{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 迷人小祖宗 的问题《IdentityServer3 works for Chrome but get invalid_c》','https://www.manongdao.com/q-1013613.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have a web portal that would use IdentityServer3 to authenticate the users. The user can log in without issues in Chrome but get Bad Request 400 - invalid_client when try to log in from Internet Explorer (Edge). Is there a setting I need to add in order for it to work with IE?
Identity Server setup:
var wIdentityServerServiceFactory = new IdentityServerServiceFactory()
.UseInMemoryClients(Clients.Get())
.UseInMemoryScopes(Scopes.Get());
var wDefaultCorsPolicyService = new DefaultCorsPolicyService
{
AllowAll = true
};
wIdentityServerServiceFactory.CorsPolicyService = new Registration<ICorsPolicyService>(wDefaultCorsPolicyService);
var wLocalUserService = new CorporateUserService();
wIdentityServerServiceFactory.UserService = new Registration<IUserService>(resolver => wLocalUserService);
var wIdentityServerOptions = new IdentityServerOptions
{
SiteName = "Cae Security",
SigningCertificate = Certificate.Get(),
Factory = wIdentityServerServiceFactory,
PluginConfiguration = ConfigurePlugins,
EnableWelcomePage = false
};
appBuilder.UseIdentityServer(wIdentityServerOptions);
Identity Server Client Setup:
public static IEnumerable<Client> Get()
{
return new List<Client>
{
new Client
{
ClientName = "Client Name",
ClientId = "clientId",
Enabled = true,
ClientSecrets = new List<Secret>
{
new Secret("secret".Sha256())
},
Flow = Flows.ResourceOwner,
AllowedScopes = new List<string>
{
"sample.com",
},
AccessTokenType = AccessTokenType.Jwt,
AccessTokenLifetime = 3600,
AbsoluteRefreshTokenLifetime = 86400,
SlidingRefreshTokenLifetime = 43200,
RefreshTokenUsage = TokenUsage.OneTimeOnly,
RefreshTokenExpiration = TokenExpiration.Sliding,
},
};
}
I have enabled logging and downloaded the IdentityServer3 source code to debug this issue.
Turns out that we can set the SecretParsers if we don't need client certificate validation. The problem goes away once I add the following to the IdentityServerServiceFactory()