openiddict-core
openiddict-core copied to clipboard
404 when requesting /connect/introspect
Hello, I have set up a website using the ASP.Net Identity Core. I've added OpenIddict to the web site for generating tokens for a Xamarin App which shall request an API (to get some website data). It works fine, I get a token using the PasswordFlow.
I want the API to use introspection for validation of the token. So I have added .SetIntrospectionEndpointUris("connect/introspect") I'm testing it using Postman, but I only get 404 Not Found.
If I add a controller with an introspect method, I get 200. But as far as I can see from the examples (Zirku) I should not do that? I guess there is some build-in controller method for introspect? Or am I wrong?
My setup looks like this:
`
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<ApplicationDbContext>(options =>
{
options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection"));
options.UseOpenIddict();
});
services.AddDatabaseDeveloperPageExceptionFilter();
services.AddDefaultIdentity<IdentityUser>(options => options.SignIn.RequireConfirmedAccount = false)
.AddEntityFrameworkStores<ApplicationDbContext>();
services.AddControllersWithViews();
services.AddOpenIddict(options =>
{
options.AddCore(coreOpts =>
{
coreOpts.UseEntityFrameworkCore().UseDbContext<ApplicationDbContext>();
});
options.AddServer(server =>
{
server.SetTokenEndpointUris("/connect/token");
server.SetIntrospectionEndpointUris("connect/introspect");
server.AllowPasswordFlow();
server.AddDevelopmentSigningCertificate();
server.AddDevelopmentEncryptionCertificate();
server.DisableAccessTokenEncryption();
server.RegisterScopes("api");
server.UseAspNetCore().EnableTokenEndpointPassthrough();
});
options.AddValidation(val =>
{
val.UseAspNetCore();
val.UseLocalServer();
});
});
services.AddHostedService<HostedApiClientService>();
}
`
The log says this:
Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request starting HTTP/1.1 POST https://localhost:44383/connect/introspect application/x-www-form-urlencoded 781 Microsoft.AspNetCore.HostFiltering.HostFilteringMiddleware: Trace: All hosts are allowed. Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware: Debug: POST requests are not supported Microsoft.AspNetCore.Routing.Matching.DfaMatcher: Debug: No candidates found for the request path '/connect/introspect' Microsoft.AspNetCore.Routing.EndpointRoutingMiddleware: Debug: Request did not match any endpoints OpenIddict.Server.OpenIddictServerDispatcher: Debug: The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+InferEndpointType. OpenIddict.Server.OpenIddictServerDispatcher: Debug: The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ValidateTransportSecurityRequirement. OpenIddict.Server.OpenIddictServerDispatcher: Debug: The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+InferIssuerFromHost. OpenIddict.Validation.OpenIddictValidationDispatcher: Debug: The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessRequestContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+InferIssuerFromHost. Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler: Debug: AuthenticationScheme: Identity.Application was not authenticated. Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request finished HTTP/1.1 POST https://localhost:44383/connect/introspect application/x-www-form-urlencoded 781 - 404 - - 27.1984ms
Hey,
Thanks for sponsoring the project, much appreciated!
Can you please try with /connect/introspect
instead of connect/introspect
to see if it makes any difference?
A small bug I should have seen myself. You saved my day. Thank you!
Glad it helped! I'll reopen this ticket and convert it to a bug report to track potential improvements to make the UX better (because well, it's quite hard to figure out what's going on).
Potential options:
- Throwing an exception when calling
Set*EndpointUris()
with a relative path that doesn't start with/
. This is the behavior we had before the OpenIddict server stack was decoupled from ASP.NET Core asPathString
always throws an exception in this case. - Fix the underlying code to ensure even
connect/introspect
works flawlessly.