search

byo-software / steam-openid-connect-provider

Steam OpenID Connect Identity Provider (IdP)
MIT License
67 stars 24 forks source link

/ExternalLogin not working #11

Closed nwidynski closed 3 years ago

nwidynski commented 3 years ago

Issue

Docker container crashes on /ExternalLogin

Error

steamoidc    | [11:07:37 Information] AspNet.Security.OpenId.Steam.SteamAuthenticationHandler
steamoidc    | AuthenticationScheme: Steam was challenged.
steamoidc    | 
steamoidc    | [11:07:56 Warning] AspNet.Security.OpenId.Steam.SteamAuthenticationHandler
steamoidc    | '.AspNetCore.Correlation.Steam.<REMOVED>' cookie not found.
steamoidc    | 
steamoidc    | [11:07:56 Information] AspNet.Security.OpenId.Steam.SteamAuthenticationHandler
steamoidc    | Error from RemoteAuthentication: The authentication response was rejected because the anti-forgery token was invalid..
steamoidc    | 
steamoidc    | [11:07:56 Error] Microsoft.AspNetCore.Server.Kestrel
steamoidc    | Connection id "0HM9B6QEE0S99", Request id "0HM9B6QEE0S99:00000003": An unhandled exception was thrown by the application.
steamoidc    | System.Exception: An error was encountered while handling the remote login.
steamoidc    |  ---> System.Exception: The authentication response was rejected because the anti-forgery token was invalid.
steamoidc    |    --- End of inner exception stack trace ---
steamoidc    |    at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()
steamoidc    |    at IdentityServer4.Hosting.FederatedSignOut.AuthenticationRequestHandlerWrapper.HandleRequestAsync()
steamoidc    |    at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
steamoidc    |    at IdentityServer4.Hosting.BaseUrlMiddleware.Invoke(HttpContext context)
steamoidc    |    at SteamOpenIdConnectProvider.Startup.<Configure>b__5_0(HttpContext ctx, Func`1 next) in /src/SteamOpenIdConnectProvider/Startup.cs:line 98
steamoidc    |    at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)
steamoidc    |

Reproduction

---
version: '3.4'
services:
  steamoidc:
    image: imperialplugins/steam-openid-connect-provider
    container_name: steamoidc
    environment:
      - OpenID__RedirectUri=http://localhost:3000/auth/login/callback
      - OpenID__PostLogoutRedirectUri=http://localhost:3000/auth/logout
      - OpenID__ClientID=steamoidc
      - OpenID__ClientSecret=<REMOVED>
      - Authentication__Steam__ApplicationKey=<REMOVED>
    ports:
      - '80:80'
      - '443:443'
    restart: unless-stopped
Trojaner commented 3 years ago

Authentication is rejected if not called via https