Closed D4M13N-D3V closed 4 years ago
A) signin-oidc should not be mapped to ExternalLoginCallback, UseOpenIdConnectAuthentication handles that path internally. Delete the MapRoute
call.
B) There's a new option RedeemCode
you need to set when only using the Code ResponseType. https://github.com/aspnet/AspNetKatana/blob/635c92f641ad1e014eead31cc7a365004949fda5/src/Microsoft.Owin.Security.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs#L320-L324. it use to only support Hybrid flows.
Now im getting this error?
new OpenIdConnectAuthenticationOptions
{
Authority = "https://orders.x.com/oauth/",
ClientId = "x",
ClientSecret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
RedirectUri = "https://localhost:44348/signin-oidc/",
PostLogoutRedirectUri = "https://localhost:44348/signout-oidc/",
ResponseType = OpenIdConnectResponseType.Code,
RedeemCode = true,
Scope = "openid email profile",
TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = false,
},
Configuration = new OpenIdConnectConfiguration(json),
});```
IDX10501: Signature validation failed. Unable to match key:
kid: 'System.String'.
Exceptions caught:
'System.Text.StringBuilder'.
token: 'System.IdentityModel.Tokens.Jwt.JwtSecurityToken'.
I dont see anything different from what I have been seeing other people do. Very confused why that wasnt documented anywhere, so its thrown me entirely off.
Wow, that error message needs work. https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/535158822edd2760a81fa1e9ef902e3959dd65d3/src/System.IdentityModel.Tokens.Jwt/JwtSecurityTokenHandler.cs#L973
Can you move this issue to https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/ so they can interpret and/or improve that error message?
I see you're providing the OpenIdConnectConfiguration manually? The comments around IDX10501 imply that configuration information may be out of date.
Ah, how would I go about configuring ti then, im currently just loading it from the json on whmcs.
The recommendation is to set the MetadataAddress where it can download the correct keys. https://github.com/aspnet/AspNetKatana/blob/635c92f641ad1e014eead31cc7a365004949fda5/src/Microsoft.Owin.Security.WsFederation/WsFederationAuthenticationMiddleware.cs#L77-L78
This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment. If it is closed, feel free to comment when you are able to provide the additional information and we will re-investigate.
See our Issue Management Policies for more information.
I am having a really hard time getting OpenIDConnect to work properly with this asp.net 4.6 mvc 5 project. Recently I was getting a 404 error and ended up adding a custom route to the callback action to get it to work past that. AFter that I started getting a error about GetExternalLoginInfoAsync() returning null and getting a nullreferenceexception. This is what my config looks like with some things redacted, along with the routing. Also the image provided is one of the errors I get,if i dont use custom routing i just get a 404 error. I know that I shouldnt having to be routing that. Now when i compare the traffic between the zoom oauth which works and this I notice this is only getting from External Login -> Authorize.php -> /signin-oidc.
OpenIdConnect nonce cookie is there, so is session_id, also in the URL it is sending the state and the code
This is the code for the setup of OpenIdConnectAuthentication
Code
Routing