Unable to get Access Token Via Fiddler IdentityServer3

1.1k Views Asked by At

I can successfully call my Api via a web browser. Using IdentityModel works fine. But when I try to call the Api via Fiddler I get invalid_client. My client information comes from a database based on the MembershipReboot Client tables.

I tried passing data via the Post Body and via Authentication basic. Both fail.

When calling using Authentication Basic encoded parameters I have the following>

    User-Agent: Fiddler
Host: qaquasaridentity
Content-Length: 0
Content-Type: application/x-www-form-urlencoded
Authorization: Basic  dGVzdC5hcGk6c2VjcmV0

The actual encoded value in Fiddler shows:

    No Proxy-Authorization Header is present.

Authorization Header is present: Basic  dGVzdC5hcGk6c2VjcmV0
Decoded Username:Password= test.api:secret

When I call using the Post Body for parameters the data passed is:

client_id=test.api
&client_secret=secret
&grant_type=client_credentials
&scope=testapi 

The Server log says

2017-01-20 12:06:13.968 -06:00 [Debug] Start client validation
2017-01-20 12:06:13.971 -06:00 [Debug] Start parsing Basic Authentication secret
2017-01-20 12:06:13.973 -06:00 [Debug] Start parsing for secret in post body
2017-01-20 12:06:13.973 -06:00 [Debug] No secret in post body found
2017-01-20 12:06:13.976 -06:00 [Debug] Start parsing for X.509 certificate
2017-01-20 12:06:13.976 -06:00 [Debug] client_id is not found in post body
w3wp.exe Information: 0 : 2017-01-20 12:06:13.976 -06:00 [Information] Parser found no secret
w3wp.exe Information: 0 : 2017-01-20 12:06:13.981 -06:00 [Information] No client secret found
w3wp.exe Information: 0 : 2017-01-20 12:06:13.983 -06:00 [Information] End token request
w3wp.exe Information: 0 : 2017-01-20 12:06:13.988 -06:00 [Information] Returning error: invalid_client

enter image description here I have the client_id and client_secret but the error log says otherwise. Can anyone explain what I am doing wrong? I can get my access_token via .NET on the backend but not via Fiddler.

1

There are 1 best solutions below

9
On

enter image description hereThe token endpoint does not take JSON, but form-data.

POST /connect/token

grant_type=client_credentials&client_id=test.api&client_secret=secret&scope=api

http://openid.net/specs/openid-connect-core-1_0.html#TokenRequest https://identityserver.github.io/Documentation/docsv2/endpoints/token.html