arame3333
Reputation: 10193
Cannot get Microsoft.Owin to connect with Identity Server 4
I have a MVC5 ASP.Net web application that I want to use OAuth2 OpenId Connect via IdentityServer4. So my startup file in the web project is;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.OpenIdConnect;
using Owin;
using SIR.API.Caller.Helpers;
namespace SIR.API.Caller
{
public class Startup
{
public void Configuration(IAppBuilder app)
{
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = Settings.SignInAsAuthenticationType // "Cookies";
});
app.UseOpenIdConnectAuthentication(openIdConnectOptions: new OpenIdConnectAuthenticationOptions
{
Authority = Settings.AuthorityUrl, //ID Server, "https://localhost:44314/";
ClientId = Settings.ClientId, // "SIR"
Scope = Settings.Scope, // "openid profile";
ResponseType = Settings.ResponseType, // "id_token code";
SignInAsAuthenticationType = Settings.SignInAsAuthenticationType,
// "Cookies";
RedirectUri = Settings.RedirectUri, //URL of website, http://localhost:53200/signin-oidc;
RequireHttpsMetadata = Settings.RequireHttpsMetadata
// true
});
app.Use(async (ctx, next) =>
{
var message = ctx.Authentication.User.Identity.IsAuthenticated
? $"User: {ctx.Authentication.User.Identity.Name}"
: "User Not Authenticated";
//log.Info(message);
await next();
});
}
}
}
In the Indentity Server 4 code the Startup is;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using Mulalley.OAuth2.Configuration;
using Mulalley.OAuth2.Helpers;
using System.Linq;
using System.Security.Cryptography.X509Certificates;
namespace Mulalley.OAuth2
{
public class Startup
{
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
services.AddIdentityServer()
.AddSigningCredential(new X509Certificate2(Settings.CertPath, Settings.Password))
.AddTestUsers(InMemoryConfiguration.Users().ToList())
.AddInMemoryClients(InMemoryConfiguration.Clients())
.AddInMemoryIdentityResources(InMemoryConfiguration.GetIdentityResources());
services.Configure<IISOptions>(iis =>
{
iis.AuthenticationDisplayName = "Windows";
iis.AutomaticAuthentication = false;
});
services.AddAuthentication("Bearer")
.AddIdentityServerAuthentication(options =>
{
options.Authority = Settings.AuthorityUrl;
options.ApiName = Settings.ApiName;
options.RequireHttpsMetadata = false;
});
services.AddAuthorization(options =>
{
options.DefaultPolicy = new AuthorizationPolicyBuilder(JwtBearerDefaults.AuthenticationScheme)
.RequireAuthenticatedUser()
.Build();
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddConsole();
loggerFactory.AddDebug();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseMiddleware<StackifyMiddleware.RequestTracerMiddleware>();
app.UseIdentityServer();
app.UseAuthentication();
app.UseStaticFiles();
app.UseMvcWithDefaultRoute();
}
}
}
Which uses
using System.Collections.Generic;
using IdentityServer4;
using IdentityServer4.Models;
using IdentityServer4.Test;
namespace Mulalley.OAuth2.Configuration
{
public class InMemoryConfiguration
{
public static IEnumerable<ApiResource> ApiResources()
{
return new[]
{
new ApiResource("SIR", "Service Inspection Report")
};
}
public static IEnumerable<Client> Clients()
{
return new[]
{
new Client
{
ClientId = "SIR",
ClientName = "SIR",
AllowedGrantTypes = GrantTypes.Hybrid,
AllowedScopes = new[]
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile
},
RedirectUris = { "https://localhost:44314" }
}
};
}
public static IEnumerable<TestUser> Users()
{
return new[]
{
new TestUser
{
SubjectId = "1",
Username = "slartibartfast",
Password = "password"
}
};
}
public static IEnumerable<IdentityResource> GetIdentityResources()
{
return new List<IdentityResource>
{
new IdentityResources.OpenId(),
new IdentityResources.Profile()
};
}
}
}
I get this error: Sorry, there was an error : unauthorized_client Unknown client or client not enabled
Or sometimes I get Sorry, there was an error : unauthorized_client Invalid redirect_uri
How do I fix this?
Upvotes: 1
Views: 1459
Answers (1)
Matthew Brubaker
Reputation: 3117
You are getting an invalid redirect_uri error. This can be fixed by correcting the client's configuration on the IdentityServer piece.
Specifically, you need to add the correct redirect uri for your application to the RedirectUris collection in the InMemoryConfiguration.Clients() method.
new Client
{
ClientId = "SIR",
ClientName = "SIR",
AllowedGrantTypes = GrantTypes.Hybrid,
AllowedScopes = new[]
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile
},
RedirectUris = {
"https://localhost:44314",
"http://localhost:53200/signin-oidc"
}
Upvotes: 2
Related Questions
- ASP.NET OWIN OpenID Connect not creating user authentication
- Microsoft.Owin.Security.OpenIdConnect AuthenticationTicket is null on AuthorizationCodeReceived
- OpenID Connect AllowedRedirectUris empty resulting in "invalid redirect_uri" on IdentityServer4
- Owin not authenticated when requesting access token
- IdentityServer (OpenId Connect) authentication on asp.net webform
- Asp.net UseOpenIdConnectAuthentication not working in Azure
- Attempting to connect to a IdentityServer4 login page fails
- Owin OpenIdConnect RC1 (nightly)
- UseIdentityServerAuthentication for Owin API - .NET Core issue
- ASP.NET MVC 4.5.2 connecting to IdentityServer4