Identityserver4: You must either set Authority or IntrospectionEndpoint

• [ ] I read and understood how to enable logging

Issue / Steps to reproduce the problem

Token endpoint is working fine using Postman but when I call any endpoint from my angular app which is on different domain, it gives an error:
"You must either set Authority or IntrospectionEndpoint"

Relevant parts of the log file

You must either set Authority or IntrospectionEndpoint

Startup.cs

public class Startup
{
    public Startup(IConfiguration configuration)
    {
        Configuration = configuration;
    }

    public IConfiguration Configuration { get; }

    // This method gets called by the runtime. Use this method to add services to the container.
    public void ConfigureServices(IServiceCollection services)
    {
        services.AddCors(options =>
        {
            options.AddPolicy("AllowSpecificOrigin",
                builder => builder
                    .WithOrigins("http://localhost:4200")
                    .AllowAnyHeader()
                    .AllowAnyMethod()
                    .AllowCredentials()
                );
        });

        services.AddIdentityServer()
            .AddDeveloperSigningCredential()
            .AddInMemoryApiResources(Config.GetApiResources())
            .AddInMemoryClients(Config.GetClients());

        services.AddMvcCore()
            .AddApiExplorer()
            .AddAuthorization()
            .AddJsonFormatters();

        services.AddAuthentication("Bearer")
            .AddIdentityServerAuthentication(options =>
            {
                options.Authority = "http://localhost:5000";
                options.RequireHttpsMetadata = false;
                options.ApiName = "userInfo";
            });

        services.AddSingleton<IConfiguration>(Configuration);

        // Register application services.
        services.AddTransient<ICorsPolicyService, DemoCorsPolicy>();
        services.AddTransient<IResourceOwnerPasswordValidator, ResourceOwnerPasswordValidator>();
        services.AddTransient<IUserRepository, UserRepository>();
        ...
    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
    {
        if (env.IsDevelopment())
        {
            loggerFactory.AddConsole();
            app.UseDeveloperExceptionPage();
        }

        app.UseCors("AllowSpecificOrigin");

        app.UseIdentityServer();

        app.UseAuthentication();

        app.UseMvc();
    }
}

// Allows arbitrary CORS origins - only for demo purposes.
public class DemoCorsPolicy : ICorsPolicyService
{
    public Task<bool> IsOriginAllowedAsync(string origin)
    {
        return Task.FromResult(true);
    }
}

Client

new Client
{
    ClientId = "client",
    ClientName = "Angular app",
    AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
    AllowAccessTokensViaBrowser = true,
    RequireClientSecret = true,
    ClientSecrets = { new Secret("secret".Sha256()) },
    AllowedScopes = new List<string> { "openid", "profile", "userInfo" },
    RedirectUris = new List<string> {"http://localhost:4200/auth-callback", "http://localhost:4200/silent-refresh.html"},
    PostLogoutRedirectUris = new List<string> {"http://localhost:4200/"},
    AllowedCorsOrigins = new List<string> {"http://localhost:4200"}
}