Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Invalid State errror on using with OidcClient

See original GitHub issue

I tried using the WebAuthenticator class with OidcClient library as a replacement for Microsoft.Maui.Authentication.WebAuthenticator in a Maui desktop application. Unlike the latter, the web browser opens now and on receiving the credentials, redirects back to the application. But the when the returned WebAuthenticatorResult object causes Invalid State error in OidcClient library.

If I instead, use the WinUIEx.WebAuthenticatorResult class too, I get Malformed Callback Url error.

The code works perfectly when used on Android with Maui’s WebAuthenticator. On closer inspection, the value for the “state” key in the returned WebAuthenticatorResult.Properties dictionary (from AuthenticateAsync() method) seems quite different from what is received on a similar android project.

The relevant piece of code which calls the method of this class is here:-

internal class WebAuthenticatorBrowser : IdentityModel.OidcClient.Browser.IBrowser
    {
        private readonly string _callbackUrl;

        public WebAuthenticatorBrowser(string callbackUrl = null)
        {
            _callbackUrl = callbackUrl ?? null;
        }
        public async Task<BrowserResult> InvokeAsync(BrowserOptions options, CancellationToken cancellationToken = default)
        {
            try
            {
                var callbackUrl = string.IsNullOrEmpty(_callbackUrl) ? options.EndUrl : _callbackUrl;

#if WINDOWS
               // THIS IS WHERE THE DIFFERENCE IS WITH ANDROID. Here, authResult.Properties dictionary contains
               // a key "state" whose value seems very different from that in case of android
                var authResult =
                    await WinUIEx.WebAuthenticator.AuthenticateAsync(new Uri(options.StartUrl), new Uri(callbackUrl));
#else
                // Executed in android
                WebAuthenticatorResult authResult =
                    await WebAuthenticator.AuthenticateAsync(new Uri(options.StartUrl), new Uri(callbackUrl));
#endif
                var authorizeResponse = ToRawIdentityUrl(options.EndUrl, authResult);
                
                return new BrowserResult
                {
                    Response = authorizeResponse
                };
            }
            catch (Exception ex)
            {
                Debug.WriteLine(ex);
                return new BrowserResult()
                {
                    ResultType = BrowserResultType.UnknownError,
                    Error = ex.ToString()
                };
            }
        }

        public string ToRawIdentityUrl(string redirectUrl, WebAuthenticatorResult result)
        {
            IEnumerable<string> parameters = result.Properties.Select(pair => $"{pair.Key}={pair.Value}");
            var values = string.Join("&", parameters);

            return $"{redirectUrl}#{values}";
        }

#if WINDOWS
        public string ToRawIdentityUrl(string redirectUrl, WinUIEx.WebAuthenticatorResult result)
        {
            IEnumerable<string> parameters = result.Properties.Select(pair => $"{pair.Key}={pair.Value}");
            var values = string.Join("&", parameters);

            return $"{redirectUrl}#{values}";
        }
#endif
    }