This article is part of a series called Setting up an Authorization Server with OpenIddict. The articles in this series will guide you through the...
For further actions, you may consider blocking this person and/or reporting abuse
Hi,
for client credential flow, code below not lead to include the claim in the access token
identity.AddClaim("some-claim", "some-value", OpenIddictConstants.Destinations.AccessToken);
The correct code is as below
identity.AddClaim(new Claim("some-claim2", "some-value2").SetDestinations(OpenIddictConstants.Destinations.AccessToken));
The first syntax not working (tested on OpenIddict V4 with dotnet 6.0)
I wonder could you expand a little on how you got to that "GET NEW ACCESS TOKEN" UI in Postman. I've installed it but never used it and I can't figure out how to follow your instructions from that point. UPDATE I figured it out but others would probably appreciate knowing how to do the test.
Hi Peter,
Here's an article which covers all you need to know about setting authorization headers for Postman requests: learning.postman.com/docs/sending-...
Focus on this part specifically: learning.postman.com/docs/sending-...
Hi Peter Wone,
It is "hidden" in the "Authorization" tab. After you click on it, select "OAuth 2.0" for the "Type" dropdown box.
To illustrate this, here's a simple picture with everything:
I believe this tiny bit should be added to Part III of this guide. It will avoid a HUGE time loss for many. Those already familiar with Postman probably can't tell how important a step this is.
This aside, this is an excellent guide, Robin! Thank you for making it so skillfully, thoughtfully and for keeping it both simple and easy to follow.
The only other suggestion I could give, though, would be to include steps on how to use OpenIddict with NHibernate instead, which is a much more robust, compatible and problem-free ORM than both Entity Framework and EFCore. There's currently no guide for this that I could tell, and since OpenIddict doesn't support it out-of-the-box, it might be a guide in and of itself (a "Part VII" for this guide, if you will).
Thank you!
Just wanted to leave a 2025 update to potential readers who might stumble upon this: someone has made an NHibernate implementation for OpenIddict (tested against v6.0.0), and it should be simple to use, although it may or may not need some bug fixes to work right: GitHub link.
Make sure to compile its NuGet package yourself (it's easy, no code modifications required), as it's not currently hosted on NuGet's website anymore.
Happy coding to everyone!
Hi.
When I finnished up this page I get an error frm JWT.IO saying
Error: Looks like tour JWT payload is not a valid JSON object. JWT payloads must be top level JSON objects as per tools.ietf.org/html/rfc7519#sectio...
Did I do something wrong in my coding or is this a normal behaviour ?
hahaha. And this is what happens when you dont read the complete instructions :D
Simply forgot to add the DisableEncryption method :D
Hands are faster than brains
thanks.
Machine A get token from AuthorizationServer, and try to send a request to machine B , how Machine B should connect to AuthorizationServer and validate the incoming token ?!
both Machine A and Machine B are Asp.Net Core app
Hi Reza,
That process is called introspection, where machine B asks the Authorization Server to validate the token.
First you need to set the introspection endpoint when setting up the Authorization Server:
You also need to give permission to Machine B (client) to use the introspection endpoint:
Regards,
Robin
thanks