Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

signin-oidc not handled?

See original GitHub issue

For some reason the redirect to “/sigin-oidc” gets handled by the Angular SPA fallback (app.UseSPA(...)) (Of course Angular reports that the given route does not exist)

I’m trying to add signin with implicit flow but because of this issue I can’t get it to work.

I am using the AspNetCoreSpa template with minor modifications.

Edit:

var descriptor = new OpenIddictApplicationDescriptor
{
    ClientId = "xxxx",
    DisplayName = "xxxx",
    PostLogoutRedirectUris = { new Uri($"{host}signout-oidc") },
    RedirectUris = { new Uri($"{host}signin-oidc") },
    Permissions =
    {
        OpenIddictConstants.Permissions.Endpoints.Authorization,
        OpenIddictConstants.Permissions.Endpoints.Token,
        OpenIddictConstants.Permissions.GrantTypes.Implicit,
        OpenIddictConstants.Permissions.GrantTypes.Password,
        OpenIddictConstants.Permissions.GrantTypes.RefreshToken
     }
};

I don’t know much about OpenID Connect or oAuth, but doesn’t openiddict handle /signin-oidc?

Issue Analytics

State:
Created 6 years ago
Comments:11 (5 by maintainers)

Top GitHub Comments

1reaction

Trojanercommented, Feb 13, 2018

Finally I was able to figure out why it does not work.

I was using a HttpInterceptor from angular to set Authentication header (as you can see above on the image). But since I was using the older and outdated Http class for API requests, the HttpInterceptor didn’t work, so the authentication header didn’t get set. Migrating to the newer HttpClient (which supports the interceptor) fixed the issue (well some requests were already using the HttpClient and that confused me a lot on debugging)

Thank you for your time! And thanks for providing this great library!

0reactions

kevinchaletcommented, Feb 13, 2018

Are you 100% sure the access token is not stripped?

When validating the token, you should have a trace similar to this one indicating that ASP.NET Core Data Protection tried to decrypt it:

App> trce: Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector[5]
App>       Performing unprotect operation to key {696a89f8-7f6b-4afd-9af7-e4ff7d6c616f} with purposes ('[path of your project]', 'OpenIdConnectServerHandler', 'AccessTokenFormat', 'ASOS').
App> info: AspNet.Security.OAuth.Validation.OAuthValidationHandler[8]
App>       AuthenticationScheme: Bearer was successfully authenticated.

The fact you don’t have this message makes me think the token is malformed and can’t be base64url-decoded by ASP.NET Core.