Mitkins
Reputation: 4341
Blazor Server Hosted - Configure OpenId Connect with AWS Cognito
I'm trying to setup Blazor (server side - Preview 6) with AWS Cognito. Unfortunately, I don't have much experience with ASP.NET Core or OAuth/OpenId. It's currently at the point where I can click on the OpenIdConnect button and the user authenticates. But this is the result I see (once Cognito redirects to https://localhost:44385/signin-oidc):
So it's driving me nuts. What does "Error loading external login information" mean? Is it something to do with permissions/the allowed scope? I did try options.Scope.Add() with "email", "profile" and/or "openid" - but that didn't seem to help.
Here's what's in my Startup.cs file:
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<ApplicationDbContext>( options => options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")) );
services.AddDefaultIdentity<IdentityUser>().AddEntityFrameworkStores<ApplicationDbContext>();
services.AddRazorPages();
services.AddServerSideBlazor();
services.AddSingleton<WeatherForecastService>();
services.Configure<OpenIdConnectOptions>(Configuration.GetSection("Authentication:Cognito"));
var serviceProvider = services.BuildServiceProvider();
var authOptions = serviceProvider.GetService<IOptions<OpenIdConnectOptions>>();
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(options =>
{
options.ResponseType = OpenIdConnectResponseType.Code;
options.MetadataAddress = authOptions.Value.MetadataAddress;
options.ClientId = authOptions.Value.ClientId;
options.ClientSecret = authOptions.Value.ClientSecret;
options.GetClaimsFromUserInfoEndpoint = true;
options.SaveTokens = authOptions.Value.SaveTokens;
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = authOptions.Value.TokenValidationParameters.ValidateIssuer
};
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseAuthentication();
app.UseAuthorization();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
endpoints.MapBlazorHub();
endpoints.MapFallbackToPage("/_Host");
});
}
}
And here's the contents of the output window:
Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request starting HTTP/2.0 POST https://localhost:44385/Identity/Account/ExternalLogin?returnUrl=%2F application/x-www-form-urlencoded 248
Microsoft.AspNetCore.Routing.EndpointMiddleware: Information: Executing endpoint '/Account/ExternalLogin'
Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker: Information: Route matched with {page = "/Account/ExternalLogin", area = "Identity"}. Executing page /Account/ExternalLogin
Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker: Information: Executing handler method Microsoft.AspNetCore.Identity.UI.V4.Pages.Account.Internal.ExternalLoginModel.OnPost - ModelState is Invalid
Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker: Information: Executed handler method OnPost, returned result Microsoft.AspNetCore.Mvc.ChallengeResult.
Microsoft.AspNetCore.Mvc.ChallengeResult: Information: Executing ChallengeResult with authentication schemes (OpenIdConnect).
Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler: Information: AuthenticationScheme: OpenIdConnect was challenged.
Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker: Information: Executed page /Account/ExternalLogin in 113.68560000000001ms
Microsoft.AspNetCore.Routing.EndpointMiddleware: Information: Executed endpoint '/Account/ExternalLogin'
Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request finished in 302.9229ms 302
Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request starting HTTP/2.0 GET https://localhost:44385/signin-oidc?code=ffbac0f8-e1e6-46fc-a64e-cd7ece7b4dd8&state=CfDJ8NccaQdck19Fie6EgKf0wAIZI23G5O9M52tXkPEptmR-6XW3ZWJQxlTYSHItlOdqzfZf7ZfscXMZg4Pew0gG0ybmyy_pOocBL--CC4j3deAsKtUM4bqUE7KyiKYqMpanwbCEShZBQZa1I32U-5F4jgHRS9Ott56PhEDAFgmOk6WmceSpCO058lYWQnVMtc1vUQ5M1_Shhv4y4jUJRYpVdVqsRqF5vVtQTvrMYlJlCsclALjQZmuEs_UO15Nq-7Q0VZhsypc4OmXGVVAfwL65uHMX1Q2JbVhb21unxcotUphXPEv5VYJBsqpq7qLA-9rl19XzOmJoq2SSx6g0N_AC-nmntuNVeUyIVh3OMTju8Qb6YJOMpE5p2zK0PgnpGxsA57kTH6laJbD_B-EIE2Bk_1rRCtczlmtaAx2wCnMwVsDM
Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler: Information: AuthenticationScheme: Cookies signed in.
Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request finished in 644.9236000000001ms 302
Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request starting HTTP/2.0 GET https://localhost:44385/Identity/Account/ExternalLogin?returnUrl=%2F&handler=Callback
Microsoft.AspNetCore.Routing.EndpointMiddleware: Information: Executing endpoint '/Account/ExternalLogin'
Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker: Information: Route matched with {page = "/Account/ExternalLogin", area = "Identity"}. Executing page /Account/ExternalLogin
Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker: Information: Executing handler method Microsoft.AspNetCore.Identity.UI.V4.Pages.Account.Internal.ExternalLoginModel.OnGetCallbackAsync - ModelState is Valid
Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker: Information: Executed handler method OnGetCallbackAsync, returned result Microsoft.AspNetCore.Mvc.RedirectToPageResult.
Microsoft.AspNetCore.Mvc.RedirectToRouteResult: Information: Executing RedirectToPageResult, redirecting to ./Login.
Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker: Information: Executed page /Account/ExternalLogin in 11.1302ms
Microsoft.AspNetCore.Routing.EndpointMiddleware: Information: Executed endpoint '/Account/ExternalLogin'
Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request finished in 30.221500000000002ms 302
Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request starting HTTP/2.0 GET https://localhost:44385/Identity/Account/Login?ReturnUrl=%2F
Microsoft.AspNetCore.Routing.EndpointMiddleware: Information: Executing endpoint '/Account/Login'
Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker: Information: Route matched with {page = "/Account/Login", area = "Identity"}. Executing page /Account/Login
Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker: Information: Executing handler method Microsoft.AspNetCore.Identity.UI.V4.Pages.Account.Internal.LoginModel.OnGetAsync - ModelState is Valid
Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler: Information: AuthenticationScheme: Identity.External signed out.
Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker: Information: Executed handler method OnGetAsync, returned result .
Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker: Information: Executing an implicit handler method - ModelState is Invalid
Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker: Information: Executed an implicit handler method, returned result Microsoft.AspNetCore.Mvc.RazorPages.PageResult.
Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker: Information: Executed page /Account/Login in 42.6662ms
Microsoft.AspNetCore.Routing.EndpointMiddleware: Information: Executed endpoint '/Account/Login'
Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request finished in 157.9035ms 200 text/html; charset=utf-8
Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request starting HTTP/2.0 GET https://localhost:44385/Identity/css/site.css
Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request starting HTTP/2.0 GET https://localhost:44385/Identity/lib/bootstrap/dist/css/bootstrap.css
Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware: Information: The file /Identity/css/site.css was not modified
Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware: Information: The file /Identity/lib/bootstrap/dist/css/bootstrap.css was not modified
Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request finished in 115.28320000000001ms 304 text/css
Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request finished in 125.4239ms 304 text/css
Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request starting HTTP/2.0 GET https://localhost:44385/Identity/lib/jquery-validation-unobtrusive/jquery.validate.unobtrusive.js
Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request starting HTTP/2.0 GET https://localhost:44385/Identity/lib/jquery-validation/dist/jquery.validate.js
Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request starting HTTP/2.0 GET https://localhost:44385/Identity/js/site.js
Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware: Information: The file /Identity/lib/jquery-validation-unobtrusive/jquery.validate.unobtrusive.js was not modified
Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware: Information: The file /Identity/lib/jquery-validation/dist/jquery.validate.js was not modified
Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request finished in 109.1367ms 304 application/javascript
Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request finished in 117.52770000000001ms 304 application/javascript
Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware: Information: The file /Identity/js/site.js was not modified
Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request starting HTTP/2.0 GET https://localhost:44385/Identity/lib/bootstrap/dist/js/bootstrap.bundle.js
Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request finished in 212.7227ms 304 application/javascript
Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware: Information: The file /Identity/lib/bootstrap/dist/js/bootstrap.bundle.js was not modified
Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request starting HTTP/2.0 GET https://localhost:44385/Identity/lib/jquery/dist/jquery.js
Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request finished in 169.02100000000002ms 304 application/javascript
Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware: Information: The file /Identity/lib/jquery/dist/jquery.js was not modified
Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request finished in 146.98080000000002ms 304 application/javascript
There's no obvious error in there. Here's my Cognito config:
Is there something I'm missing. Can somebody point me in the right direction?
Update
If I click on the home page link, I can see that I am logged in. So there's something not right with the redirect after the callback from Cognito?
Upvotes: 4
Views: 2196
Answers (1)
Mitkins
Reputation: 4341
As it turns out, the cause of the error message was from this configuration:
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(options => { ... } );
Taking a hint from this comment on GitHub:
The UseIdentity call is registering two cookie middlewares, one for the ApplicationCookie and one for the ExternalApplicationCookie. These are set to different authentication schemes by default. It should just work if you remove all of these explicit authentication scheme settings and rely on the default values...
I reduced it to this:
services.AddAuthentication()
.AddCookie()
.AddOpenIdConnect(options => { ... } );
The error was happening with the call to https://localhost:5001/Identity/Account/ExternalLogin?returnUrl=%2F&handler=Callback. Because of the mis-configuration, it would throw the error, "Error loading external login information".
With the new configuration the login/logout now works as expected!
Upvotes: 1
Related Questions
- OIDC authentication in server-side Blazor
- How to add OpenIdConnect via IdentityServer4 to ASP.NET Core ServerSide Blazor web app?
- How does one to use BlazorWebAssembly Openid connect to Login.Gov?
- Blazor WASM - OIDC Authentication - There was an error trying to log you in: 'Cannot read properties of undefined (reading 'redirectUri')'
- Blazor OIDC Authentication popup
- What is the correct way to host .well-known/openid-configuration?
- How do I pass OpenID authentication from Blazor WebAssembly to a .NET Core WebApi backend, both using Cognito as the OpenID provider?
- Blazor(server-side) with IdentityServer4
- Using Open ID Connect with Server Side Blazor
- OpenID authentication in AWS API gateway