Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
OpenIdConnect cannot parse token returned by the authorization server
See original GitHub issueDescribe the bug
I have a custom auth server based on OpenIddict which I am currently testing. It is basically code taken from the openiddict samples to enable authorization code flow.
The client app is a server-side project that use OpenIdConnect to talk to the auth server. This is the configuration:
services.AddAuthentication(sharedOptions =>
{
sharedOptions.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect("oidc", options =>
{
options.Authority = "[removed]";
options.ClientId = "[removed]";
options.ClientSecret = "[removed]";
options.ResponseType = "code";
options.GetClaimsFromUserInfoEndpoint = true;
options.SaveTokens = true;
options.UseTokenLifetime = false;
options.Scope.Add("openid");
options.Scope.Add("email");
options.Scope.Add("profile");
options.SecurityTokenValidator = new JwtSecurityTokenHandler
{
InboundClaimTypeMap = new Dictionary<string, string>()
};
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name"
};
});
To reproduce
https://github.com/cryo75/OpenIdDictException
Exceptions (if any)
2021-02-04 18:38:09.495 +01:00 [INF] Request starting HTTP/2 POST https://localhost:44350/signin-oidc application/x-www-form-urlencoded 487 2021-02-04 18:38:09.566 +01:00 [ERR] Exception occurred while processing message. Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolException: Failed to parse token response body as JSON. Status Code: 200. Content-Type: text/html; charset=utf-8 —> System.ArgumentException: IDX21106: Error in deserializing to json: ‘System.String’ at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage…ctor(String json) at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.RedeemAuthorizationCodeAsync(OpenIdConnectMessage tokenEndpointRequest) — End of inner exception stack trace — at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.RedeemAuthorizationCodeAsync(OpenIdConnectMessage tokenEndpointRequest) at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync() 2021-02-04 18:38:09.601 +01:00 [INF] Error from RemoteAuthentication: Failed to parse token response body as JSON. Status Code: 200. Content-Type: text/html; charset=utf-8. 2021-02-04 18:38:09.601 +01:00 [ERR] An unhandled exception has occurred while executing the request. System.Exception: An error was encountered while handling the remote login. —> Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolException: Failed to parse token response body as JSON. Status Code: 200. Content-Type: text/html; charset=utf-8 —> System.ArgumentException: IDX21106: Error in deserializing to json: ‘System.String’ at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage…ctor(String json) at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.RedeemAuthorizationCodeAsync(OpenIdConnectMessage tokenEndpointRequest) — End of inner exception stack trace — at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.RedeemAuthorizationCodeAsync(OpenIdConnectMessage tokenEndpointRequest) at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync() — End of inner exception stack trace — at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync() at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context) 2021-02-04 18:38:09.624 +01:00 [INF] Request finished HTTP/2 POST https://localhost:44350/signin-oidc application/x-www-form-urlencoded 487 - 500 - text/html;+charset=utf-8 129.1912ms
Further technical details
.NET SDK (reflecting any global.json): Version: 5.0.102 Commit: 71365b4d42
Runtime Environment: OS Name: Windows OS Version: 10.0.19041 OS Platform: Windows RID: win10-x64 Base Path: C:\Program Files\dotnet\sdk\5.0.102\
Host (useful for support): Version: 5.0.2 Commit: cb5f173b96
.NET SDKs installed: 3.1.201 [C:\Program Files\dotnet\sdk] 3.1.202 [C:\Program Files\dotnet\sdk] 5.0.100 [C:\Program Files\dotnet\sdk] 5.0.102 [C:\Program Files\dotnet\sdk]
.NET runtimes installed: Microsoft.AspNetCore.All 2.1.24 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All] Microsoft.AspNetCore.App 2.1.24 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 3.1.11 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 5.0.0 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 5.0.2 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.NETCore.App 2.1.24 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 3.1.11 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 5.0.0-preview.4.20251.6 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 5.0.0 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 5.0.2 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.WindowsDesktop.App 3.1.11 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App] Microsoft.WindowsDesktop.App 5.0.0-preview.4.20251.1 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App] Microsoft.WindowsDesktop.App 5.0.0 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App] Microsoft.WindowsDesktop.App 5.0.2 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Issue Analytics
- State:
- Created 3 years ago
- Comments:11 (6 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I will sponsor this project… I need a solution to this problem
@cryo75 nice!
Your scenario makes total sense and is quite typical in enterprisey environments. Windows Integration Authentication is typically not a good option when directly used with APIs as it’s prone to CSRF (just like cookies, but in this case, no same-site equivalent to save you), so you may want to update the existing resource server and client to use OIDC instead of direct Windows authentication (but of course, it’s technically a breaking change, so you must be able to update the client for things to work correctly).