Invalid scope error

[dsuhinin]

Im trying to test OIDC flow on my local. I have next configuration:

• Im using the latest docker image and this is my docker-compose:

  oidc-server-mock:
    container_name: oidc-server-mock
    image: ghcr.io/soluto/oidc-server-mock:latest
    ports:
      - '8080:80'
    environment:
      ASPNETCORE_ENVIRONMENT: Development
      ASPNETCORE_URLS: http://+:80
      SERVER_OPTIONS_INLINE: |
        {
          "AccessTokenJwtType": "JWT",
          "Discovery": {
            "ShowKeySet": true
          }
        }
      LOGIN_OPTIONS_INLINE: |
        {
          "AllowRememberLogin": false
        }
      LOGOUT_OPTIONS_INLINE: |
        {
          "AutomaticRedirectAfterSignOut": true
        }
      USERS_CONFIGURATION_PATH: /config/oidc-users-config.yaml
      CLIENTS_CONFIGURATION_PATH: /config/oidc-clients-config.json
      ASPNET_SERVICES_OPTIONS_INLINE: |
        { 
          "ForwardedHeadersOptions": { 
            "ForwardedHeaders" : "All"
          }
        }
    volumes:
      - ./oidc-users-config.yaml:/config/oidc-users-config.yaml
      - ./oidc-clients-config.json:/config/oidc-clients-config.json

Users configuration file:

[
  {
    "SubjectId":"1",
    "Username":"user1",
    "Password":"password1"
  }
]

Client configuration file:

[
  {
    "ClientId": "user1-client-id",
    "ClientSecrets": ["user1-client-secret"],
    "Description": "User with group1, group2 in claims.",
    "AllowedGrantTypes": ["authorization_code"],
    "AllowAccessTokensViaBrowser": true,
    "RedirectUris": ["http://localhost:5000/auth/oidc"],
    "AllowedScopes": ["openid", "profile", "email"],
    "IdentityTokenLifetime": 3600,
    "AccessTokenLifetime": 3600,
    "RequirePkce": false,
    "RequireClientSecret": false
  }
]

My generated URL looks like -> http://localhost:8080/connect/authorize?client_id=user1-client-id&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2Fauth%2Foidc&response_type=code&scope=openid%2Cemail&state=BfwyLzhllKIvBQUqrYbX

so Im trying to request openid and email scopes and it seems like they configured in my client configuration file but I always got:

Sorry, there was an error : invalid_scope
Invalid scope

So what Im doing wrong? In logs from the container I can see next message:

Scope openid,email not found in store or not supported by requested resource indicators.
2024-05-28T06:13:01.200973927Z 
[06:13:01 Error] Duende.IdentityServer.Endpoints.AuthorizeEndpoint
Request validation failed
2024-05-28T06:13:01.200979901Z 
[06:13:01 Information] Duende.IdentityServer.Endpoints.AuthorizeEndpoint
{"ClientId": "user1-client-id", "ClientName": null, "RedirectUri": "http://localhost:5000/auth/oidc", "AllowedRedirectUris": ["http://localhost:5000/auth/oidc"], "SubjectId": "anonymous", "ResponseType": "code", "ResponseMode": "query", "GrantType": "authorization_code", "RequestedScopes": "openid,email", "State": "BfwyLzhllKIvBQUqrYbX", "UiLocales": null, "Nonce": null, "AuthenticationContextReferenceClasses": null, "DisplayMode": null, "PromptMode": "", "MaxAge": null, "LoginHint": null, "SessionId": null, "Raw": {"client_id": "user1-client-id", "redirect_uri": "http://localhost:5000/auth/oidc", "response_type": "code", "scope": "openid,email", "state": "BfwyLzhllKIvBQUqrYbX"}, "$type": "AuthorizeRequestValidationLog"}