[WorkWeixin] doesn't work with multiple instances

[Jeff-Tian]

Describe the bug

I integrated the WorkWeixin into Duende IdentityServer and deployed it into both Azure with a single instance and Okteto with multiple instances (2 pods). It works as expected in Azure as there is only a single instance. But it does NOT work for the Okteto one as there are 2 pods.

The error happens when the authorization part is done with Work Weixin and then called back:

Steps To reproduce

1. Go to https://id6-jeff-tian.cloud.okteto.net/Account/Login
2. Select 企业微信
3. Scan the QR Code
4. Wait for the callback and see the error mentioned above

Expected behaviour

Should log in successfully as with Azure deployment:

1. Go to http://id6.azurewebsites.net/Account/Login
2. Select 企业微信
3. Scan the QR Code
4. Wait for the callback and see the successfully logged-in page

Actual behaviour

Error happens with https://id6-jeff-tian.cloud.okteto.net/Account/Login

System information

.NET SDK (reflecting any global.json): Version: 6.0.301

Additional context

Code repo: https://github.com/Jeff-Tian/IdentityServer

[kinosang]

Please consider have a look at WeCom Developer Docs, e.g. https://developer.work.weixin.qq.com/document/path/90313#%E9%94%99%E8%AF%AF%E7%A0%81%EF%BC%9A60020

[Jeff-Tian]

Thanks @kinosang !

Checked 60020 is related to the trusted IP settings. I compared the 2 apps regarding azure instance and okteto instance. My azure app doesn't require the trusted IP, wierd! But it is external which is not WorkWeixin provider's bug. Thanks again.

Azure App in the Work Weixin	Okteto App in the Work Weixin

[Jeff-Tian]

Hi @kinosang sorry to ask again, but do you know how to get the external IP for a service?

I configured the trusted IP to 35.225.69.73 which was fetched by the ping id6-jeff-tian.cloud.okteto.net command.

But still, get the 60020 error.

Thanks in advance!

[kinosang]

@Jeff-Tian I have no idea, I haven't used Okteto.

maybe submit a support ticket to them.