Closed abylikhsanov closed 6 months ago
I have the same issue
@abylikhsanov thanks for contacting us.
Does your .well-known/openid-configuration
document return a fully qualified URL?
@javiercn @halter73 Yes it does
This appears to basically be a duplicate of #55194, #55355 and #55774. And the problem is misaligned Microsoft.IdentityModel NuGet package versions. There's an indirect reference to the 7.1.2 Microsoft.IdentityModel.Protocols.OpenIdConnect package which is incompatible with the newer 7.5.1 Microsoft.IdentityModel.Tokens package that's referenced in directly.
Out of sync NuGet package versions ought not to cause issues like this as long as breaking changes are avoided, but it turns out there were some breaking changes behavioral in more recent Microsoft.IdentityModel.Tokens packages that can lead to these hard-to-diagnose errors. We'll try harder to avoid this in the future. https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2513#issuecomment-2099109337 is tracking fixing this issue on the Microsoft.IdentityModel side.
But in general, packages with aligned versions are more thoroughly tested together, so it's a good idea to line everything up if you can. I submitted a PR to the repro project at https://github.com/abylikhsanov/ztlme/pull/1 which fixes the issue.
Is there an existing issue for this?
Describe the bug
I have configured my app to use OpenID authentication:
However when I try to access the GET endpoint that returns the challenge so the user could authenticate:
I get an exception:
I can confirm that token_endpoint is being received as an absolute URI and you can check my session I have recorded using the Fiddler here: https://we.tl/t-57vWwyE0P3
So I think there is an issue with the MS middleware or could be something I messed up?
My full Program.cs:
Expected Behavior
No exception and the next callback specified in the authority should be called
Steps To Reproduce
Repo: https://github.com/abylikhsanov/ztlme Run
dotnet run
, go to the browser and typehttp://localhost:5272/api/Auth/bankid
, choose the first option and enter30070721151
for the personal number, click next, enterotp
for the one time password click next and typeqwer1234
for the password and keep clicking next after which you will see the exceptionExceptions (if any)
No response
.NET Version
8.0.0
Anything else?
No response