Identityserver4: Invalid Request with "application/json" content-type
When I make a POST request (using POSTMAN), to http://localhost:5000/connect/token, When I use application/x-www-form-urlencoded content-type, and pass the client_id/secret/username/password in the body, it works fine. I get a token. But if I use application/json content-type and pass the credentials as json, in the body, I get an "invalid_request" response. What am I doing wrong? Is application/x-www-form-urlencoded the only supported content-type?
rukyoj
All 11 comments
yes
leastprivilege
on 21 Oct 2017
Out of curiosity @leastprivilege , why is that the only supported content-type?
CrustyJew
on 1 Feb 2018
that's what the spec defines
brockallen
on 1 Feb 2018
Is that defined for any security reasons or just a base level compatibility? I'd think expanding it to include JSON wouldn't harm anything, especially since .NET handles most of those conversions.
CrustyJew
on 5 Feb 2018
Is that defined for any security reasons or just a base level compatibility? I'd think expanding it to include JSON wouldn't harm anything, especially since .NET handles most of those conversions.
but then you won't be using standard libraries that know the protocol
brockallen
on 5 Feb 2018
Oh I see what you're saying, it's to keep the clients from straying to non-standards based.
And if someone really needed it, I haven't checked, but it seems definitely extensible enough to manually implement it yourself.
Thanks for the time and satisfying my curiosity.
CrustyJew
on 5 Feb 2018
Don't the official OpenID Connect Core 1.0 specs also support querystring and json body serialization options? https://openid.net/specs/openid-connect-core-1_0.html#Serializations
briananderton-il
on 29 May 2018
The spec does support JSON.
Please provide a pointer on how to accept JSON for this endpoint?
source-creator
on 5 Nov 2018
It's not supported right now.
leastprivilege
on 5 Nov 2018
We have been using Auth0 for our external facing APIs for years now and they support JSON token requests. We want to create an internal token service for use by all our internal REST API microservices and re-use the code and tests we already have. The x-www-form-urlencoded restriction in IdentityServer4 makes no sense. A JSON request is supported by more and more providers. This lack is extremely frustrating and makes IdentityServer4 feel out of date.
kstrophus
on 19 Mar 2019
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
![lock[bot] picture](https://avatars1.githubusercontent.com/in/6672?v=4&s=40)
lock[bot]
on 11 Jan 2020
Related issues
cixonline
路
3Comments
krgm03
路
3Comments
eshorgan
路
3Comments
leksim
路
3Comments
ekarlso
路
3Comments
Most helpful comment
We have been using Auth0 for our external facing APIs for years now and they support JSON token requests. We want to create an internal token service for use by all our internal REST API microservices and re-use the code and tests we already have. The x-www-form-urlencoded restriction in IdentityServer4 makes no sense. A JSON request is supported by more and more providers. This lack is extremely frustrating and makes IdentityServer4 feel out of date.