OpenIdConnectProtocolException on Securing an ASP.NET Core Razor Pages app with OAuth tutorial

j.arensman

Hi all,

I am trying the Securing an ASP.NET Core Razor Pages app with OAuth tutorial. I have just created the Secure page, but when I want to open the Secure page, after logging in, I am getting the following exception:

Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolException: Message contains error: 'invalid_client', error_description: 'Invalid client authentication credentials.', error_uri: 'error_uri is null'.
   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.RedeemAuthorizationCodeAsync(OpenIdConnectMessage tokenEndpointRequest)
   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync()

System.Exception: An error was encountered while handling the remote login.
 ---> Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolException: Message contains error: 'invalid_client', error_description: 'Invalid client authentication credentials.', error_uri: 'error_uri is null'.
   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.RedeemAuthorizationCodeAsync(OpenIdConnectMessage tokenEndpointRequest)
   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync()
   --- End of inner exception stack trace ---
   at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

Does anyone have any idea how to solve this?

I am running the latest FustionAuth in Docker. And my SampleApp is running in .Net 5.0 with the following packages:

• Microsoft.AspNetCore.Authentication.OpenIdConnect v5.0.1
• IdentityModel.AspNetCore v3.0.0

dan

@j-arensman

I just looked at the sample code and it looks like the library versions are different from what you are running: https://github.com/FusionAuth/fusionauth-example-asp-netcore/blob/master/SampleApp/SampleApp.csproj

Looks like IdentityModel.AspNetCore needs to be version 1.0.0` not v3. Have you tried backrevving the libraries and see if you still see the issue?

Are you setting the environment variables on the command line when you run it?

j.arensman

Hi @dan,

Thanks for your reply, I have downgraded the packages to the versions used in the example you provided, but that made no difference. But thanks to your comment I was checking the ClientSecret while debuggen and it turned out that some Windows environment variable also was named SampleApp__ClientSecret and thus was overwriting the value I provided in my appsettings.json. After setting the ClientSecret in the immediate window in Visual Studio, I was able to redirect after logging in. Now, I only have to figure out which application is setting the SampleApp__ClientSecret environment variable.

dan

Great!

Note that you can also change the FusionAuth tutorial to use a different environment variable for the client secret.