Reputation: 2479
Purpose of "virtual" RedirectUri in Open ID Connect options
In the IdentityServer test host, the RedirectUri for Azure AD is configured as a "virtual" URI, e.g. RedirectUri = "https://localhost:44333/core/aadcb" - virtual in the sense that there isn't really anything at /aadcb. This kind of setup also seems to be done in many of the Azure AD samples independent of Identity Server.
In the login flow for IdentityServer using Azure AD, Azure AD calls back to that virtual URI and then gets redirected to /callback. Where does this redirection occur? What is the purpose of doing it that way?
I have been troubleshooting an issue where we sometimes get a 404 at our virtual URL, and it seems like we can just use /callback directly. We only have the one external provider now, but that could change in the future.
Upvotes: 0
Views: 70
Answers (1)
Reputation: 18492
When you have multiple middlewares of the same type (e.g. multiple OpenID Connect or WS-Federation) - each of them need a unique callback path. Otherwise they would step on each other's toes with potentially different settings like key material.
The middleware then handles this "virtual" URL.
Upvotes: 3
Related Questions
- State generated too long by OpenId connect for Azure AD external login
- Keycloak with OpenIdConnect external identityprovider
- Multiple Thumprints for Azure AD Open ID Connect Provider
- .Net Core ChallengeRequest not redirecting to the specified RedirectUri
- IdentityServer used as external identity provider for another IdentityServer fails to properly redirect
- IdentityServer4 and Azure AD - Getting blank page 404 to login.live after entering credentials
- Re-validating users when using OpenId Connect implicit flow