I use the test client it fails due to permissions.

The tokens received back are near identical, only difference is the client_id

What am I missing?

Activities of "jopperman@waltons.co.za"