IdentityServer4.Admin icon indicating copy to clipboard operation
IdentityServer4.Admin copied to clipboard

Published 20 hours ago verified publisher icon skoruba

Scopes not found in store

Open eleionomai opened this issue 3 years ago • 2 comments

Sometimes our IdentityServer (v2.0.1) fails to process requests and responds with 401 (unauthorized). After a restart of the sts api the error disappears and everything is working as expected.

Does anyone have an idea why this is happening?

Configuration

IdentityResources

|Id |Enabled|Name   |DisplayName         |Description                                                |Required|Emphasize|ShowInDiscoveryDocument|Created                   |Updated|NonEditable|
|---|-------|-------|--------------------|-----------------------------------------------------------|--------|---------|-----------------------|--------------------------|-------|-----------|
|2  |1      |openid |Your user identifier|                                                           |1       |0        |1                      |2021-04-02 22:20:39.039109|       |0          |
|3  |1      |profile|User profile        |Your user profile information (first name, last name, etc.)|0       |0        |1                      |2021-04-02 14:20:31.785247|       |0          |

ApiScopes

|Id |Name           |DisplayName     |Description|Required|Emphasize|ShowInDiscoveryDocument|Enabled|
|---|---------------|----------------|-----------|--------|---------|-----------------------|-------|
|5  |MyApi          |My API          |           |0       |0        |1                      |1      |

ApiResources

|Id |Enabled|Name           |DisplayName     |Description|Created                   |Updated|LastAccessed|NonEditable|AllowedAccessTokenSigningAlgorithms|ShowInDiscoveryDocument|
|---|-------|---------------|----------------|-----------|--------------------------|-------|------------|-----------|-----------------------------------|-----------------------|
|5  |1      |MyApi          |My API          |           |2020-02-21 12:56:20.381534|       |            |0          |                                   |0                      |

ApiResourceScopes

|Id |Scope          |ApiResourceId|
|---|---------------|-------------|
|5  |My Api         |5            |

Relevant parts of the log file

2021-07-21 23:36:20.354 +02:00 [Error] Scope "openid" not found in store.
2021-07-21 23:36:20.354 +02:00 [Error] Scope "profile" not found in store.
2021-07-21 23:36:20.354 +02:00 [Error] Request validation failed

2021-07-21 16:00:38.900 +02:00 [Error] Scope "MyApi" not found in store.
2021-07-21 16:00:38.900 +02:00 [Error] Invalid scopes requested, TokenRequestValidationLog { ClientId: "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", ClientName: "xxxxxxxxxx", GrantType: "client_credentials", Scopes: null, AuthorizationCode: "********", RefreshToken: "********", UserName: null, AuthenticationContextReferenceClasses: null, Tenant: null, IdP: null, Raw: [("grant_type": "client_credentials"), ("scope": "MyApi"), ("client_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"), ("client_secret": "***REDACTED***")] }

eleionomai avatar Jul 22 '21 07:07 eleionomai

I've moved the application to a new server and the problem seems to be solved.

The old environment was running multiple .Net versions:

Microsoft.AspNetCore.App 3.1.15 [/usr/lib64/dotnet/shared/Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 5.0.8 [/usr/lib64/dotnet/shared/Microsoft.AspNetCore.App]
Microsoft.NETCore.App 3.1.15 [/usr/lib64/dotnet/shared/Microsoft.NETCore.App]
Microsoft.NETCore.App 5.0.8 [/usr/lib64/dotnet/shared/Microsoft.NETCore.App]

Maybe the issue was due to this.

eleionomai avatar Jul 29 '21 13:07 eleionomai

Unfortunately the problem has occured again. This time the sts api didn't respond:

Error connecting to https://identity.xxxxxx.eu/.well-known/openid-configuration: Service Unavailable

After restart evereything is working as expected.

eleionomai avatar Aug 02 '21 07:08 eleionomai