Sometimes client calls server IP which fails SSL check as IP adress is not included in servers SSL certificate

IdentityModel / oidc-client-js

OpenID Connect (OIDC) and OAuth2 protocol support for browser-based JavaScript applications

Apache License 2.0

2.43k stars 842 forks source link

Sometimes client calls server IP which fails SSL check as IP adress is not included in servers SSL certificate #1322

Closed alex737876 closed 3 years ago

alex737876 commented 3 years ago

Using Angular 10 and oidc client package from dotnetcore individual auth startet project, the client sometimes loses its 'authenticated' state. In the browsers F12 debugger i found that the client is lauching a request against servers IP, which fails SSL check as IP adress is not included in servers SSL certificate. I am using the authorize guard inside 2 different routing modules, one of it is lazy loaded. This only happens from day to day... how can i fix this?

brockallen commented 3 years ago

Sorry, I can't help you with your TLS issues.

alex737876 commented 3 years ago

Thank you, of course. I thought the issue is, that it is calling the IP instead of domain. Because win-acme (which i am using) could not include ip addresses to the SSL certificate.

Maybe its okay that it is using the IP but i need another cert? Is this what you mean? Thank you

brockallen commented 3 years ago

Oh I see... I wasn't clear that you were trying to use the IP. So no, you can't do that :) You need proper DNS (or local hosts hacked up) and cert to match.

alex737876 commented 3 years ago

Okay thank you1 :) How can i configure oidc-js NOT to use ip address?

brockallen commented 3 years ago

Don't use an IP address in the Authority.