Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Openiddict openiddictRequest object in login controller returns null

See original GitHub issue

Confirm you’ve already contributed to this project or that you sponsor it

  • I confirm I’m a sponsor or a contributor

Version

3.x

Describe the bug

Hi In authorization flow, when control reach to authorization controller, am able to access openiddictRequest Object successfully using below code var request = HttpContext.GetOpenIddictServerRequest() . (Ref Image 01_authorize_method_Openiddict_is_proper.png). However post challenge method in Authorize method, the control goes to accountcontroller (account/login) method . In that controller, the openiddict request object is always coming as null using HttpContext.GetOpenIddictServerRequest() . (Ref 02_account_login_openiddict_request_null.png). This behaviour does not allow me to proceed and check which client id is requested and based on that we could render view. Could you please guide with regard to this issue Below is challenge code in authorize method /connect/authorize")]

return Challenge( authenticationSchemes: CookieAuthenticationDefaults.AuthenticationScheme, properties: new AuthenticationProperties { RedirectUri = Request.PathBase + Request.Path + QueryString.Create( Request.HasFormContentType ? Request.Form.ToList() : Request.Query.ToList()) });

01_authorize_method_Openiddict_is_proper 02_account_login_openiddict_request_null

The authentication configuration services.AddAuthentication(option => { // Default authentication scheme is cookie, to allow users redirect to login page option.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;

                    option.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
                }).AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
                {
                    //** added loginpath for openiddict 
                    options.LoginPath = "/Account/Login";

openiddict configuration.txt

To reproduce

Exceptions (if any)

-

Issue Analytics

  • State:closed
  • Created a year ago
  • Comments:5 (2 by maintainers)

github_iconTop GitHub Comments

1reaction
salimz1commented, Sep 17, 2022

Thanks Kevin for the quick support. It is helpful. I can try the suggested options to render view.

0reactions
kevinchaletcommented, Sep 16, 2022

Thanks!

The behavior you’re seeing is not a bug and is completely expected: your login endpoint is not an endpoint managed by OpenIddict so HttpContext.GetOpenIddictServerRequest() will always return null.

To achieve what you want, you must manually flow the parameters you need between the authorization endpoint (your /connect/authorize action) and your login endpoint. For that, you can attach a custom parameter when triggering the challenge in your authorization endpoint action and use a custom event handler to add it to the login endpoint path:

[HttpGet("~/connect/authorize")]
[HttpPost("~/connect/authorize")]
[IgnoreAntiforgeryToken]
public async Task<IActionResult> Authorize()
{
    var request = HttpContext.GetOpenIddictServerRequest() ??
        throw new InvalidOperationException("The OpenID Connect request cannot be retrieved.");

    // ...

    return Challenge(
        authenticationSchemes: IdentityConstants.ApplicationScheme,
        properties: new AuthenticationProperties
        {
            Parameters =
            {
                ["client_id"] = request.ClientId
            }
        });
    
    // ...
}

services.AddAuthentication()
    .AddCookie(options =>
    {
        // ...

        options.Events.OnRedirectToLogin = context =>
        {
            var id = context.Properties.GetParameter<string>("client_id");
            if (!string.IsNullOrEmpty(id))
            {
                context.RedirectUri = QueryHelpers.AddQueryString(context.RedirectUri, "client_id", id);
            }

            context.Response.Redirect(context.RedirectUri);

            return Task.CompletedTask;
        };
    });

Hope it’ll help.

Read more comments on GitHub >

github_iconTop Results From Across the Web

OpenIdDict userinfo endpoint/controller not executed
I am using openiddict and trying to retrieve /userinfo, however, my userinfo controller never executes when debugging, but I do receive a ...
Read more >
Setting up an Authorization Server with OpenIddict - Part II
We will use MVC to serve pages and we will add authentication to the project, including a basic login form. Create a new...
Read more >
Setting up an Authorization Server with OpenIddict - Part III
The articles in this series will guide you through the process of setting up an OAuth2 + OpenID Connect authorization server on the...
Read more >
Implementing simple token authentication in ASP.NET Core ...
In this post, discover how to add token authentication with OpenIddict by implementing the OAuth2 password flow.
Read more >
Implementing OpenID Code Flow with PKCE using OpenIddict ...
This article shows how to implement the OpenID Connect Code Flow with PKCE using OpenIddict hosted in an ASP.NET Core application, an ASP....
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Refresh token flow in ASP.NET Core MVC environment

Next page

Resource server requests result in 403 (insufficient_access)