I have encountered error: invalid_request The 'iss' parameter cannot be used when 'authorization_response_iss_parameter_supported' is not supported by the authorization server. when adding new web provider based on IdentityServer

openiddict / openiddict-core

Flexible and versatile OAuth 2.0/OpenID Connect stack for .NET

https://openiddict.com/

Apache License 2.0

4.44k stars 520 forks source link

I have encountered error: invalid_request The 'iss' parameter cannot be used when 'authorization_response_iss_parameter_supported' is not supported by the authorization server. when adding new web provider based on IdentityServer #1932

Closed samdubey closed 10 months ago

samdubey commented 10 months ago

Personal contribution

[ ] I'm not interested in submitting a pull request and understand that this provider may not be fixed in the near future without my contribution.

Version

4.x

Provider name

DuendeIdentityServer

Describe the bug

when adding new web provider based on IdentityServer

To reproduce

I have hosted IdentityServer (https://duendesoftware.com/products/identityserver) trying to add provider for the same it encountered above error I am just starting out, kindly guide me

Exceptions (if any)

No response

kevinchalet commented 10 months ago

Hi,

This error is returned when the authorization server specified an iss parameter in the authorization response, but doesn't include "authorization_response_iss_parameter_supported": true in its configuration document, which is typically a compliance issue.

What version of Duende IdentityServer are you using?

samdubey commented 10 months ago

v6.0

samdubey commented 10 months ago

it does have https://[rioid.azurewebsites.net/.well-known/openid-configuration](https://rioid.azurewebsites.net/.well-known/openid-configuration)

https://[rio-content-management-web.azurewebsites.net/.well-known/openid-configuration](https://rio-content-management-web.azurewebsites.net/.well-known/openid-configuration)

"authorization_response_iss_parameter_supported": true but no avail

kevinchalet commented 10 months ago

How did you create the provider? By adding it to the .xml file? Care to share it here?

samdubey commented 10 months ago

New-Providers.txt I have attached txt file as XML is not working good with markdown editor

redirect uri: https://localhost:44381/callback/login/rioid

kevinchalet commented 10 months ago

The error occurs because you set a static <Configuration /> instead of using OIDC discovery. Remove that and it should work.

samdubey commented 10 months ago

I have removed block but now got following error:

Ooooops, something went really bad! :( invalid_client The token request was rejected by the remote server. @kevinchalet

kevinchalet commented 10 months ago

Take a look at the logs or intercept the token response using Fiddler to see what's causing the rejection.

samdubey commented 10 months ago

thank you, will check

samdubey commented 10 months ago

https://documentation.openiddict.com/errors/ID2147 getting this url for error but does not show anything on the site for the url

kevinchalet commented 10 months ago

It's expected: it currently mostly serves as an identifier. Real documentation will come in the future, hopefully: https://github.com/openiddict/openiddict-documentation/issues/30.