Add unauthorized client frequent error

2020-03-23 15:45:06 +00:00 · 2020-03-23 15:45:06 +00:00 · c7c6c1143b
commit c7c6c1143b
parent 3aec7aef3e
4 changed files with 57 additions and 2 deletions
--- a/Frecuent-errors.md
+++ b/Frecuent-errors.md
@ -1,7 +1,8 @@
-These are the most frequent errors encountered when running eShopOnContainers for the first time.
+These are the most frequent errors encountered when running eShopOnContainers.
 > **CONTENT**
 - [Unauthorized_client when trying to log in from the MVC, the SPA application, or the Swagger UI API pages](#unauthorizedclient-when-trying-to-log-in-from-the-mvc-the-spa-application-or-the-swagger-ui-api-pages)
 - [When trying to log in from the MVC app I get an error](#when-trying-to-log-in-from-the-mvc-app-i-get-an-error)
  - [Deploying in Windows with Docker for Windows](#deploying-in-windows-with-docker-for-windows)
  - [Deploying in a Mac with Docker for Mac](#deploying-in-a-mac-with-docker-for-mac)
@ -11,6 +12,10 @@ These are the most frequent errors encountered when running eShopOnContainers fo
 - [When I run 'docker-compose up' I get an error like ERROR: Service 'xxxxx' failed to build: COPY failed: stat ...: no such file or directory](#when-i-run-docker-compose-up-i-get-an-error-like-error-service-xxxxx-failed-to-build-copy-failed-stat--no-such-file-or-directory)
 - [When I try to run the solution in 'Docker for Windows' (on the Linux VM) I get the error: 'Did you mean to run dotnet SDK commands?'](#when-i-try-to-run-the-solution-in-docker-for-windows-on-the-linux-vm-i-get-the-error-did-you-mean-to-run-dotnet-sdk-commands)
 ## Unauthorized_client when trying to log in from the MVC, the SPA application, or the Swagger UI API pages
 See details and the solution in the [unauthorized_client error on login](unauthorized_client-error-on-login.md) wiki page.
 ## When trying to log in from the MVC app I get an error
 There are usually two errors related to this:
@ -52,7 +57,7 @@ You should receive json response. If not, ensure that Identity.API and Docker ar
 It looks like the SQL container tried to start but then it exited?
 If I do a "docker ps -a", the STATUS column for the SQL container does NOT show a status of "Up" but shows the STATUS as "Exited".
 Workaround: Usually this is due to not enough memory assigned to the Docker Host Linux VM. 
-IMPORTANT: Note that sometimes after installing a "Docker for Windows" update it might have reset the assigned memory value and it might be 2GB again (see Docker issue https://github.com/docker/for-win/issues/1169), which is not enough for the SQL container. Set, at least, 4GB of memory to the Docker Host in "Docker for Windows" settings.
+IMPORTANT: Note that sometimes after installing a "Docker for Windows" update it might have reset the assigned memory value and it might be 2GB again (see Docker issue <https://github.com/docker/for-win/issues/1169>), which is not enough for the SQL container. Set, at least, 6GB of memory to the Docker Host in "Docker for Windows" settings.
 For further information see the [Windows setup](Windows-setup) and [Mac setup](Mac-setup) pages.
--- a/images/unauthorized_client-error-on-Login/ClientRedirectUris-table.png
+++ b/images/unauthorized_client-error-on-Login/ClientRedirectUris-table.png
--- a/images/unauthorized_client-error-on-Login/identity-server-authorize-request.png
+++ b/images/unauthorized_client-error-on-Login/identity-server-authorize-request.png
--- a/unauthorized_client-error-on-Login.md
+++ b/unauthorized_client-error-on-Login.md
@ -0,0 +1,50 @@
 > **CONTENT**
 - [Causes](#causes)
  - [Details](#details)
 - [Solutions](#solutions)
 ## Causes
 This error occurs because the connecting app isn't registered in the IdentityServer database as an authorized client.
 The authorized client registration occurs when the Identity DB is seeded, and in eShopOnContainers this happens when the DB is first created. So this only happens when first installed or when restarting the Identity service if the DB has been deleted.
 When registering the clients, eShopOnContainers reads the values from the following configuration variables, from either the `appsettings.json` file, the `docker-compose.override.yml` file or the equivalent environment variables:
 ```yaml
 - SpaClient
 - MvcClient
 - LocationApiClient
 - MarketingApiClient
 - BasketApiClient
 - OrderingApiClient
 - MobileShoppingAggClient
 - WebShoppingAggClient
 - WebhooksApiClient
 - WebhooksWebClient
 ```
 ### Details
 IdentityServer uses the `RedirectUri` to decide if the connecting client is authorized
 When a user that's not been authorized tries to use the [client] app, they are  redirected to the IdentityServer's `/connect/authorize` endpoint, and the request includes a redirection uri that's used to complete the login process, as shown in the following image:
 ![](images/unauthorized_client-error-on-Login/identity-server-authorize-request.png)
 The authorized clients are registered in the `Clients` table and the related redirect URIs in the `ClientRedirectUris` table as shown in the following image:
 ![](images/unauthorized_client-error-on-Login/ClientRedirectUris-table.png)
 It's important to keep in mind that if the application is registered as `http://host.docker.internal:5004` but started as `http://localhost:5104` it's considered to be a different one, so it'll get the `unauthorized_client` message.
 ## Solutions
 So the possible solution are:
 1. Make sure you are starting the app from the correct address.
 2. Update the `ClientRedirectUris` table to the correct values.
 3. Drop the `IdentityDb` database and restart the `Identity` service, after updating the `docker-compose.override.yml` file, or the `configmap.yaml` in Kubernetes, so that all the clients are registered correctly.