search

dotnet / aspnetcore

ASP.NET Core is a cross-platform .NET framework for building modern cloud-based web applications on Windows, Mac, or Linux.
https://asp.net
MIT License
35.16k stars 9.92k forks source link

[Microsoft.AspNetCore.Authentication.OpenIdConnect] handle callback called with GET Verb #42297

Closed julienGrd closed 2 years ago

julienGrd commented 2 years ago

Is there an existing issue for this?

Describe the bug

Hello guys, In my blazor server app I need to handle a client OpenId authentication. The openid provider is private and i cant make any modificaiton on it.

I meet an exception when the callback path is call by the provider.

'An error was encountered while handling the remote login.' An invalid request URI was provided. Either the request URI must be an absolute URI or BaseAddress must be set.

The request have these parameters

PathBase : {}
Path "/signin-oidc"
Method : GET
QueryString : {?
state=CfDJ8FzRxwXzkzhCkUlzqR23vs4RgJGQbdy6y2h35tr99_0f0a6eYrlhLUGz8MKph0jpFwwBOMt-OSyF6_7j-h6tvKT5UYo9Eh7WEOwaHGocCUDw-uwyJHiOyQiHHP2aZ9ym-LYUdjy5_Pojm_k_BqyzJS2SivNq0kFGwRQh-VWppLkaxtfnJLKnimwqR30Boo-nXFWUB3aM7sppl3fxnaeF-l8vEbtX5Bf7DW-zrd_w1YxsEaFGuR2mZxYkaKHPUKcfBLtm1UWIRYFA4rv9DLPzZLOnpN3ApRET0d8hr1ZiqPB_Riak-PaRkv4cpPn4aKv9cBMSCP8vMiMJMnad2PULJENj6oyxcKcRoBJw9ssayDZfS4FDc-SvTYFvwyMZxJ0Ru7nZmdfv97uW1Ou8I-hJ5EXI9UhbHQwZI-tPthZc0rmCWVPqmP8PfPAfhtiF_unc7A&
session_state=e13b4587-38e1-494e-8db9-e54ccc808e78&
code=3408fa22-5908-4a50-93d4-2e46d8c1c355.e13b4587-38e1-494e-8db9-e54ccc808e78.681579d6-b0f0-437c-b83b-702403129367}

When i check with a different OpenId provider, i see the callback is called with the POST Verb and it work without problem

i try to play with this option but it seen have no effect

options.AuthenticationMethod = OpenIdConnectRedirectBehavior.RedirectGet;

So the question : can i handle these GET request with openId and if not, how i can make an automatic redirect between the Get and the POST ?

thanks for your help !

Expected Behavior

Have the GET callback working

Steps To Reproduce

complicated, i cant share the provider, or i need to find a provider who call the callback whith the GET verb

Exceptions (if any)

'An error was encountered while handling the remote login.' An invalid request URI was provided. Either the request URI must be an absolute URI or BaseAddress must be set.

.NET Version

6.0.400-preview.22301.10

Anything else?

No response

Tratcher commented 2 years ago

What's the stack trace for that exception?

You're using the Authorization Code flow, you need to set some additional parameters like ResponseType="code", ResponseMode="query". See https://procodeguide.com/programming/oauth2-and-openid-connect-in-aspnet-core/#Create_Sample_ASPNET_Core_MVC_Web_App_Client_Secured_using_OpenID_Connect

julienGrd commented 2 years ago

this is the stack trace

System.Exception
  HResult=0x80131500
  Message=An error was encountered while handling the remote login.
  Source=Microsoft.AspNetCore.Authentication
  Arborescence des appels de procédure :
   à Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.<HandleRequestAsync>d__11.MoveNext()
   à Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.<Invoke>d__6.MoveNext()
   à Is.Geckos.Blazor.Server.Middlewares.AccessTokenMiddleware.<Invoke>d__2.MoveNext() dans C:\Users\julie\source\repos\Is.Geckos.Fw\Is.Geckos.Blazor.Server\Middlewares\AccessTokenMiddleware.cs :ligne 38
  Cette exception a été levée à l'origine dans cette pile des appels : 
    System.Net.Http.HttpClient.PrepareRequestMessage(System.Net.Http.HttpRequestMessage)
    System.Net.Http.HttpClient.CheckRequestBeforeSend(System.Net.Http.HttpRequestMessage)
    System.Net.Http.HttpClient.SendAsync(System.Net.Http.HttpRequestMessage, System.Net.Http.HttpCompletionOption, System.Threading.CancellationToken)
    System.Net.Http.HttpClient.SendAsync(System.Net.Http.HttpRequestMessage, System.Threading.CancellationToken)
    Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.RedeemAuthorizationCodeAsync(Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage)
    Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync()

Exception interne 1 :
InvalidOperationException : An invalid request URI was provided. Either the request URI must be an absolute URI or BaseAddress must be set.

i tried to add the parameter ResponseMode="query", but still the same exception, the ResponseType="code", was already there.

any other idea ?

julienGrd commented 2 years ago

@Tratcher any idea on how i can work on it ? still stuck at this step.

i don't know what I can try now

Tratcher commented 2 years ago

Oh, that exception is coming from here: https://github.com/dotnet/aspnetcore/blob/c85baf8db0c72ae8e68643029d514b2e737c9fae/src/Security/Authentication/OpenIdConnect/src/OpenIdConnectHandler.cs#L839-L842

Your configuration has a missing or invalid TokenEndpoint. Have you set OpenIdConnectOptions Authority, Configuration, ConfigurationManager, or MetadataAddress? To What?

Can you give a complete example of your OpenIdConnectOptions?

julienGrd commented 2 years ago

you are right, there was a mistake in my configuration, the AuthorizationEndpoint was set but no the others. I finylly put only the authority and it work like that. Maybe a more precise message would be welcoming ?

thanks for your help, its close for me