This server only accepts HTTPS requests.
See original GitHub issueI’m using openiddict 2.0.1 with aspnet.core 2.0 This is my only option since paypal support for .net core is stopped at 2.0 so far.
So my problem is, for example: http://localhost:83917/connect/token
will spit out access_token
in a local environment, but when it’s deployed to production in Azure, (https://api.blabla.com/connect/token
) I get HTTPS error:
This server only accepts HTTPS requests.
Startup.cs
published in production
public class Startup
{
private readonly string _appSettingsEnv;
public Startup(IConfiguration configuration)
{
Configuration = configuration;
// Get value from Azure's App Settings when deployed. Debug (local) mode gets value from appsettings.json
_appSettingsEnv = Configuration["APPSETTINGS:ENVIRONMENT"];
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
// Add database configurations
services.AddDbContext<PayPalContext>(options =>
{
options.UseSqlServer(Configuration.GetConnectionString("DemoConnection"));
options.UseOpenIddict();
});
// Add membership
services.AddIdentity<ApplicationUser, IdentityRole>(options =>
{
// Password settings
options.Password.RequireDigit = false;
options.Password.RequireLowercase = false;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireUppercase = false;
options.Password.RequiredLength = 5;
options.User.RequireUniqueEmail = true;
options.SignIn.RequireConfirmedEmail = false;
})
.AddEntityFrameworkStores<PayPalContext>()
.AddDefaultTokenProviders();
// Register the OAuth2 validation handler.
services.AddAuthentication(o =>
{
o.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
o.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.Audience = "resource_server";
options.Authority = "https://api.blabla.com/";
options.RequireHttpsMetadata = true;
options.IncludeErrorDetails = true;
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = OpenIdConnectConstants.Claims.Subject,
RoleClaimType = OpenIdConnectConstants.Claims.Role
};
});
// Configure Identity to use the same JWT claims as OpenIddict instead
// of the legacy WS-Federation claims it uses by default (ClaimTypes),
// which saves you from doing the mapping in your authorization controller.
services.Configure<IdentityOptions>(options =>
{
options.ClaimsIdentity.UserNameClaimType = OpenIdConnectConstants.Claims.Name;
options.ClaimsIdentity.UserIdClaimType = OpenIdConnectConstants.Claims.Subject;
options.ClaimsIdentity.RoleClaimType = OpenIdConnectConstants.Claims.Role;
});
services.AddOpenIddict()
// Register the OpenIddict core services.
.AddCore(options =>
{
// Register the Entity Framework stores and models.
options.UseEntityFrameworkCore()
.UseDbContext<PayPalContext>();
})
// Register the OpenIddict server handler.
.AddServer(options =>
{
options.UseMvc();
options.EnableTokenEndpoint("/connect/token");
options.AllowPasswordFlow();
options.AcceptAnonymousClients();
options.UseJsonWebTokens();
options.AddEphemeralSigningKey();
});
services.AddCors();
services.AddMvc()
.AddJsonOptions(opts =>
{
// Force Camel Case to JSON
opts.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver();
});
// Without this controller actions are not forbidden if other roles are trying to access
services.AddSingleton<IAuthenticationSchemeProvider, CustomAuthenticationSchemeProvider>();
services.AddSingleton(Configuration);
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
JwtSecurityTokenHandler.DefaultOutboundClaimTypeMap.Clear();
app.UseStaticFiles();
app.UseCors(builder =>
{
builder.AllowAnyOrigin();
builder.AllowAnyHeader();
builder.AllowAnyMethod();
builder.AllowCredentials();
});
app.UseExceptionHandler(builder =>
{
builder.Run(async context =>
{
context.Response.StatusCode = (int)HttpStatusCode.InternalServerError;
context.Response.Headers.Add("Access-Control-Allow-Origin", "*");
var error = context.Features.Get<IExceptionHandlerFeature>();
if (error != null)
{
//context.Response.AddApplicationError(error.Error.Message);
await context.Response.WriteAsync(error.Error.Message).ConfigureAwait(false);
}
});
});
app.UseAuthentication();
app.UseMvcWithDefaultRoute();
app.UseWelcomePage();
}
}
Is there anything that I need to add in Startup.cs
?
Issue Analytics
- State:
- Created 4 years ago
- Comments:15 (4 by maintainers)
Top Results From Across the Web
Openiddict with dotnet core 5 giving the errors as "this ...
Openiddict with dotnet core 5 giving the errors as "this server only accepts HTTPS requests." ... I am trying to use the oidc-client...
Read more >How to disable https in openiddict #3816 - ABP Commercial
At present, it is used in the internal environment, enable https for some ... error_description:This server only accepts HTTPS requests.
Read more >Enforce HTTPS in ASP.NET Core
This document shows how to: Require HTTPS for all requests. Redirect all HTTP requests to HTTPS. No API can prevent a client from...
Read more >How can I set my server to only accept requests from ...
This answer is only applicable under the stated assumptions. ... The nonce is provided by the server to the client before it sends...
Read more >Why does IIS timeout http requests on phones, but accepts ...
Connecting to https on phone works just fine. I installed Failed Request Tracing using this guide. When testing on my phone (http) it...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
If someone also stumbles on this and can’t use HTTPS, there is a new option called ‘options.DisableTransportSecurityRequirement()’ that will allow you to use HTTP for version 3 and higher
@a-a-k It’s part of the
UseAspNetCore()
builder where you’d put things likeEnableTokenEndpointPassthrough()
.