Open antosubash opened 6 years ago
Are you using NativeUI?
If yes, what is redirect_url
?
Yes, I'm using Native UI.redirect_url
is https://landsense.eu/birdlifeapp which is a custom URL for getting back to the app.
Yes, I'm using Native UI.redirect_urlis https://landsense.eu/birdlifeapp which is a custom URL for getting back to the app.
With http
or https
scheme you will never be able to return to the app. System Browser will always handle those schemes.
This is because in the OAuth2Authenticator class we are calling Uri.AbsoluteUri to set the "redirect_uri" parameter for the access token HTTP request. This adds a trailing slash to the redirect URI that many providers reject because it doesn't exactly match the redirect URI passed in the authorize HTTP request step of the process. We should be using Uri.OrginalString instead.
I'm think I am having the same issue. After days of research, I keep coming back to this post.
I am trying to implement authentication via Microsoft in a Xamarin Forms PCL app.
Using NativeUI. The redirecturl is {clientid}//:oauth2redirect.
I'm trying to get this working for UWP.
In the UWP app.xaml.cs code, in the OnActivated() function, I am calling AuthenticationState.Authenticator.OnPageLoading(new Uri(Uri.AbsoluteUri)); where the Uri.AbsoluteUri happens to be the redirecturl with the authorization code.
What is happening is that I immediately get an "invalid_client" error. I am not sure if this error is because I am calling OnPageLoading() and I shouldn't be. But if I don't do it, I can't redirect back to my app (so the screen just goes blank).
(In my experience, I have implemented the oauth functionality in other non-Xamarin apps by using a webview where I get the auth code, then use it to request the access token.)
I guess I don't understand exactly when the call to request the access token happens. Does Xamarin.Auth do that for me? Or do I need to call it manually?
I guess I don't understand exactly when the call to request the access token happens. Does Xamarin.Auth do that for me? Or do I need to call it manually?
I have the same question. I made it work by creating the request for access token manually in the IntentFilter.
I figured out my problem.
First of all, I found that Xamarin.Auth does take care of requesting the access token so I don't have to do it manually.
I got past the "invalid_client" error by adding a "/" to the end of my redirecturl. (Note: I did this in two places: (1) the app settings in Azure AD, and (2) where I define the redirecturl string in the app code.)
Then, I started getting an "invalid_resource" error.
I found that this is because the OAuth2Authenticator.RequestAccessTokenAsync() method is not adding the "resource" parameter (which should be set to the clientid) when making the call to request the access token.
My workaround:
Since RequestAccessTokenAsync() cannot be overridden directly, I created a new class to inherit OAuth2Authenticator. In there, I did two things:
(1) created a new method called CustomRequestAccessTokenAsync(), which is just a copy of the original RequestAccessTokenAsync(), and modified to add the resource parameter.
(2) override OnRedirectPageLoaded() and modified to call my CustomRequestAccessTokenAsync().
Now, I am able to authenticate successfully.
@yasmanillanes: Thanks for the heads-up (on why the redirect_uri is being trailed with a '/'). Any release plan for a fix?
@pme442 can you please try this with the latest version.
I tried it with the latest version and it won't launch the presenter, I get the "invalid authenticator" error because of my subclassed OAuth2Authenticator (#280).
If I remove my subclass and use the OAuth2Authenticator directly, it's not even hitting the UWP OnActivated() function.
@pme442 thanks for coming back to me, i'll assign it to @moljac
Update: I got past the problem of it not hitting the UWP OnActivated() function -- I didn't realize that I had an 2 instances of the app installed on my pc (one must have been corrupted or something). I uninstalled both and rebuilt/re-deployed and now it is hitting it and working as expected. So, the result is that I am back to the "invalid_resource" error. Which means that I DO need my custom authenticator (what I mentioned above, on 2/19/18) -- but by using it, I run into the "invalid authenticator" error.
This is not custom scheme, so adding implementation for this will not be trivial
triaging it as "Low Priority"
In order to speed up the bugfixing, add link to the repo with minimal sample (with removed sensitve data)
I think a potential cause for some people is that the client is not authenticating itself to the token endpoint when exchanging the code for a token. It's meant to use HTTP Basic auth with the clientID as the username, and the clientSecret as the password (If a client secret is specified) As of the lastest version , Xamarin.Auth does not do this.
Specifically, here: https://github.com/xamarin/Xamarin.Auth/blob/c75c312bd9a7eb7099a315fd76e6c2b6b1d668fc/source/Core/Xamarin.Auth.Common.LinkSource/OAuth2Authenticator.cs#L845
We are only passing the client ID in the URL, but the client also needs to authenticate itself, using HTTP Basic auth, in the subsequently called "RequestAccessTokenAsync".
I'll see if I can get this working and create a PR if it does.
Hi everyone, I have implement microsoft login.When i have enter id and password the redirect our application.In OpenUrl() method call then i have call OnPageLoading() method but i have convert NSUrl to Uri the adding slash in url. Snippet code. public override bool OpenUrl(UIApplication app, NSUrl url, NSDictionary options) { Uri uri; if (url.AbsoluteString.Contains("msauth")) { uri = new Uri(url. AbsoluteString); } else { uri = new Uri(url.AbsoluteString); } ViewController.Auth?.OnPageLoading(uri); return true; }
Note NSUrl is : msauth://com.trigger.transformation/auth?code=fb5381b71a4912159b484e3d421bf23ec0929c18f0cc4dfc11e4c6701153ff90&scope=TriggerApi%20offline_access&state=tsprivmocacmhahd
after that i convert Uri the
uri = msauth://com.trigger.transformation/auth/?code=fb5381b71a4912159b484e3d421bf23ec0929c18f0cc4dfc11e4c6701153ff90&scope=TriggerApi%20offline_access&state=tsprivmocacmhahd
added slash after auth.
So how to solved this problem? Any one help me.?
OAuth2 Authorization Code Grant flow not working
With parameters:
is not working as expected. after the authorization is successful redirectUrl is triggered instead of the accesstokenUrl.
Version
Steps to reproduce
Expected behaviour
https://oauth2.thephpleague.com/authorization-server/auth-code-grant/
Actual behaviour