OpenIddict + Steam authorization failed(jwt bearer)

Question

I have some troubles. I used Openiddict with AspNet.Security.OpenID.Steam and received bearer token, (Guide) but when I send request I see it

System.InvalidOperationException: An unknown error occurred while retrieving the OpenIddict validation context. at OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler.HandleAuthenticateAsync() at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync() at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme) at Microsoft.AspNetCore.Authorization.Policy.PolicyEvaluator.AuthenticateAsync(AuthorizationPolicy policy, HttpContext context) at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

services.AddAuthentication()
            .AddCookie()
            .AddSteam(options =>
            {
                options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                options.ApplicationKey = configuration["Steam:ApiKey"];
            });
        services.AddOpenIddict()
            .AddServer(options =>
            {
                options.AddDevelopmentEncryptionCertificate()
                    .AddDevelopmentSigningCertificate();
                options.SetAuthorizationEndpointUris("/connect/authorize")
                    .SetTokenEndpointUris("/connect/token");
                options.EnableDegradedMode();
                options.UseAspNetCore();
                options.AllowAuthorizationCodeFlow().AllowRefreshTokenFlow();

                options.AddEventHandler<OpenIddictServerEvents.ValidateAuthorizationRequestContext>(builder =>
                    builder.UseInlineHandler(context =>
                    {
                        if (!string.Equals(context.RedirectUri, "https://localhost:5001",
                                StringComparison.Ordinal) &&
                            !string.Equals(context.RedirectUri, "http://localhost:4200", StringComparison.Ordinal))
                        {
                            context.Reject(
                                error: OpenIddictConstants.Errors.InvalidClient,
                                description:
                                "The specified 'redirect_uri' is not valid for this client application.");
                            return default;
                        }

                        return default;
                    }));
                options.AddEventHandler<OpenIddictServerEvents.ValidateTokenRequestContext>(builder =>
                    builder.UseInlineHandler(context =>
                    {
                        if (!string.Equals(context.ClientId, "angular_client", StringComparison.Ordinal))
                        {
                            context.Reject(
                                error: OpenIddictConstants.Errors.InvalidClient,
                                description: "The specified 'client_id' doesn't match a registered application.");
                            return default;
                        }

                        return default;
                    }));

                options.AddEventHandler<OpenIddictServerEvents.HandleAuthorizationRequestContext>(builder =>
                    builder.UseInlineHandler(async context =>
                    {
                        var request = context.Transaction.GetHttpRequest() ??
                                      throw new InvalidOperationException(
                                          "The ASP.NET Core request cannot be retrieved.");
                        var principal =
                            (await request.HttpContext.AuthenticateAsync(SteamAuthenticationDefaults
                                .AuthenticationScheme))?.Principal;
                        if (principal == null)
                        {
                            await request.HttpContext.ChallengeAsync(SteamAuthenticationDefaults
                                .AuthenticationScheme);
                            context.HandleRequest();
                            return;
                        }

                        var identity = new ClaimsIdentity(TokenValidationParameters.DefaultAuthenticationType);

                        identity.AddClaim(new Claim(OpenIddictConstants.Claims.Subject,
                            principal.GetClaim(ClaimTypes.NameIdentifier)));

                        foreach (var claim in identity.Claims)
                        {
                            claim.SetDestinations(OpenIddictConstants.Destinations.AccessToken);
                        }

                        context.Principal = new ClaimsPrincipal(identity);
                    }));
            })
            .AddValidation(options =>
            {
                options.UseLocalServer();
                options.UseAspNetCore();
            });

My code in github below!

https://github.com/Excalib88/SteamGames/blob/master/SteamGames.Web/Extensions/ServiceCollectionExtensions.cs Please, can you help me! I spent a lot of time for fix it((

Answer 1

The ASP.NET Core authentication and authorization middleware are not in the right order: app.UseAuthentication() MUST be called before app.UseAuthorization().