Sitecore Identity Service - Max Client Secret Length

Monday, September 7, 2020

So in the process of developing the new MVP site, we ran into a couple things that other developers might encounter. So I wanted to start covering some of them here. The first of those are the rules about the Identity Server Client Secret.

With the release of Sitecore 10, a new Sitecore CLI was released. This allows for headless authentication when deserialising content automatically, say during a CI process. You can achieve this by using a command like so:

dotnet sitecore login --client-credentials true --auth --cm --allow-write true --client-id "<<CLIENT_ID>>" --client-secret "<<TOKEN>>"

Now I was trying to use a very long Token value for this. I originally started with a 128 char token, but the authentication kept failing with the following error

Error while getting client credentials token: invalid_client

It took a bit to figure out, but the key to this became clear once I viewed the logs for my ID server instance, I did this using the following command:

docker logs mvp-site_id_1

After wading through the logs I saw the following entry that made it all very clear!

IdentityServer4.Validation.PostBodySecretParser [Error] Client secret exceeds maximum length.

So after some trial and error with tokens of different lengths, it turns out that the Max Length supported is 101 chars. So when creating Client Secrets for Sitecore 10 you need to make sure that you stay under that length!