Closed breynolds closed 2 years ago
I'm going to guess it's related to the signin scheme you're using for google and how you're processing it on the external callback logic (meaning does it match).
I saw some posts about that, so I had tried a few things there.
First I left everything defaulted thinking that it should just work that way, but it didn't. That was leaving SignInScheme as it's default in AddGoogle and then in ExternalController, leaving AuthenticateAsync and SignoutAsync both using "IdentityConstants.ExternalScheme"
Second, in the working IdentityServer that did not use ASP.Net Core Identity, we used IdentityServer4.IdentityServerConstants.ExternalCookieAuthenticationScheme for all three (SignInScheme, AuthenticateAsync, and SignoutAsync) as was explained in the "Interactive Applications with ASP.NET Core" quickstart. That didn't work either.
Third, I had thought one of the first two would work, but they didn't, so I tried going back to using IdentityConstants.ExternalScheme for AuthenticateAsync and SignoutAsync, and then in AddGoogle, I explicitly set SignInScheme to also be IdentityConstants.ExternalScheme and that didn't work either.
Am I using the wrong scheme, or missing a place where the scheme needs to be set in one of the Startup.cs or ExternalController.cs?
I think I am having a similar problem described in the issued I posted (#85).
I am starting the login process from an Angular 9 SPA using oidc-client-js and I am redirected to IS4 login page. I choose to authenticate with Google being redirected to Google login where I have my consent ... I am then redirected to External / Callback where there is a returnUrl to the SPA Client application. However I end up being redirected back to IS4 login page and not SPA login callback.
Either I login with Username / Password or Google I am always successfully authenticated on IS4.
It is just that when using Google I am not redirected back to the SPA client to complete the process.
@breynolds Did you solve your problem? Thank you.
We built up an identity server after successfully going through the first few quickstarts. We have Client Credentials, native app (dotnet core console app), and javascript apps all working with test users and with Google. Also did the quickstart to add in database support for config and operational data. All good.
Upon trying to complete the ASP.Net Core Identity quickstart, the regular users work, but we cannot get google authentication working. Clicking the google login bug briefly flickers to another page, but then we are redirected back to the login page.
I added steps to reproduce the problem and the log from identity server.
I starred a few lines in the log where you can see that the google login succeeded, but then somehow later the user was treated as not having logged in which I guess is why the user is redirected back to the login page. What is missing in between that causes the correctly logged in user to be lost?
Identity logins also fail, so it's not just google.
Don't know if it's relevant, buy I'm working on a MacBook Pro using the latest OS 10.15.5
Issue / Steps to reproduce the problem
dotnet new -u IdentityServer4.Templates dotnet new -i IdentityServer4.Templates dotnet new is4aspid -n IdentityServerAspNetIdentity
in launchSettings.json, change applicationUrl to http://localhost:5000 so it matches the test apps
in Config.cs, add in Email as an identity resource as well as the ApiResource that is required for our API:
in Config.cs, add in clients that work with non aspid identityserver:
In startup.cs, update Google configuration for ClientId and ClientSecret that are working in our other non-aspid identity server (leaving the actual values out of the bug report, but they are correct in the file):
dotnet run
=> The effect is that upon clicking on the Google login button, a page flickers in and then leaves, and we are redirected to the login page rather than being given the consent page in google. The normal username/password logins for bob / Pass123$ also fail.
Relevant parts of the log file