asp.net mvc login from identityserver4 with a invalid_request error

Question

today i use the demo of identityserver4 Build a validation server, and i can use the asp.net core client with openid login the client.

but i could not login my asp.net mvc5 client with openid, The error of the prompt is ： invalid_request,

here is my identityserver4 config code with getclient()

// clients want to access resources (aka scopes)
    public static IEnumerable<Client> GetClients()
    {
        // client credentials client
        return new List<Client>
        {
            // OpenID Connect hybrid flow and client credentials client (MVC)
            new Client
            {
                ClientId = "mvc",
                ClientName = "MVC Client",
                AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,

                RequireConsent = true,

                ClientSecrets = 
                {
                    new Secret("secret".Sha256())
                },

                RedirectUris = { "http://localhost:5002/signin-oidc" },
                PostLogoutRedirectUris = { "http://localhost:5002/signout-callback-oidc" },

                AllowedScopes =
                {
                    IdentityServerConstants.StandardScopes.OpenId,
                    IdentityServerConstants.StandardScopes.Profile,
                    "api1"
                },
                AllowOfflineAccess = true
            }
        };
    }
}

and the follow code is my asp.net mvc5 clent ConfigureAuth(),because the idenetiyServer4 define the ClientSecrets is "secret".Sha256(),so in this mvc client , i set the ClientSecret = GetSHA256HashFromString("secret"),i create prvate the method GetSHA256HashFromString() to convert the string to sha256.

here is my code:

public void ConfigureAuth(IAppBuilder app)
    {
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = "Cookies"
        });

        app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
        {
            AuthenticationType = "oidc",
            SignInAsAuthenticationType = "Cookies",
            Authority = "http://localhost:5000", //ID Server SSO Server
            ClientId = "mvc",
            ClientSecret = GetSHA256HashFromString("secret"),
            ResponseType = "code id_token",
            RedirectUri = "http://localhost:5002/signin-oidc", //URL of Client website
            PostLogoutRedirectUri = "http://localhost:5002/signout-callback-oidc", //URL of Client website
            Scope = "api1",
            AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Active,



            RequireHttpsMetadata = false,

        });

and i press f5 to run the mvc client ,and press the button of login,the brower can jump to the localhost:5000,but it is give me a error:

Sorry, there was an error : invalid_request and the other error info are : Request Id: 0HL9RHBTJIT3T:00000003**

thanks a lot.

Answer 1

The value of ClientSecret should be the actual secret value not the hashed one.

The secret is stored as hash when you use a persisted data storage to prevent an attacker to obtain your client's secrets in case if your storage is compromised.

In your case, The secret value is "secret". So the code will be ClientSecret = "secret"