CODEWITHSUNDEEP
.netasp.net-core-2.0openid-connect
Pinpoint Solutions
Pinpoint Solutions

Reputation: 134

.Net Core 2.0 - OpenID Connect - invalid Discovery Document

i'm using a specific OIDC provider for my security in .Net Core 2.0 MVC Project, however I am having trouble with the Discovery Document.

I have been given 3 url's from the provider (where the domain is fiction):

https://www.oidcprovider.com/connectapi/authorize

https://www.oidcprovider.com/connectapi/token

https://www.oidcprovider.com/connectapi/userinfo

in my configuration, i have entered the following values:

 .AddOpenIdConnect(options => {
                    options.Authority = "https://www.oidcprovider.com/connectapi/authorize/";
                    options.ClientId = "xxx";
                    options.ClientSecret = "xxx";
                    options.ResponseType = OpenIdConnectResponseType.Code;
                    options.CallbackPath = new PathString("/api/security/callback");

I am getting the following error, trying to run the application:

An unhandled exception occurred while processing the request. HttpRequestException: Response status code does not indicate success: 400 (Bad Request). System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()

IOException: IDX10804: Unable to retrieve document from: 'https://www.oidcprovider.com/connectapi/authorize/.well-known/openid-configuration'. Microsoft.IdentityModel.Protocols.HttpDocumentRetriever+d__8.MoveNext()

InvalidOperationException: IDX10803: Unable to obtain configuration from: 'https://www.oidcprovider.com/connectapi/authorize/.well-known/openid-configuration'. Microsoft.IdentityModel.Protocols.ConfigurationManager+d__24.MoveNext()

Is the OIDC Discovery Document required for this to work?

I have tried calling the discovery document URL directly in my browser, by calling this url: https://www.oidcprovider.com/connectapi/authorize/.well-known/openid-configuration

However, I receive this JSON information back:

{"error":"invalid_client","error_description":"No client id supplied"}

How do I get this to work?

My 2 Questions are:

1. Is the Discovery Document Optional or Mandatory ?

2. Can I specify the endpoints manually in .net Core 2.0 when no disco doc is available?

Upvotes: 3

Views: 1940

Answers (1)

Pinpoint Solutions
Pinpoint Solutions

Reputation: 134

Seems like I have found my answers.

  1. The discovery document is Optional.

  2. Yes - you can by specifying the Configuration options in the .AddOpenIdConnect options

    options.Configuration = new OpenIdConnectConfiguration() { AuthorizationEndpoint = "https://www.oidcprovider.com/connectapi/authorize", TokenEndpoint = "https://www.oidcprovider.com/connectapi/token", UserInfoEndpoint = "https://www.oidcprovider.com/connectapi/userinfo" };

Upvotes: 3

Related Questions