IdentityServer4 {"error":"invalid_client"} - authentication

I am using IdentityServer4 (version 3.0.2.0) and facing no client id issue. The exact error is
ERROR| No client with id 'myclientId' found. aborting
Startup.cs of IdentityServer4 project
services.AddIdentityServer()
.AddDeveloperSigningCredential()
// .AddInMemoryCaching()
.AddInMemoryApiResources(Configuration.GetSection("IdentityServer:ApiResources"))
.AddInMemoryClients(Configuration.GetSection("IdentityServer:Clients"))
.AddOperationalStore(options =>
{
options.ConfigureDbContext = builder =>
builder.UseSqlServer(connectionString,
sql => sql.MigrationsAssembly(migrationsAssembly));
// this enables automatic token cleanup. this is optional.
options.EnableTokenCleanup = Convert.ToBoolean(Configuration["CleanUp:IsEnabled"]);
options.TokenCleanupInterval = Convert.ToInt32(Configuration["CleanUp:Interval"]); // interval in seconds
});
Also, I have sha256 converted client_secret in appsettings.json file, sample appsettings.json
"IdentityServer": {
"ApiResources": [
{
"Name": "myapi",
"DisplayName": "my api",
"Scopes": [
{
"Name": "mycustomscope"
},
{
"Name": "openid"
}
],
"ApiSecrets": [
{
"Value": "my sha256 converted secret string",
"Description": "my api"
}
]
}
],
"Clients": [
{
"Enabled": true,
"ClientId": "myclientId",
"AccessTokenLifetime": 100000000,
"ProtocolType": "oidc",
"RequireClientSecret": true,
"IdentityTokenLifetime": 300,
"AuthorizationCodeLifetime": 300,
"ConsentLifetime": 300,
"AbsoluteRefreshTokenLifetime": 2592000,
"SlidingRefreshTokenLifetime": 1296000,
"RefreshTokenExpiration": true,
"AlwaysSendClientClaims": false,
"ClientName": "myclientId",
"ClientSecrets": [
{
"Value": "my sha256 converted secret string",
"Type": "SharedSecret"
}
],
"AllowedGrantTypes": [ "client_credentials", "password" ],
"AllowedScopes": [ "mycustomscope", "openid" ],
"RequireConsent": true
}
]
}
Sample token request from postman/JMeter
url: https://myip:port/myappPool/connect/token
method type: POST
Parameters are:
{
"client_id":"myclientId",
"client_secret": "plaintext secret",
"username":"abcdefghijkl",
"scope":"mycustomscope",
"device_id":"custom property",
"password": "mypassword",
"grant_type":"password",
"app_version":"custom property",
"hashed_value":"custom property"
}

I am posting answer to my own question because I have solved the issue. For me below given field was making an issue. After removing this field, the code ran just fine.
"RefreshTokenExpiration": true
Turns out, IdentityServer4.Models.Client does not have any boolean field named RefreshTokenExpiration but class object.

Related

RabbitMQ/Krakend/NestJS - How can I post the consumed message through Krakend API's async agent?

This is my config for krakend.json
"async_agent": [
{
"name": "test-agent",
"connection": {
"max_retries": 10,
"backoff_strategy": "exponential-jitter"
},
"consumer": {
"topic": "krakend",
"workers": 5
},
"backend": [
{
"url_pattern": "/greeted",
"method": "POST",
"host": [ "http://127.0.0.1:2999" ],
"disable_host_sanitize": false
}
],
"extra_config": {
"async/amqp": {
"host": "amqp://guest:guest#localhost:5672/",
"name": "krakend",
"exchange": "ApiGatewayExchange",
"durable": true,
"delete": false,
"exclusive": false,
"no_wait": false,
"auto_ack": false
}
}
}
]
Messages are sent from service-a like so:
export class AppService {
constructor(#Inject('GREETING_SERVICE') private client: ClientProxy){}
getHello(): ResponseDTO {
const responseDTO: ResponseDTO = {
action: 'Hello',
service: 'from service A'
}
this.client.emit('', responseDTO);
return responseDTO;
}
}
And imported GREETING_SERVICE config like so:
imports: [
ClientsModule.register([
{
name: 'GREETING_SERVICE',
transport: Transport.RMQ,
options: {
urls: ['amqp://test:test#localhost:5672/'],
queue: 'krakend'
}
}
])
],
Lastly, this is the endpoint in another service (let's call this service-c) that gets that message from the consumer:
#Post('greeted')
TestHello(#Body() data: any) {
console.log(data)
return data
}
The message is successfully consumed as set by the async_agent in my krakend file, but the message isn't posted as a body to that endpoint. When I did a console.log of that data supposedly passed, it just prints {}.
Am I doing anything wrong here? Been scratching my head for hours.
The async part of your krakend.json configuration looks good to me, but I am suspecting about the problem you might have.
Most of the javascript frameworks today will require you to pass specific headers to work their magic like Content-Type or Accept. You have to take into account that KrakenD will pass a very reduced set of headers to your NestJS application (Accept-Encoding and User-Agent as far as I can remember).
I am unfamiliar with NestJS, but I would bet that you need to pass the Content-Type and you are good to go. Here's my suggestion of configuration:
"async_agent": [
{
"name": "test-agent",
"connection": {
"max_retries": 10,
"backoff_strategy": "exponential-jitter"
},
"consumer": {
"topic": "krakend",
"workers": 5
},
"backend": [
{
"url_pattern": "/greeted",
"method": "POST",
"host": [
"http://127.0.0.1:2999"
],
"disable_host_sanitize": false,
"extra_config": {
"modifier/martian": {
"header.Modifier": {
"scope": [
"request"
],
"name": "Content-Type",
"value": "application/json"
}
}
}
}
],
"extra_config": {
"async/amqp": {
"host": "amqp://guest:guest#localhost:5672/",
"name": "krakend",
"exchange": "ApiGatewayExchange",
"durable": true,
"delete": false,
"exclusive": false,
"no_wait": false,
"auto_ack": false
}
}
}
]
}
Hope this helps

AddInMemoryClients results in Unknown client or not enabled

I'm trying to get Identity server 4 to work in an ASP Net Core 3 application with an Angular 8 SPA using "oidc-client": "1.10.1".
If I add the following to my appsettings.json
"IdentityServer": {
"Key": {
"Type": "File",
"FilePath": "acertificate.pfx",
"Password": "notmyrealpassword..orisit?"
},
"Clients": {
"dev-client": {
"Profile": "IdentityServerSPA",
}
}
}
Using this client:
{
authority: 'https://localhost:5001/',
client_id: 'dev-client',
redirect_uri: 'http://localhost:4200/auth-callback',
post_logout_redirect_uri: 'http://localhost:4200/',
response_type: 'id_token token',
scope: 'openid profile API',
filterProtocolClaims: true,
loadUserInfo: true
}
I get: Invalid redirect_uri: http://localhost:4200/auth-callback
adding.
"dev-client": {
"Profile": "IdentityServerSPA",
"RedirectUris": [ "http://localhost:4200/auth-callback" ]
}
does nothing. If I add the Client config copied (almost) from the documentation
"Clients": [
{
"Enabled": true,
"ClientId": "dev-client",
"ClientName": "Local Development",
"AllowedGrantTypes": [ "implicit" ],
"AllowedScopes": [ "openid", "profile", "API" ],
"RedirectUris": [ "http://localhost:4200/auth-callback" ],
"RequireConsent": false,
"RequireClientSecret": false
}
]
I get: System.InvalidOperationException: 'Type '' is not supported.' at startup
If I try to configure the client in code, and only keep the "Key" section in appsettings
services
.AddIdentityServer(options =>
{
options.Cors.CorsPolicyName = _CorsPolicyName;
})
.AddInMemoryClients(new IdentityServer4.Models.Client[] {
new IdentityServer4.Models.Client
{
ClientId = "dev-client",
ClientName = "JavaScript Client",
ClientUri = "http://localhost:4200",
AllowedGrantTypes = { IdentityModel.OidcConstants.GrantTypes.Implicit },
AllowAccessTokensViaBrowser = true,
RedirectUris = { "http://localhost:4200/auth-callback" },
PostLogoutRedirectUris = { "http://localhost:4200" },
AllowedCorsOrigins = { "http://localhost:4200" },
AllowedScopes =
{
IdentityServer4.IdentityServerConstants.StandardScopes.OpenId,
IdentityServer4.IdentityServerConstants.StandardScopes.Profile,
IdentityServer4.IdentityServerConstants.StandardScopes.Email,
"API"
}
}
})
I get: Unknown client or not enabled: dev-client.
Someone help me keep my sanity and point out my, most likely obvious, error.
ASP.NET Identity overrides the documented method for IdentityServer Clients configuration, expecting a dictionary of well-known values. You can bypass this by creating a section that is not named Clients and reading from that section explicitly. Additionally, AddApiAuthorization exposes the Clients collection on the ApiAuthorizationOptions, which can be used to add other clients:
.AddApiAuthorization<...>(options =>
{
options.Clients.AddRange(Configuration.GetSection("IdentityServer:OtherClients").Get<Client[]>());
});

IdentityServer4 read client claims from appsettings.json

how can I read client claims from the appsettings.json file?
I have this appsettings.json:
"IdentityServer": {
"Clients": [
{
"Enabled": true,
"ClientId": "client1",
"AlwaysSendClientClaims": true,
"Claims": [
{
"Type": "custom_claim1",
"Value": "value1"
},
{
"Type": "custom_claim2",
"Value": "value2"
}
]
}
]
}
And, I load the clients config like the docs says:
var builder = services.AddIdentityServer(opts =>
{
/// Opts removed for simplicity
})
.AddInMemoryClients(Configuration.GetSection("IdentityServer:Clients"));
All is working fine, except for the client claims. I can not see them in Jwt.io decode tool.
There is a problem binding the Claims collection in the Clients[] from appSettings.json due to the fact that the current implementation of the Claim object can not be deserialized from json.
https://github.com/IdentityServer/IdentityServer4/issues/2573
and here
https://github.com/IdentityServer/IdentityServer4/pull/3887/files/ed14abc204960b2d5ca3418a868882a698e54d90

Auth.currentAuthenticatedUser not loading name and family name attributes (and others) from Cognito

I'm using the Auth.currentAuthenticatedUser method to retrieve the attributes recorded for the logged user from AWS Cognito - but only basic atributes are showing. The ones I want are "name" and "family name", but they don't seem to be loaded in the Promise.
This is only the beggining, but I'm concerned as I will want to retrieve other attributes which are not showing up, like user picture, for instance.
Tried to use currentAuthenticatedUser and currentUserInfo with the same results.
async componentDidMount() {
await Auth.currentAuthenticatedUser({bypassCache: true})
.then ( user => this.setUserInfo( user ) )
.catch( err => console.log(err))
}
CognitoUser {
"Session": null,
"attributes": Object {
"email": "r...#gmail.com",
"email_verified": true,
"phone_number": "+5...",
"phone_number_verified": false,
"sub": "246e9...",
},
"authenticationFlowType": "USER_SRP_AUTH",
"client": Client {
"endpoint": "https://cognito-idp.us-east-2.amazonaws.com/",
"userAgent": "aws-amplify/0.1.x react-native",
},
"deviceKey": undefined,
"keyPrefix": "CognitoIdentityServiceProvider.12ddetjn0c0jo0npi6lrec63a7",
"pool": CognitoUserPool {
"advancedSecurityDataCollectionFlag": true,
"client": Client {
"endpoint": "https://cognito-idp.us-east-2.amazonaws.com/",
"userAgent": "aws-amplify/0.1.x react-native",
},
"clientId": "12ddetjn0c0jo0npi6lrec63a7",
"storage": [Function MemoryStorage],
"userPoolId": "us-east...",
},
"preferredMFA": "NOMFA",
"signInUserSession": CognitoUserSession {
"accessToken": CognitoAccessToken {
"jwtToken": "e...oJPg",
"payload": Object {
"auth_time": 1565137817,
"client_id": "1...6lrec63a7",
"event_id": "c3...-4bd9-ad42-200f95f9921c",
"exp": 15...2,
"iat": 156...5872,
"iss": "https://cognito-idp.us-east-2.amazonaws.com/us-east-...",
"jti": "5483e...544149c42e58",
"scope": "aws.cognito.signin.user.admin",
"sub": "246e93...f4d8e6f4725b",
"token_use": "access",
"username": "r...f",
},
},
"clockDrift": -2,
"idToken": CognitoIdToken {
"jwtToken": "eyJraWQiOiJk...",
"payload": Object {
"aud": "12ddetjn0c0j..rec63a7",
"auth_time": 1565137817,
"cognito:username": "r..",
"email": "r..#gmail.com",
"email_verified": true,
"event_id": "c3ae..200f95f9921c",
"exp": ..2,
"iat": ..2,
"iss": "https://cognito-idp.us-east-2.amazonaws.com/us-east-..",
"phone_number": "+5...3",
"phone_number_verified": false,
"sub": "246e937..f4d8e6f4725b",
"token_use": "id",
},
},
"refreshToken": CognitoRefreshToken {
"token": "eyJjd...",
},
},
"storage": [Function MemoryStorage],
"userDataKey": "CognitoIdentityServiceProvider.12ddetjn0....userData",
"username": "r...ff",
}
To get all user attributes, you may be looking for the Auth.userAttributes() function. To use this you want something like this code:
const authUser = await Auth.currentAuthenticatedUser();
const attributes = await Auth.userAttributes(authUser);
// the next line is a convenience that moves the attributes into
// the authUser object
attributes.forEach((attr) => {
authUser.attributes[attr.Name] = attr.Value;
});
If you're still not getting the attributes you need, take a look here, and you can see that you can enable the reading of other attributes from the Amplify command line.
So, in the root of your project:
Type "amplify update auth" at the console.
Select "Walkthrough the auth configurations"
Step through making all the same selections as you've done before.
When it asks, "Do you want to specify the user attributes this app can read and write?" it's "Y", and then you select the attributes you want to be able to read.
When you finish the wizard, use "amplify push auth"
When that's completed, try re-running.
As an alternative to steps 1-4 above, you can also edit cli-inputs.json in the amplify\backend\auth<your auth config name> directory. It's in "userpoolClientReadAttributes". Simply add the attributes you would like to this array (e.g. "name").
This answer was verified with amplify CLI version 8.1.0.

Unable to use IdentityManager API from Postman

I am using postman and I am trying to get the users list from identity Manager. But I am unable to configure the app correctly. I try to get the users from https://localhost/idm/api/users
I get the token with the API+idmgr+openid scopes and I have the Administrator role in my claims.
Here is the startup file:
namespace WebHost
{
internal class Startup
{
public void Configuration(IAppBuilder app)
{
LogProvider.SetCurrentLogProvider(new NLogLogProvider());
string connectionString = ConfigurationManager.AppSettings["MembershipRebootConnection"];
JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();
app.UseOpenIdConnectAuthentication(new Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationOptions
{
AuthenticationType = "oidc",
Authority = "https://localhost/ids",
ClientId = "postman",
RedirectUri = "https://localhost",
ResponseType = "id_token",
UseTokenLifetime = false,
Scope = "openid idmgr",
SignInAsAuthenticationType = "Jwt",
Notifications = new Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationNotifications
{
SecurityTokenValidated = n =>
{
n.AuthenticationTicket.Identity.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken));
return Task.FromResult(0);
}
}
});
X509Certificate2 cert = Certificate.Get();
app.Map("/idm", adminApp =>
{
app.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions
{
AllowedAudiences = new string[] { "https://localhost/ids" + "/resources" },
AuthenticationType = "Jwt",
IssuerSecurityTokenProviders = new[] {
new X509CertificateSecurityTokenProvider("https://localhost/ids", cert)
},
AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Active
});
var factory = new IdentityManagerServiceFactory();
factory.Configure(connectionString);
var securityConfig = new ExternalBearerTokenConfiguration
{
Audience = "https://localhost/ids" + "/resources",
BearerAuthenticationType = "Jwt",
Issuer = "https://localhost/ids",
SigningCert = cert,
Scope = "openid idmgr",
RequireSsl = true,
};
adminApp.UseIdentityManager(new IdentityManagerOptions()
{
Factory = factory,
SecurityConfiguration = securityConfig
});
});
app.Map(ConfigurationManager.AppSettings["IdentityServerSuffix"], core =>
{
IdentityServerServiceFactory idSvrFactory = Factory.Configure();
idSvrFactory.ConfigureCustomUserService(connectionString);
var options = new IdentityServerOptions
{
SiteName = "Login",
SigningCertificate = Certificate.Get(),
Factory = idSvrFactory,
EnableWelcomePage = true,
RequireSsl = true
};
core.UseIdentityServer(options);
});
}
}
}
What Am I missing?
For those who may want to know how I did it, well I made a lot of search about Owin stuff and how Identity Server works and find out my problem was not that far.
I removed the JwtSecurityTokenHandler.InboundClaimTypeMap
I removed the UseOpenId stuff (don't remove it if you are using an openId external login provider (if you are using google, facebook or twitter, there is classes for that, just install the nuget, it's pretty straight forward)
This section let you configure the bearer token which is the default type token i used in my app(I decided to use password authentication to simplify Postman request to do automatic testing but I still user Code authentication in my apps)
app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
{
Authority = ConfigurationManager.AppSettings["AuthorityUrl"],
ValidationMode = ValidationMode.ValidationEndpoint,
RequiredScopes = new[] { ConfigurationManager.AppSettings["ApiScope"] }
});
I have disabled the IdentityManagerUi interface as I was planning to use the API
app.Map(ConfigurationManager.AppSettings["IdentityManagerSuffix"].ToString(), idmm =>
{
var factory = new IdentityManagerServiceFactory();
factory.Configure(connectionString);
idmm.UseIdentityManager(new IdentityManagerOptions()
{
DisableUserInterface = true,
Factory = factory,
SecurityConfiguration = new HostSecurityConfiguration()
{
HostAuthenticationType = Constants.BearerAuthenticationType
}
});
});
And I configure the Identity Server like this:
app.Map(ConfigurationManager.AppSettings["IdentityServerSuffix"], core =>
{
IdentityServerServiceFactory idSvrFactory = Factory.Configure();
idSvrFactory.ConfigureCustomUserService(connectionString);
var options = new IdentityServerOptions
{
SiteName = ConfigurationManager.AppSettings["SiteName"],
SigningCertificate = Certificate.Get(),
Factory = idSvrFactory,
EnableWelcomePage = true,
RequireSsl = true,
};
core.UseIdentityServer(options);
});
In IdentityServerServiceFactory I call this chunk of code:
var clientStore = new InMemoryClientStore(Clients.Get());
And the code for the Client should be something like:
public static Client Get()
{
return new Client
{
ClientName = "PostMan Application",
ClientId = "postman",
ClientSecrets = new List<Secret> {
new Secret("ClientSecret".Sha256())
},
Claims = new List<Claim>
{
new Claim("name", "Identity Manager API"),
new Claim("role", IdentityManager.Constants.AdminRoleName),
},
**Flow = Flows.ResourceOwner**, //Password authentication
PrefixClientClaims = false,
AccessTokenType = AccessTokenType.Jwt,
ClientUri = "https://www.getpostman.com/",
RedirectUris = new List<string>
{
"https://www.getpostman.com/oauth2/callback",
//aproulx - 2015-11-24 -ADDED This line, url has changed on the postman side
"https://app.getpostman.com/oauth2/callback"
},
//IdentityProviderRestrictions = new List<string>(){Constants.PrimaryAuthenticationType},
AllowedScopes = new List<string>()
{
"postman",
"IdentityManager",
ConfigurationManager.AppSettings["ApiScope"],
Constants.StandardScopes.OpenId,
IdentityManager.Constants.IdMgrScope,
}
};
}
On the postman side just do:
POST /ids/connect/token HTTP/1.1
Host: local-login.net
Cache-Control: no-cache
Postman-Token: 33e98423-701f-c615-8b7a-66814968ba1a
Content-Type: application/x-www-form-urlencoded
client_id=postman&client_secret=SecretPassword&grant_type=password&scope=APISTUFF&username=apiViewer&password=ICanUseTheApi
Hope that it will help somebody
Shaer,
I saw your comment and because of that I've created a project (make sure you clone the postmanexample branch) where you can see a working example related to Alegrowin's post. The idea is use postman to access the IdentityManager Api.
Steps
Open postman and choose the POST verb
Put this as url: https://localhost:44337/ids/connect/token
In header put key = Content-Type and value = application/x-www-form-urlencoded
In the body, choose raw and paste this client_id=postman&client_secret=ClientSecret&grant_type=password&scope=idmgr&username=admin&password=admin
Hit send
After this you are going to receive something like this
{"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSIsImtpZCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSJ9.eyJjbGllbnRfaWQiOiJwb3N0bWFuIiwic2NvcGUiOiJpZG1nciIsInN1YiI6Ijk1MWE5NjVmLTFmODQtNDM2MC05MGU0LTNmNmRlYWM3YjliYyIsImFtciI6WyJwYXNzd29yZCJdLCJhdXRoX3RpbWUiOjE1MDU1ODg1MTgsImlkcCI6Imlkc3J2IiwibmFtZSI6IkFkbWluIiwicm9sZSI6IklkZW50aXR5TWFuYWdlckFkbWluaXN0cmF0b3IiLCJpc3MiOiJodHRwczovL2xvY2FsaG9zdDo0NDMzNy9pZHMiLCJhdWQiOiJodHRwczovL2xvY2FsaG9zdDo0NDMzNy9pZHMvcmVzb3VyY2VzIiwiZXhwIjoxNTA1NTkyMTE4LCJuYmYiOjE1MDU1ODg1MTh9.h0KjlnKy3Ml-SnZg6cYSPJW4XxsOFxDB8K9JY4Zx_I1KbMQxctjkDrTVfSylfjFXlwpyBD-qqfxmRkOKsz_6zSZneaJpyWsJt2FTqCNOWJJV9BdPbViWcM_vADFkVpwiiSaTCv7k08xwj8StGCq5zlYLU68k8awYpXzgpz0O8zPZpfc0oSN3ZQJVFEKBfE4ATbPo6ut2i0_Y3lPbQiwjXJgA_wwp-W0L3zY8A5rfYSwKU0KzS51BKBSn6svBCjTu84Dm2KM-zlManMar1Ybjoy108Xvuliq_zBNdbeEt-Daau_RNrasw1tya_cZicK85IB1TJdUSKPGwNG5xEirNzg",
"expires_in": 3600,
"token_type": "Bearer"}
Copy the access token and create a GET request
Put this as url: https://localhost:44337/idm/api/users?count=10&start=0
Into the headers put key = Authorization and value = Bearer [paste the token]
Example
Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSIsImtpZCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSJ9.eyJjbGllbnRfaWQiOiJwb3N0bWFuIiwic2NvcGUiOiJpZG1nciIsInN1YiI6Ijk1MWE5NjVmLTFmODQtNDM2MC05MGU0LTNmNmRlYWM3YjliYyIsImFtciI6WyJwYXNzd29yZCJdLCJhdXRoX3RpbWUiOjE1MDU1ODg1MTgsImlkcCI6Imlkc3J2IiwibmFtZSI6IkFkbWluIiwicm9sZSI6IklkZW50aXR5TWFuYWdlckFkbWluaXN0cmF0b3IiLCJpc3MiOiJodHRwczovL2xvY2FsaG9zdDo0NDMzNy9pZHMiLCJhdWQiOiJodHRwczovL2xvY2FsaG9zdDo0NDMzNy9pZHMvcmVzb3VyY2VzIiwiZXhwIjoxNTA1NTkyMTE4LCJuYmYiOjE1MDU1ODg1MTh9.h0KjlnKy3Ml-SnZg6cYSPJW4XxsOFxDB8K9JY4Zx_I1KbMQxctjkDrTVfSylfjFXlwpyBD-qqfxmRkOKsz_6zSZneaJpyWsJt2FTqCNOWJJV9BdPbViWcM_vADFkVpwiiSaTCv7k08xwj8StGCq5zlYLU68k8awYpXzgpz0O8zPZpfc0oSN3ZQJVFEKBfE4ATbPo6ut2i0_Y3lPbQiwjXJgA_wwp-W0L3zY8A5rfYSwKU0KzS51BKBSn6svBCjTu84Dm2KM-zlManMar1Ybjoy108Xvuliq_zBNdbeEt-Daau_RNrasw1tya_cZicK85IB1TJdUSKPGwNG5xEirNzg
Hit send
You should receive something like this
{
"data": {
"items": [
{
"data": {
"subject": "081d965f-1f84-4360-90e4-8f6deac7b9bc",
"username": "alice",
"name": "Alice Smith"
},
"links": {
"detail": "https://localhost:44337/idm/api/users/081d965f-1f84-4360-90e4-8f6deac7b9bc",
"delete": "https://localhost:44337/idm/api/users/081d965f-1f84-4360-90e4-8f6deac7b9bc"
}
},
{
"data": {
"subject": "5f292677-d3d2-4bf9-a6f8-e982d08e1306",
"username": "bob",
"name": "Bob Smith"
},
"links": {
"detail": "https://localhost:44337/idm/api/users/5f292677-d3d2-4bf9-a6f8-e982d08e1306",
"delete": "https://localhost:44337/idm/api/users/5f292677-d3d2-4bf9-a6f8-e982d08e1306"
}
},
{
"data": {
"subject": "e3c7fd2b-3942-456f-8871-62e64c351e8c",
"username": "xoetuvm",
"name": "Uylocms Xcyfhpc"
},
"links": {
"detail": "https://localhost:44337/idm/api/users/e3c7fd2b-3942-456f-8871-62e64c351e8c",
"delete": "https://localhost:44337/idm/api/users/e3c7fd2b-3942-456f-8871-62e64c351e8c"
}
},
{
"data": {
"subject": "0777d8de-91be-41e2-82ae-01c4576c7aca",
"username": "xdbktbb",
"name": "Qbcqwrg Mypxduu"
},
"links": {
"detail": "https://localhost:44337/idm/api/users/0777d8de-91be-41e2-82ae-01c4576c7aca",
"delete": "https://localhost:44337/idm/api/users/0777d8de-91be-41e2-82ae-01c4576c7aca"
}
},
{
"data": {
"subject": "10d2760a-2b3f-4912-af2a-2bcd9d113af9",
"username": "acrkkzf",
"name": "Qcmwcha Kdibtke"
},
"links": {
"detail": "https://localhost:44337/idm/api/users/10d2760a-2b3f-4912-af2a-2bcd9d113af9",
"delete": "https://localhost:44337/idm/api/users/10d2760a-2b3f-4912-af2a-2bcd9d113af9"
}
},
{
"data": {
"subject": "5e16f086-a487-4429-b2a6-b05a739e1e71",
"username": "wjxfulk",
"name": "Eihevix Bjzjbwz"
},
"links": {
"detail": "https://localhost:44337/idm/api/users/5e16f086-a487-4429-b2a6-b05a739e1e71",
"delete": "https://localhost:44337/idm/api/users/5e16f086-a487-4429-b2a6-b05a739e1e71"
}
},
{
"data": {
"subject": "256e23de-410a-461d-92cc-55684de8be6f",
"username": "zputkfb",
"name": "Vhwjjpd Stfpoum"
},
"links": {
"detail": "https://localhost:44337/idm/api/users/256e23de-410a-461d-92cc-55684de8be6f",
"delete": "https://localhost:44337/idm/api/users/256e23de-410a-461d-92cc-55684de8be6f"
}
},
{
"data": {
"subject": "725cc088-96c3-490d-bc66-a376c8ca34ff",
"username": "teshydj",
"name": "Tirsnex Tdlkfii"
},
"links": {
"detail": "https://localhost:44337/idm/api/users/725cc088-96c3-490d-bc66-a376c8ca34ff",
"delete": "https://localhost:44337/idm/api/users/725cc088-96c3-490d-bc66-a376c8ca34ff"
}
},
{
"data": {
"subject": "ac773092-e3db-4711-9c95-a2a57c1ff25f",
"username": "blulsuj",
"name": "Puuncng Lbmlcsb"
},
"links": {
"detail": "https://localhost:44337/idm/api/users/ac773092-e3db-4711-9c95-a2a57c1ff25f",
"delete": "https://localhost:44337/idm/api/users/ac773092-e3db-4711-9c95-a2a57c1ff25f"
}
},
{
"data": {
"subject": "81f878b1-016e-4fea-9929-54e3b1d55cce",
"username": "yeqwlfy",
"name": "Qtfimdr Sxvgizd"
},
"links": {
"detail": "https://localhost:44337/idm/api/users/81f878b1-016e-4fea-9929-54e3b1d55cce",
"delete": "https://localhost:44337/idm/api/users/81f878b1-016e-4fea-9929-54e3b1d55cce"
}
}
],
"start": 0,
"count": 10,
"total": 18806,
"filter": null
},
"links": {
"create": {
"href": "https://localhost:44337/idm/api/users",
"meta": [
{
"type": "username",
"name": "Username",
"dataType": 0,
"required": true
},
{
"type": "password",
"name": "Password",
"dataType": 1,
"required": true
},
{
"type": "name",
"name": "Name",
"dataType": 0,
"required": true
},
{
"type": "Age",
"name": "Age",
"dataType": 4,
"required": true
},
{
"type": "IsNice",
"name": "IsNice",
"dataType": 5,
"required": true
},
{
"type": "role.admin",
"name": "Is Administrator",
"dataType": 5,
"required": true
}
]
}
}
}
Kind regards
Daniel