AppAuth-Android icon indicating copy to clipboard operation
AppAuth-Android copied to clipboard

Published 20 hours ago verified publisher icon openid

Open ID issues on Android Native. Authorisation code failure. Invalid Client ID

Open mohsinaliopt opened this issue 3 years ago • 4 comments

Checklist:

  • [ x] I am using the latest release
  • [ x] I searched for existing GitHub issues
  • [ x] I read the documentation
  • [ x] I verified the client configuration matches the information in the identity provider (or I am using dynamic client registration)
  • [x ] I am either using a custom URI scheme or https with App Links for client redirect.
  • [ x] I can reproduce the issue in the demo app (optional)

Configuration

  • Version: 0.10.0
  • Integration: (native(Java))
  • Identity provider: (Microsoft)

Issue Description

Open ID issues on Android Native. Says Authorization code failure results with Invalid Client ID. I have tried the same client ID and credentials, endpoints with a sample iOS app; it works perfectly, same works for the web application.

I have Used the sample: https://github.com/openid/AppAuth-Android and https://github.com/hadiidbouk/AppAuthIdentityServer4

but results are the same, help/feedback is appreciated. thanks in advance.

mohsinaliopt avatar Oct 03 '21 22:10 mohsinaliopt

Since you've tested this using the sample please provide your auth_config.json to better understand your configuration.

agologan avatar Oct 04 '21 18:10 agologan

Since you've tested this using the sample please provide your auth_config.json to better understand your configuration. auth_config.json:

{
  "client_id": "AndroidIdpClient",
  "client_secret":"123456",
  "redirect_uri": "packagename.test://callback",
  "end_session_redirect_uri": "net.openid.appauthdemo:/oauth2redirect",
  "authorization_scope": "openid email profile",
  "discovery_uri": "https://{URL}/.well-known/openid-configuration",
  "authorization_endpoint_uri": "https://{URL}/connect/authorize",
  "token_endpoint_uri": "https://{URL}/connect/token",
  "registration_endpoint_uri": "https://{URL}/connect/deviceauthorization",
  "user_info_endpoint_uri": "https://{URL}/connect/userinfo",
  "https_required": true
}

backend settings:

ClientName = "AndroidIdpClient",
ClientId = "AndroidIdpClient",
ProtocolType = "oidc",
Description = "AndroidIdpClient",
AlwaysIncludeUserClaimsInIdToken = true,
AllowOfflineAccess = true,
AbsoluteRefreshTokenLifetime = 31536000, //365 days
AccessTokenLifetime = 31536000, //365 days
AuthorizationCodeLifetime = 300,
IdentityTokenLifetime = 300,
RequireConsent = false,
RequirePkce = true,

mohsinaliopt avatar Oct 05 '21 13:10 mohsinaliopt

Not sure what is wrong here. Can you please tell where along the authentication workflow this breaks? Please keep in mind using client_secrets is discouraged as explained in the README.md

Also in the meantime here is a config from a recent test I ran against the IdentityServer demo environment. https://github.com/openid/AppAuth-Android/issues/744#issuecomment-933808401

agologan avatar Oct 07 '21 06:10 agologan

I had the same problem and it turned out it was caused by the time on the device being incorrectly set (it was a simulator and accidentally the clock went forward two hours). After I set the correct time on the device, the "Invalid Client ID" error vanished. You can find further information here:

https://github.com/openid/AppAuth-Android/issues/733

dg76 avatar May 27 '22 08:05 dg76

@mohsinaliopt Did you find any solution, i too have client_secret and getting the same Invalid_client error

softsan avatar Nov 28 '22 11:11 softsan

Yes. I was able to resolve this issue. I hardcoded the string values everywhere they were used. Rather than using R.string or a final interface member string. Just hardcode the values where needed.

mohsinaliopt avatar Nov 28 '22 12:11 mohsinaliopt

@mohsinaliopt - How did you use client_secret in the code?

softsan avatar Nov 28 '22 13:11 softsan