Hi,
during seed operations i get this error:

Unhandled Exception: System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore.DatabaseErrorPageMiddleware.System.IObserver<System.Collections.Generic.KeyValuePair<System.String,System.Object>>.OnNext(KeyValuePair'2 keyValuePair)
at System.Diagnostics.DiagnosticListener.Write(String name, Object value)
at Microsoft.EntityFrameworkCore.Internal.CoreLoggerExtensions.SaveChangesFailed(IDiagnosticsLogger'1 diagnostics, DbContext context, Exception exception)
at Microsoft.EntityFrameworkCore.DbContext.SaveChanges(Boolean acceptAllChangesOnSuccess)
at Microsoft.EntityFrameworkCore.DbContext.SaveChanges()
at IdentityServerWithAspIdAndEF.SeedData.EnsureSeedData(ConfigurationDbContext context) in C:\Users\Marco\desktop\vsprojects\host\SeedData.cs:line 119
at IdentityServerWithAspIdAndEF.SeedData.EnsureSeedData(IServiceProvider serviceProvider) in C:\Users\Marco\desktop\vsprojects\host\SeedData.cs:line 29
at IdentityServerWithAspIdAndEF.Program.Main(String[] args) in C:\Users\Marco\desktop\vsprojects\host\Program.cs:line 39

i'm using sqlserver instead of sqllite

here my startup.cs (relevant code only)

`  services.AddDbContext<ApplicationDbContext>(options =>
            options.UseSqlServer(connectionString));

         services.AddIdentity<ApplicationUser, IdentityRole>()
            .AddEntityFrameworkStores<ApplicationDbContext>()
            .AddDefaultTokenProviders();

        services.AddMvc();

        services.Configure<IISOptions>(iis =>
        {
            iis.AuthenticationDisplayName = "Windows";
            iis.AutomaticAuthentication = false;
        });

        var builder = services.AddIdentityServer(options =>
            {
                options.Events.RaiseErrorEvents = true;
                options.Events.RaiseInformationEvents = true;
                options.Events.RaiseFailureEvents = true;
                options.Events.RaiseSuccessEvents = true;
            })
            .AddAspNetIdentity<ApplicationUser>()
            // this adds the config data from DB (clients, resources)
            .AddConfigurationStore(options =>
            {
                options.ConfigureDbContext = b =>
                    b.UseSqlServer(connectionString,
                        sql => sql.MigrationsAssembly(migrationsAssembly));
            })
            // this adds the operational data from DB (codes, tokens, consents)
            .AddOperationalStore(options =>
            {
                options.ConfigureDbContext = b =>
                    b.UseSqlServer(connectionString,
                        sql => sql.MigrationsAssembly(migrationsAssembly));

                // this enables automatic token cleanup. this is optional.
                options.EnableTokenCleanup = true;
                // options.TokenCleanupInterval = 15; // frequency in seconds to cleanup stale grants. 15 is useful during debugging
            });`

No closed issues help me to understand problem origin.
Database creation was done correctly
Why i get this error?

The templates that include a home page view link to IdentityServer4.Samples repo which does not exist.

I was spinning up a new project and thought I would try out the new templates. I tried the following and couldn't build.

mkdir IdentityServerTest
pushd IdentityServerTest
dotnet new is4
dotnet new is4ui

dotnet restore
dotnet build

The errors made it look like MVC was missing so I then added MVC and it built without issue.

dotnet add package Microsoft.AspNetCore.Mvc -v 1.1.2
dotnet restore
dotnet build

Not sure if the expectation was to just add the UI files and require the dev to add dependencies or if it should handle the dependency addition.

I tried reading through the documentation for templating and didn't see a clear path on how to simply add the equivalent of the dotnet add package to the process. After reading, I was wondering if making the UI piece an optional parameter to is4 could help solve adding it without forcing MVC on is4. I know the tooling is really new so I was just wondering.

I've installed the latest templates using dotnet new -i identityserver4.templates and am getting the following error when trying to generate the new is4admin template:

~/> dotnet new is4admin
Object reference not set to an instance of an object.

As per suggestion from @ChrisKlug

Even if "illegal" ?

instead of Sql Server?

Question

How to install IdentityServer4.Templates in Visual studio 2019 and .net core 3.1 cli?

dotnet new -i identityserver4.templates

nothing happens when i run the command dotnet new -i identityserver4.templates and templates are not listed.

I'm running "dotnet new is4ef" and it gets stuck when trying to seed. The output in the package manager console is as follows:

dotnet new is4ef --force
The template "IdentityServer4 with Entity Framework Stores" was created successfully.
Processing post-creation actions...
Template is configured to run the following action:
Description: 
Manual instructions: Seeds the initial database
Actual command: dotnet run /seed
Do you want to run this action (Y|N)?

It won't allow me to type Y or N and I have to use the "Stop command execution" button.

Note: this is my first time using a "dotnet new template" - so I am not familiar with them and perhaps I am doing something wrong here.

Steps to reproduce:

1. Install from template: dotnet new is4aspid
2. Install UI Updates

Use Local Login with client that was successfully able to log in previously.

Application no longer redirects back to Client Application.

I was able to discover that the issue was related to the template leaving the .AddAspNetIdentity<ApplicationUser>() line in the Startup.ConfigureServices method. Removing that line (to be like that is in the Demo Site resolves the problem and returns the user to the client application following successful Local Authentication login.

I'm not sure if this issue has to do with the templates repopsitory itself, but I cloned this repository, ran the IdentityServer4EntityFramework project with "/seed" argument and than I tried to run some tests on the Account/Login action.

But whatever I passed throught "returnUrl" parameter, the GetAuthorizationContextAsync method from the Interaction service is always returning null.

Also the IsValidReturnUrl method is returning false.

Here are the url's tha I've tried:

• http://localhost:5001/signin-oidc
• http://localhost:5002/index.html
• http://localhost:5002/callback.html
• http://localhost:5002/silent.html
• http://localhost:5002/popup.html

I'm digging into this issue a little bit and it looks like that the "RedirectUris" collection is not beign persisted into the SQLite database.

dotnet new is4admin

Try with Chrome, Edge, Internet Explorer

There is not .sh script to update ui for unix-like systems but it exists for windows as .ps script.

Repo:
https://github.com/IdentityServer/IdentityServer4.Templates/tree/master/src/IdentityServer4InMem

Should we put this .sh into IdentityServer4InMem repository ?
https://github.com/IdentityServer/IdentityServer4.Quickstart.UI/blob/master/getmaster.sh

Will there be a template that combines AdminUI with non-memory user store such as shown in is4aspid template?

After installing the identityserver4.templates and then creating a new project with dotnet new is4admin, when I run the project the following error is displayed:

An error occurred while starting the application.
InvalidOperationException: Cannot resolve scoped service 'IdentityExpress.Manager.BusinessLogic.Interfaces.Services.ILicenseService' from root provider.
Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteValidator.ValidateResolution(Type serviceType, ServiceProvider serviceProvider)

InvalidOperationException: Cannot resolve scoped service 'IdentityExpress.Manager.BusinessLogic.Interfaces.Services.ILicenseService' from root provider.
Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteValidator.ValidateResolution(Type serviceType, ServiceProvider serviceProvider)
Microsoft.Extensions.DependencyInjection.ServiceProvider.GetService(Type serviceType)
Microsoft.Extensions.Internal.ActivatorUtilities+ConstructorMatcher.CreateInstance(IServiceProvider provider)
Microsoft.Extensions.Internal.ActivatorUtilities.CreateInstance(IServiceProvider provider, Type instanceType, Object[] parameters)
Microsoft.AspNetCore.Builder.UseMiddlewareExtensions+<>c__DisplayClass4_0.b__0(RequestDelegate next)
Microsoft.AspNetCore.Builder.Internal.ApplicationBuilder.Build()
Microsoft.AspNetCore.Hosting.Internal.WebHost.BuildApplication()

hi,
i try to create the admin template with the following command
dotnet new is4admin
and run the application with the command
dotnet run

the welcome page load successfully, but if i try to access the the 'grants' or 'admin' page, the following error occurs

An unhandled exception occurred while processing the request.
InvalidOperationException: Unable to resolve service for type 'Microsoft.AspNetCore.Identity.IRoleStore1[IdentityExpress.Identity.IdentityExpressRole]' while attempting to activate 'Microsoft.AspNetCore.Identity.RoleManager1[IdentityExpress.Identity.IdentityExpressRole]'.
Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteFactory.CreateArgumentCallSites(Type serviceType, Type implementationType, CallSiteChain callSiteChain, ParameterInfo[] parameters, bool throwIfCallSiteNotFound)

InvalidOperationException: Unable to resolve service for type 'Microsoft.AspNetCore.Identity.IRoleStore1[IdentityExpress.Identity.IdentityExpressRole]' while attempting to activate 'Microsoft.AspNetCore.Identity.RoleManager1[IdentityExpress.Identity.IdentityExpressRole]'.
Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteFactory.CreateArgumentCallSites(Type serviceType, Type implementationType, CallSiteChain callSiteChain, ParameterInfo[] parameters, bool throwIfCallSiteNotFound)
Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteFactory.CreateConstructorCallSite(Type serviceType, Type implementationType, CallSiteChain callSiteChain)
Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteFactory.TryCreateExact(ServiceDescriptor descriptor, Type serviceType, CallSiteChain callSiteChain)
Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteFactory.TryCreateExact(Type serviceType, CallSiteChain callSiteChain)
Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteFactory.CreateCallSite(Type serviceType, CallSiteChain callSiteChain)
Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteFactory.CreateArgumentCallSites(Type serviceType, Type implementationType, CallSiteChain callSiteChain, ParameterInfo[] parameters, bool throwIfCallSiteNotFound)
Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteFactory.CreateConstructorCallSite(Type serviceType, Type implementationType, CallSiteChain callSiteChain)
Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteFactory.TryCreateExact(ServiceDescriptor descriptor, Type serviceType, CallSiteChain callSiteChain)
Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteFactory.TryCreateExact(Type serviceType, CallSiteChain callSiteChain)
Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteFactory.CreateCallSite(Type serviceType, CallSiteChain callSiteChain)
Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteFactory.CreateArgumentCallSites(Type serviceType, Type implementationType, CallSiteChain callSiteChain, ParameterInfo[] parameters, bool throwIfCallSiteNotFound)
Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteFactory.CreateConstructorCallSite(Type serviceType, Type implementationType, CallSiteChain callSiteChain)
Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteFactory.TryCreateExact(ServiceDescriptor descriptor, Type serviceType, CallSiteChain callSiteChain)
Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteFactory.TryCreateExact(Type serviceType, CallSiteChain callSiteChain)
Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteFactory.CreateCallSite(Type serviceType, CallSiteChain callSiteChain)
Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteFactory.CreateArgumentCallSites(Type serviceType, Type implementationType, CallSiteChain callSiteChain, ParameterInfo[] parameters, bool throwIfCallSiteNotFound)
Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteFactory.CreateConstructorCallSite(Type serviceType, Type implementationType, CallSiteChain callSiteChain)
Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteFactory.TryCreateExact(ServiceDescriptor descriptor, Type serviceType, CallSiteChain callSiteChain)
Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteFactory.TryCreateExact(Type serviceType, CallSiteChain callSiteChain)
Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteFactory.CreateCallSite(Type serviceType, CallSiteChain callSiteChain)
Microsoft.Extensions.DependencyInjection.ServiceLookup.ServiceProviderEngine.CreateServiceAccessor(Type serviceType)
System.Collections.Concurrent.ConcurrentDictionary<TKey, TValue>.GetOrAdd(TKey key, Func<TKey, TValue> valueFactory)
Microsoft.Extensions.DependencyInjection.ServiceLookup.ServiceProviderEngine.GetService(Type serviceType, ServiceProviderEngineScope serviceProviderEngineScope)
Microsoft.Extensions.DependencyInjection.ServiceLookup.ServiceProviderEngineScope.GetService(Type serviceType)
Microsoft.Extensions.DependencyInjection.ServiceProviderServiceExtensions.GetRequiredService(IServiceProvider provider, Type serviceType)
Microsoft.Extensions.DependencyInjection.ServiceProviderServiceExtensions.GetRequiredService(IServiceProvider provider)
Microsoft.AspNetCore.Identity.SecurityStampValidator.ValidateAsync(CookieValidatePrincipalContext context)
Microsoft.AspNetCore.Identity.SecurityStampValidator.ValidatePrincipalAsync(CookieValidatePrincipalContext context)
Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationEvents.ValidatePrincipal(CookieValidatePrincipalContext context)
Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler.HandleAuthenticateAsync()
Microsoft.AspNetCore.Authentication.AuthenticationHandler.AuthenticateAsync()
Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, string scheme)
Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
IdentityServer4.Hosting.BaseUrlMiddleware.Invoke(HttpContext context) in BaseUrlMiddleware.cs
Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore.MigrationsEndPointMiddleware.Invoke(HttpContext context)
Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore.DatabaseErrorPageMiddleware.Invoke(HttpContext httpContext)
Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore.DatabaseErrorPageMiddleware.Invoke(HttpContext httpContext)
Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

After run

dotnet net new is4aspid
and
dotnet run /seed

I check ASPNetUserClaims is empty. Please add

.Annotation("SqlServer:ValueGenerationStrategy", SqlServerValueGenerationStrategy.IdentityColumn)

in file Data/Migrations/20180109192453_CreateIdentitySchema.cs

While building and running this I am having below Issue

like running /seed first

We built up an identity server after successfully going through the first few quickstarts. We have Client Credentials, native app (dotnet core console app), and javascript apps all working with test users and with Google. Also did the quickstart to add in database support for config and operational data. All good.

Upon trying to complete the ASP.Net Core Identity quickstart, the regular users work, but we cannot get google authentication working. Clicking the google login bug briefly flickers to another page, but then we are redirected back to the login page.

I added steps to reproduce the problem and the log from identity server.

I starred a few lines in the log where you can see that the google login succeeded, but then somehow later the user was treated as not having logged in which I guess is why the user is redirected back to the login page. What is missing in between that causes the correctly logged in user to be lost?

Identity logins also fail, so it's not just google.

Don't know if it's relevant, buy I'm working on a MacBook Pro using the latest OS 10.15.5

Issue / Steps to reproduce the problem

dotnet new -u IdentityServer4.Templates
dotnet new -i IdentityServer4.Templates
dotnet new is4aspid -n IdentityServerAspNetIdentity

in launchSettings.json, change applicationUrl to http://localhost:5000 so it matches the test apps

in Config.cs, add in Email as an identity resource as well as the ApiResource that is required for our API:

public static IEnumerable<IdentityResource> Ids =>
            new IdentityResource[]
            {
                new IdentityResources.OpenId(),
                new IdentityResources.Profile(),
                new IdentityResources.Email()
            };


        public static IEnumerable<ApiResource> Apis =>
            new ApiResource[]
            {
                new ApiResource("api1", "My API #1"),
                new ApiResource("hnidentity", "HereNow API")
            };

in Config.cs, add in clients that work with non aspid identityserver:

                new Client
                {
                    ClientId = "js",
                    ClientName = "JavaScript Client",
                    AllowedGrantTypes = GrantTypes.Code,
                    RequirePkce = true,
                    RequireClientSecret = false,
                    RedirectUris =           { "http://localhost:5003/callback.html" },
                    PostLogoutRedirectUris = { "http://localhost:5003/index.html" },
                    AllowedCorsOrigins =     { "http://localhost:5003" },
                    AllowedScopes = { "openid", "profile", "api1", "email", "hnidentity" }

                },
                new Client
                {
                    ClientId = "native.code",
                    ClientName = "Native Client (Code with PKCE)",
                    AllowedGrantTypes = GrantTypes.Code,
                    RequirePkce = true,
                    RequireClientSecret = false,
                    RedirectUris = { "http://127.0.0.1:45678" },
                    PostLogoutRedirectUris = { "http://127.0.0.1:45678" },
                    AllowedScopes = { "openid", "profile", "api1", "email", "hnidentity" },
                    AllowOfflineAccess = true,
                    RefreshTokenUsage = TokenUsage.ReUse
                }

In startup.cs, update Google configuration for ClientId and ClientSecret that are working in our other non-aspid identity server (leaving the actual values out of the bug report, but they are correct in the file):

                    // options.ClientId = "copy client ID from Google here";
                    // options.ClientSecret = "copy client secret from Google here";

dotnet run

=> The effect is that upon clicking on the Google login button, a page flickers in and then leaves, and we are redirected to the login page rather than being given the consent page in google. The normal username/password logins for bob / Pass123$ also fail.

Relevant parts of the log file

[07:28:19 Information] 
Starting host...

[07:28:20 Information] IdentityServer4.Startup
Starting IdentityServer4 version 3.1.3.0

[07:28:20 Information] IdentityServer4.Startup
You are using the in-memory version of the persisted grant store. This will store consent decisions, authorization codes, refresh and reference tokens in memory only. If you are using any of those features in production, you want to switch to a different store implementation.

[07:28:20 Information] IdentityServer4.Startup
Using the default authentication scheme Identity.Application for IdentityServer

[07:28:20 Debug] IdentityServer4.Startup
Using Identity.Application as default ASP.NET Core scheme for authentication

[07:28:20 Debug] IdentityServer4.Startup
Using Identity.External as default ASP.NET Core scheme for sign-in

[07:28:20 Debug] IdentityServer4.Startup
Using Identity.External as default ASP.NET Core scheme for sign-out

[07:28:20 Debug] IdentityServer4.Startup
Using Identity.Application as default ASP.NET Core scheme for challenge

[07:28:20 Debug] IdentityServer4.Startup
Using Identity.Application as default ASP.NET Core scheme for forbid

[07:28:29 Debug] IdentityServer4.Startup
Login Url: /Account/Login

[07:28:29 Debug] IdentityServer4.Startup
Login Return Url Parameter: ReturnUrl

[07:28:29 Debug] IdentityServer4.Startup
Logout Url: /Account/Logout

[07:28:29 Debug] IdentityServer4.Startup
ConsentUrl Url: /consent

[07:28:29 Debug] IdentityServer4.Startup
Consent Return Url Parameter: returnUrl

[07:28:29 Debug] IdentityServer4.Startup
Error Url: /home/error

[07:28:29 Debug] IdentityServer4.Startup
Error Id Parameter: errorId

[07:28:29 Debug] IdentityServer4.Hosting.EndpointRouter
Request path /.well-known/openid-configuration matched to endpoint type Discovery

[07:28:29 Debug] IdentityServer4.Hosting.EndpointRouter
Endpoint enabled: Discovery, successfully created handler: IdentityServer4.Endpoints.DiscoveryEndpoint

[07:28:29 Information] IdentityServer4.Hosting.IdentityServerMiddleware
Invoking IdentityServer endpoint: IdentityServer4.Endpoints.DiscoveryEndpoint for /.well-known/openid-configuration

[07:28:29 Debug] IdentityServer4.Endpoints.DiscoveryEndpoint
Start discovery request

[07:28:30 Debug] IdentityServer4.Hosting.EndpointRouter
Request path /.well-known/openid-configuration/jwks matched to endpoint type Discovery

[07:28:30 Debug] IdentityServer4.Hosting.EndpointRouter
Endpoint enabled: Discovery, successfully created handler: IdentityServer4.Endpoints.DiscoveryKeyEndpoint

[07:28:30 Information] IdentityServer4.Hosting.IdentityServerMiddleware
Invoking IdentityServer endpoint: IdentityServer4.Endpoints.DiscoveryKeyEndpoint for /.well-known/openid-configuration/jwks

[07:28:30 Debug] IdentityServer4.Endpoints.DiscoveryKeyEndpoint
Start key discovery request

[07:28:30 Debug] IdentityServer4.Hosting.EndpointRouter
Request path /connect/authorize matched to endpoint type Authorize

[07:28:30 Debug] IdentityServer4.Hosting.EndpointRouter
Endpoint enabled: Authorize, successfully created handler: IdentityServer4.Endpoints.AuthorizeEndpoint

[07:28:30 Information] IdentityServer4.Hosting.IdentityServerMiddleware
Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeEndpoint for /connect/authorize

[07:28:30 Debug] IdentityServer4.Endpoints.AuthorizeEndpoint
Start authorize request

[07:28:30 Debug] IdentityServer4.Endpoints.AuthorizeEndpoint
No user present in authorize request

[07:28:30 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Start authorize request protocol validation

[07:28:30 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client native.code succeeded.

[07:28:30 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Checking for PKCE parameters

[07:28:30 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator

[07:28:30 Debug] IdentityServer4.Endpoints.AuthorizeEndpoint
ValidatedAuthorizeRequest
{"ClientId": "native.code", "ClientName": "Native Client (Code with PKCE)", "RedirectUri": "http://127.0.0.1:45678", "AllowedRedirectUris": ["http://127.0.0.1:45678"], "SubjectId": "anonymous", "ResponseType": "code", "ResponseMode": "query", "GrantType": "authorization_code", "RequestedScopes": "openid profile email api1", "State": "QI2EYPTPXC5Em7C7Dj9l2A", "UiLocales": null, "Nonce": "Zj81W6UhQv9w_lAmK-anDA", "AuthenticationContextReferenceClasses": null, "DisplayMode": null, "PromptMode": null, "MaxAge": null, "LoginHint": null, "SessionId": "", "Raw": {"response_type": "code", "nonce": "Zj81W6UhQv9w_lAmK-anDA", "state": "QI2EYPTPXC5Em7C7Dj9l2A", "code_challenge": "LdnZafkNy5oI7M42U6mZv2NbKLECh8OXN0NvVVtOBrk", "code_challenge_method": "S256", "client_id": "native.code", "scope": "openid profile email api1", "redirect_uri": "http://127.0.0.1:45678"}, "$type": "AuthorizeRequestValidationLog"}

[07:28:30 Information] IdentityServer4.ResponseHandling.AuthorizeInteractionResponseGenerator
Showing login: User is not authenticated

[07:28:30 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Start authorize request protocol validation

[07:28:30 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client native.code succeeded.

[07:28:30 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Checking for PKCE parameters

[07:28:30 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator

[07:28:30 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client native.code succeeded.

[07:28:34 Information] Microsoft.AspNetCore.Authentication.Google.GoogleHandler
AuthenticationScheme: Google was challenged.

[07:28:35 Information] Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler
**AuthenticationScheme: Identity.External signed in.**

[07:28:35 Debug] IdentityServer4.Quickstart.UI.ExternalController
External claims: ["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier:xxxxxxxxxxxxxxxxxxxxxxxxxxx", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name: Brian Reynolds", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname: Brian", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname: Reynolds", "urn:google:profile: https://plus.google.com/xxxxxxxxxxxxxxxxxxxxxxx", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress: [email protected]"]

[07:28:36 Debug] IdentityServer4.Hosting.IdentityServerAuthenticationService
Augmenting SignInContext

[07:28:36 Debug] IdentityServer4.Hosting.IdentityServerAuthenticationService
Adding amr claim with value: external

[07:28:36 Debug] IdentityServer4.Hosting.IdentityServerAuthenticationService
Adding auth_time claim with value: 1592738916

[07:28:36 Information] Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler
AuthenticationScheme: Identity.Application signed in.

[07:28:36 Information] Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler
AuthenticationScheme: Identity.External signed out.

[07:28:36 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Start authorize request protocol validation

[07:28:36 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client native.code succeeded.

[07:28:36 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Checking for PKCE parameters

[07:28:36 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator

[07:28:36 Information] IdentityServer4.Events.DefaultEventService
{"Username": null, "Provider": "Google", "ProviderUserId": "xxxxxxxxxxxxxxxxxxxxxxxxx", "SubjectId": "0591eedf-63a9-4202-885b-c33141e94afe", "DisplayName": "Brian Reynolds", "Endpoint": "UI", "ClientId": "native.code", "Category": "Authentication", "Name": "User Login Success", "EventType": "Success", "Id": 1000, "Message": null, "ActivityId": "0HM0LQOSHT1MU:00000005", "TimeStamp": "2020-06-21T11:28:36.0000000Z", "ProcessId": 78712, "LocalIpAddress": "::1:5000", "RemoteIpAddress": "::1", "$type": "UserLoginSuccessEvent"}

[07:28:36 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client native.code succeeded.

[07:28:36 Debug] IdentityServer4.Hosting.EndpointRouter
Request path /connect/authorize/callback matched to endpoint type Authorize

[07:28:36 Debug] IdentityServer4.Hosting.EndpointRouter
Endpoint enabled: Authorize, successfully created handler: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint

[07:28:36 Information] IdentityServer4.Hosting.IdentityServerMiddleware
Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint for /connect/authorize/callback

[07:28:36 Debug] IdentityServer4.Endpoints.AuthorizeCallbackEndpoint
Start authorize callback request

[07:28:36 Debug] IdentityServer4.Endpoints.AuthorizeCallbackEndpoint
**No user present in authorize request**

[07:28:36 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Start authorize request protocol validation

[07:28:36 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client native.code succeeded.

[07:28:36 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Checking for PKCE parameters

[07:28:36 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator

[07:28:36 Debug] IdentityServer4.Endpoints.AuthorizeCallbackEndpoint
ValidatedAuthorizeRequest
{"ClientId": "native.code", "ClientName": "Native Client (Code with PKCE)", "RedirectUri": "http://127.0.0.1:45678", "AllowedRedirectUris": ["http://127.0.0.1:45678"], **"SubjectId": "anonymous"**, "ResponseType": "code", "ResponseMode": "query", "GrantType": "authorization_code", "RequestedScopes": "openid profile email api1", "State": "QI2EYPTPXC5Em7C7Dj9l2A", "UiLocales": null, "Nonce": "Zj81W6UhQv9w_lAmK-anDA", "AuthenticationContextReferenceClasses": null, "DisplayMode": null, "PromptMode": null, "MaxAge": null, "LoginHint": null, "SessionId": "", "Raw": {"response_type": "code", "nonce": "Zj81W6UhQv9w_lAmK-anDA", "state": "QI2EYPTPXC5Em7C7Dj9l2A", "code_challenge": "LdnZafkNy5oI7M42U6mZv2NbKLECh8OXN0NvVVtOBrk", "code_challenge_method": "S256", "client_id": "native.code", "scope": "openid profile email api1", "redirect_uri": "http://127.0.0.1:45678"}, "$type": "AuthorizeRequestValidationLog"}

[07:28:36 Information] IdentityServer4.ResponseHandling.AuthorizeInteractionResponseGenerator
**Showing login: User is not authenticated**

[07:28:36 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Start authorize request protocol validation

[07:28:36 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client native.code succeeded.

[07:28:36 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Checking for PKCE parameters

[07:28:36 Debug] IdentityServer4.Validation.AuthorizeRequestValidator
Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator

[07:28:36 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client native.code succeeded.

e.g.

• dotnet restore
• dotnet ef

I was trying to figure out why my local IdentityServer is failing to login when adding the AspNetIdentity when my code it almost exactly like the original template (I started out with the basic one and added the AspNetIdentity). So I went to clone the IdentityServer4AspNetIdentity project and it also does not work out of the box.

Issue / Steps to reproduce the problem

Clone the repository.
Run IdentityServer4AspNetIdentity project.
Login as a default user (alice/Pass123$ or bob/Pass123$)
Receive "Invalid username or password" error.

Relevant parts of the log file

[19:47:15 Information]
Starting host...

[19:47:16 Debug]
Clients already populated

[19:47:16 Debug]
IdentityResources already populated

[19:47:16 Debug]
ApiResources already populated

[19:47:16 Information] IdentityServer4.Startup
Starting IdentityServer4 version 3.1.2.0

[19:47:16 Information] IdentityServer4.Startup
Using the default authentication scheme Identity.Application for IdentityServer

[19:47:16 Debug] IdentityServer4.Startup
Using Identity.Application as default ASP.NET Core scheme for authentication

[19:47:16 Debug] IdentityServer4.Startup
Using Identity.External as default ASP.NET Core scheme for sign-in

[19:47:16 Debug] IdentityServer4.Startup
Using Identity.External as default ASP.NET Core scheme for sign-out

[19:47:16 Debug] IdentityServer4.Startup
Using Identity.Application as default ASP.NET Core scheme for challenge

[19:47:16 Debug] IdentityServer4.Startup
Using Identity.Application as default ASP.NET Core scheme for forbid

[19:47:17 Debug] IdentityServer4.Startup
Login Url: /Account/Login

[19:47:17 Debug] IdentityServer4.Startup
Login Return Url Parameter: ReturnUrl

[19:47:17 Debug] IdentityServer4.Startup
Logout Url: /Account/Logout

[19:47:17 Debug] IdentityServer4.Startup
ConsentUrl Url: /consent

[19:47:17 Debug] IdentityServer4.Startup
Consent Return Url Parameter: returnUrl

[19:47:17 Debug] IdentityServer4.Startup
Error Url: /home/error

[19:47:17 Debug] IdentityServer4.Startup
Error Id Parameter: errorId

[19:47:25 Information] Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler
AuthenticationScheme: Identity.Application was challenged.

[19:47:32 Debug] IdentityServer4.Hosting.CorsPolicyProvider
CORS request made for path: /Account/Login from origin: null but was ignored because path was not for an allowed IdentityServer CORS endpoint

[19:47:32 Information] IdentityServer4.Events.DefaultEventService
{"Username": "triebr", "Endpoint": "UI", "ClientId": null, "Category": "Authentication", "Name": "User Login Failure", "EventType": "Failure", "Id": 1001, "Message": "invalid credentials", "ActivityId": "0HLU9AHBIJ9VU:00000004", "TimeStamp": "2020-03-16T02:47:32.0000000Z", "ProcessId": 6888, "LocalIpAddress": "::1:5000", "RemoteIpAddress": "::1", "$type": "UserLoginFailureEvent"}```

There's no problem with the templates when creating a project in the command line. It's just that it's sometimes a hassle to create a project then opening it in VS for VS users. I hope to find an official extension for VS for creating new projects with Identity Server.

P.S. I opened the issue here since it's a concern with templates rather than Identity Server itself.

When running command:
dotnet new -i identityserver4.templates::*

Works fine if you switch to bash first:

exec bash
dotnet new -i identityserver4.templates::*

After installing the templates initialization works fine in zsh:

dotnet new is4inmem

The templates based on SQLite are not production ready?

Why is there no all features template based on Microsoft SQL Server?

Expected
Generating a IdentityServer4 project using IdentityServer4.Templates with dotnet new should return ASP.NET Core 3.0 projects.

Actual
IdentityServer4.Templates and dotnet new command generates ASP.NET Core 2.1 templates.

Repo Steps

1. Download and install .NET Core 3.0 SDK
2. Install Identity Server 4 Templates using dotnet new -i IdentityServer4.Templates
3. Generate a new project using the templates (Example: dotnet new is4inmem)
4. Inspect the new project's csproj file and see it is targeting ASP.NET Core 2.1 and Startup.cs is still configured for 2.1.

Issue / Steps to reproduce the problem

dotnet new is4aspid or dotnet new is4ef with seed

Open project with Visual Studio 2019
run on IIS
click on http://localhost:5000/grants
after login you are not redirect

Have you planned to support ASP.NET Core 2.1.0 in the generation of IdentityServer4 templates with Dotnet Cli as well as the generation of templates (mvc, webapi ...)?

Because we have a compatibility gap between the generation of IdentityServer and a Web API with Dotnet Cli.

hello.

The SQL scripts "PersistedGrantDb.sql" , "ConfigurationDb.sql" and the migration plans are using "TEXT" columns type.

In SQL server 2016 "TEXT" Datatype id Deprecated and need to be replaced to varchar(max).

Just spent a little while trying to do battle with the seed process owing to this, as switching the UseSqllite calls to UseSqlServer weren't enough, as the initial migration specifies sqlite annotations for identity, but not the MS-SQL ones.

It would be good if the template selection either allowed you to pick between the two / if there were separate templates as not everyone is automatically going to be wanting to use sqlite when utilising a template, furthermore, the documentation that references these templates make no mention of this caveat.

https://www.nuget.org/packages/RSK.Audit.EF/1.1.0-preview1#show-github-usage

Issue / Steps to reproduce the problem

Install the template that uses ASP.NET Identity for user management(is4aspid template) and add Windows as external authentication running on IISExpress.

Relevant parts of the log file

An unhandled exception occurred while processing the request.
Exception: External authentication error
IdentityServer4.Quickstart.UI.ExternalController.Callback() in ExternalController.cs, line 98

Cause of the issue

The Cookie Scheme in the Callback method from external controller differs in the template from the one provided in the Quickstart repo.
Template version:

 public async Task<IActionResult> Callback()
 {
      // read external identity from the temporary cookie
      var result = await HttpContext.AuthenticateAsync(IdentityConstants.ExternalScheme);
     //Code continues

Quickstart version:

public async Task<IActionResult> Callback()
{
      // read external identity from the temporary cookie
      var result = await 
HttpContext.AuthenticateAsync(IdentityServer4.IdentityServerConstants.ExternalCookieAuthenticationScheme);
     //Code continues

Fix

Using the scheme from the QuickstartUI repo fixed the issue.

3.0 brings big changes in terms of IdentityServer and identity in general, so it would be great if you could update templates to 3.0 and publish it to Nuget

These templates can only create 3.1.3 version IdentityServer4.

What is our schedule to support the latest IdentityServer?

• _env vs Environment
• _config vs Config
• read connection string from DB vs in code
• logging
• use of env to setup dev key

The constant used for the scheme during sign-in action is not correct. Instead of IdentityServer4.IdentityServerConstants.ExternalCookieAuthenticationScheme it must be IdentityConstants.ExternalScheme otherwise ExternalLoginCallBack will fail. In my case it worked. Can you confirm this is the correct fix?

please

Hi,

Do you already have plans to release the ASP.NET Core 2.1 templates?
Most interesting version for me is the template for ASP.NET Identity.

There are some changes in the Startup.cs and so on...

Thank you!
Cheers Danny

Hi,
I create an new project for is4admin. and change default db to sql server and change tables schema like this:

.AddConfigurationStore(options =>
                {
                    options.ConfigureDbContext = db =>
                        db.UseSqlServer(connectionString,
                            sql => sql.MigrationsAssembly(migrationsAssembly));
                    options.DefaultSchema = "NewSchemaName";
                })
                // this adds the operational data from DB (codes, tokens, consents)
                .AddOperationalStore(options =>
                {
                    options.ConfigureDbContext = db =>
                        db.UseSqlServer(connectionString,
                            sql => sql.MigrationsAssembly(migrationsAssembly));

                    // this enables automatic token cleanup. this is optional.
                    options.EnableTokenCleanup = true;
                    options.DefaultSchema = "NewSchemaName";
                    // options.TokenCleanupInterval = 15; // interval in seconds. 15 seconds useful for debugging
                });

Migrations new db, and run it, report an error:

System.Data.SqlClient.SqlException: 'Invalid object name 'IdentityResources'.'

from app.UseAdminUI();
Is this admin ui can't change tables name ?

When are these templates going to be updated to use the new Authentication Libraries in ASP.NET Core 2.0

template.json says

"IdentityServer4 with In-Memory Stores and Test Users",

However Config.cs appears to only contain clients but no users?

30 seconds?

same in the docs..

The readme says the following for the tepmlate is4inmem :

dotnet new is4inmem

Adds a basic IdentityServer with UI, test users and sample clients and resources. Shows both in-memory code and JSON configuration.

I can't seem to find where the JSON configuration is done. Based on the description I thought I would find some file that contains the JSON data for clients, ApiResources, TestUsers e.t.c. that is currently done in code via the "Config" and "TestUser" classes.
Did I understand that correctly? Can someone point me to where the JSON configuration is used?

Thanks!

Hi,

I was trying to setup an idp using the is4admin template, and right now is throwing an exception because a missing configuration, related to issue 2909

services.AddIdentityServer(options => { options.UserInteraction = new UserInteractionOptions() { LogoutUrl = "/account/logout", LoginUrl = "/account/login", LoginReturnUrlParameter = "returnUrl" }; })

After putting that snipet of code, everything worked ok.