search

DuendeSoftware / Support

Support for Duende Software products
21 stars 0 forks source link

Invalid redirect url problem. #750

Closed cyclorama closed 1 year ago

cyclorama commented 1 year ago

I am trying to get authentication working on my production environment for my Blazor WASM app.

Which version of Duende IdentityServer are you using?

6.3.2

Which version of .NET are you using?

.NET6

Describe the bug

The requested URL is in the list of allowed URLs, yet the request is failing because identity server believes that the requested URL isn't in the list of allowed URLs.

Expected behavior

The request should be allowed as the requested URL is in the allowed list of URLs.

Log output/exception with stacktrace

GET3021,000 B7 msChrome 114 https://og.deals/connect/authorize?client_id=ogdeals.Client&redirect_uri=https%3A%2F%2Fog.deals%2Fauthentication%2Flogin-callback&response_type=code&scope=ogdeals.ServerAPI%20openid%20profile&state=ecd2d2d41c304b5ba2e34f1fa6de5061&code_challenge=1C84ZiiXM4_P3nVXXiHtsOrfJjagBknWO0DIYkasL_4&code_challenge_method=S256&response_mode=query

info: Duende.IdentityServer.Hosting.IdentityServerMiddleware[0]
Invoking IdentityServer endpoint: Duende.IdentityServer.Endpoints.AuthorizeEndpoint for /connect/authorize

fail: Duende.IdentityServer.Validation.AuthorizeRequestValidator[0]
Invalid redirect_uri: https://og.deals/authentication/login-callback
{
"ClientId": "ogdeals.Client",
"ClientName": "ogdeals.Client",
"AllowedRedirectUris": [
"https://og.deals/authentication/login-callback"
],
"SubjectId": "anonymous",
"RequestedScopes": "",
"PromptMode": "",
"Raw": {
"client_id": "ogdeals.Client",
"redirect_uri": "https://og.deals/authentication/login-callback",
"response_type": "code",
"scope": "ogdeals.ServerAPI openid profile",
"state": "ecd2d2d41c304b5ba2e34f1fa6de5061",
"code_challenge": "1C84ZiiXM4_P3nVXXiHtsOrfJjagBknWO0DIYkasL_4",
"code_challenge_method": "S256",
"response_mode": "query"
}
}

fail: Duende.IdentityServer.Endpoints.AuthorizeEndpoint[0]
Request validation failed

info: Duende.IdentityServer.Endpoints.AuthorizeEndpoint[0]
{
"ClientId": "ogdeals.Client",
"ClientName": "ogdeals.Client",
"AllowedRedirectUris": [
"https://og.deals/authentication/login-callback"
],
"SubjectId": "anonymous",
"RequestedScopes": "",
"PromptMode": "",
"Raw": {
"client_id": "ogdeals.Client",
"redirect_uri": "https://og.deals/authentication/login-callback",
"response_type": "code",
"scope": "ogdeals.ServerAPI openid profile",
"state": "ecd2d2d41c304b5ba2e34f1fa6de5061",
"code_challenge": "1C84ZiiXM4_P3nVXXiHtsOrfJjagBknWO0DIYkasL_4",
"code_challenge_method": "S256",
"response_mode": "query"
}
}

Additonal information

This is a Blazor WASM app.

This is what my appsettings.Production.json looks like:

{
  "Logging": {
    "LogLevel": {
      "IdentityServer4": "Debug",
      "IdentityServer4.Events": "Information"
    }
  },
  "IdentityServer": {
    "IssuerUri": "https://og.deals",
    "Clients": {
      "ogdeals.Client": {
        "Profile": "IdentityServerSPA",
        "RedirectUri": "https://og.deals/authentication/login-callback",
        "LogoutUri": "https://og.deals/authentication/logout-callback"
      }
    }
  },
  "AllowedHosts": "*"
}
cyclorama commented 1 year ago

I have solved this by using "/authentication/logout-callback" for my RedirectUrl and LogoutUri instead of an absolute URL.

Microsoft advises to use an absolute URL but in my case it seems to have been the issue itself.