Closed FixRM closed 7 months ago
Check the ResponseMode option, it defaults to FormPost, which is less common to combine with ResponseType Code.
Is the request to /signin-oidc a GET or POST?
Hello @Tratcher. Request to /signin-oidc is POST for ResponseMode = FormPost and GET for ResponseMode = Query. For both options I see 404 in browser console.
The answer was found here: https://github.com/aspnet/AspNetKatana/issues/348. I need to add RedeemCode = true
to make it works. @Tratcher can you please explain how it works and what is going on there? Am I using hybrid flow or Pkce or whatever?
Second problem is the need to explicitly set RedirectUri parameter. Can we workaround this somehow @Tratcher? Site can be sitting behind DNS/reverse proxy/etc. and have several public names. Of course we need to add them all to STS but still, is that possible in Framework version?
RedeemCode
Code redemption was a feature added later so it was opt-in in case anyone was already doing the redemption themselves.
Second problem is the need to explicitly set RedirectUri parameter. Can we workaround this somehow @Tratcher Chris Ross FTE? Site can be sitting behind DNS/reverse proxy/etc. and have several public names. Of course we need to add them all to STS but still, is that possible in Framework version?
I think you'd need to use the RedirectToIdentityProvider Notification to update the ProtocolMessage.RedirectUri to match the current request host value.
I tried, but it ends up with 404 for some reason. If host/signin-oidc
is set up explicitly - it works, if it is set with RedirectToIdentityProvider Notification - then I got 404
Look at a Fiddler trace to see if the redirects are being generated as expected.
This should be the only relevant check to pass: https://github.com/aspnet/AspNetKatana/blob/3c194663090eeea35e5ee95cbe54959e0b90e3e3/src/Microsoft.Owin.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs#L226
Hello! Sorry for asking stupid things, but should I handle signin/signout myself if I'm using
Microsoft.Owin.Security.OpenIdConnect
?The following code works like a charm with
Microsoft.AspNetCore.Authentication.OpenIdConnect
:but similar code don't with
Microsoft.Owin.Security.OpenIdConnect
:At first, it doesn't pass
redirect_url
if it is not set explicitly. But if I set it to something likehttp://localhost:9001/signin-oidc
myself, redirect works butsignin-oidc
endpoint seems to be not registered. Am I doing something wrong? The teaser was clientid & authority is all I need: https://devblogs.microsoft.com/dotnet/owin-security-components-in-asp-net-openid-connect/