IdentityServer4 Invalid Redirect_Uri Error

Question

I created 3 separate projects, web api project, an web mvc project, and a asp.net core app. I am using IdentityServer4 with asp.net core identity. I have a project solution id that has the information of the TestUsers. On the line RedirectUris = {"https://localhost:5444/signin-oidc"}, I am redirecting it to the project WeatherMVC. The launchsettings.json on all three files are correct and so is the RedirectUris is correct. Is there something that I am not doing correctly that is causing me to receive this message?

weatherapi project:

----startup.cs:

namespace weatherapi
{
    public class Startup
    {
        public Startup(IConfiguration configuration)
        {
            Configuration = configuration;
        }

        public IConfiguration Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.

        public void ConfigureServices(IServiceCollection services)
        {
            services.AddAuthentication("Bearer")
                .AddIdentityServerAuthentication("Bearer", options =>
                {
                    options.ApiName = "weatherapi";
                    options.Authority = "https://localhost:5443";
                });

            services.AddControllers();

            services.AddSwaggerGen(c =>
            {
                c.SwaggerDoc("v1", new OpenApiInfo { Title = "weatherapi", Version = "v1" });
            });
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
                app.UseSwagger();
                app.UseSwaggerUI(c => c.SwaggerEndpoint("/swagger/v1/swagger.json", "weatherapi v1"));
            }

            app.UseHttpsRedirection();

            app.UseRouting();

            app.UseAuthentication();
            app.UseAuthorization();

            app.UseEndpoints(endpoints =>
            {
                endpoints.MapControllers();
            });
        }
    }
}

----launchsettings.json:

{
  "$schema": "http://json.schemastore.org/launchsettings.json",
  "iisSettings": {
    "windowsAuthentication": false,
    "anonymousAuthentication": true,
    "iisExpress": {
      "applicationUrl": "http://localhost:52575",
      "sslPort": 44354
    }
  },
  "profiles": {
    "IIS Express": {
      "commandName": "IISExpress",
      "launchBrowser": true,
      "launchUrl": "swagger",
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Development"
      }
    },
    "weatherapi": {
      "commandName": "Project",
      "dotnetRunMessages": "true",
      "launchBrowser": true,
      "hotReloadProfile": "aspnetcore",
      "launchUrl": "swagger",
      "applicationUrl": "https://localhost:5445;http://localhost:5002",
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Development"
      }
    }
  }
}

WeatherMVC Project:

----launchsettings.json:

{
  "iisSettings": {
    "windowsAuthentication": false,
    "anonymousAuthentication": true,
    "iisExpress": {
      "applicationUrl": "http://localhost:65206",
      "sslPort": 44398
    }
  },
  "profiles": {
    "IIS Express": {
      "commandName": "IISExpress",
      "launchBrowser": true,
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Development"
      }
    },
    "WeatherMVC": {
      "commandName": "Project",
      "launchBrowser": true,
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Development"
      },
      "dotnetRunMessages": "true",
      "applicationUrl": "https://localhost:5444;http://localhost:5001"
    }
  }
}

These two projects are under one solution which I perform a multiple startup projects.

On the other project, named id...

id project:

----launchsettings.json

{
  "iisSettings": {
    "windowsAuthentication": false,
    "anonymousAuthentication": true,
    "iisExpress": {
      "applicationUrl": "http://localhost:19916",
      "sslPort": 44341
    }
  },
  "profiles": {
    "IIS Express": {
      "commandName": "IISExpress",
      "launchBrowser": true,
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Development"
      }
    },
    "id": {
      "commandName": "Project",
      "launchBrowser": true,
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Development"
      },
      "hotReloadProfile": "aspnetcore",
      "dotnetRunMessages": "true",
      "applicationUrl": "https://localhost:5443;http://localhost:5000"
    }
  }
}

inside of this class below Config.cs, I have the code where it will perform the Redirect_uri:

        public static IEnumerable<Client> Clients =>
          new[]
          {
        // m2m client credentials flow client
        new Client
        {
          ClientId = "m2m.client",
          ClientName = "Client Credentials Client",

          AllowedGrantTypes = GrantTypes.ClientCredentials,
          ClientSecrets = {new Secret("SuperSecretPassword".Sha256())},

          AllowedScopes = {"weatherapi.read", "weatherapi.write"}
        },

        // interactive client using code flow + pkce
        new Client
        {
          ClientId = "interactive",
          ClientSecrets = {new Secret("SuperSecretPassword".Sha256())},

          AllowedGrantTypes = GrantTypes.Code,

          RedirectUris = {"https://localhost:5444/signin-oidc"},
          FrontChannelLogoutUri = "https://localhost:5444/signout-oidc",
          PostLogoutRedirectUris = {"https://localhost:5444/signout-callback-oidc"},

          AllowOfflineAccess = true,
          AllowedScopes = {"openid", "profile", "weatherapi.read"},
          RequirePkce = true,
          RequireConsent = true,
          AllowPlainTextPkce = false
        },
          };
    }
}

----startup.cs:

public class Startup
    {
        // This method gets called by the runtime. Use this method to add services to the container.
        // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddIdentityServer()
                .AddInMemoryClients(Config.Clients)
                .AddInMemoryIdentityResources(Config.IdentityResources)
                .AddInMemoryApiResources(Config.ApiResources)
                .AddInMemoryApiScopes(Config.ApiScopes)
                .AddTestUsers(Config.Users)
                .AddDeveloperSigningCredential();

            services.AddControllersWithViews();
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }

            app.UseRouting();
            app.UseStaticFiles();
            app.UseIdentityServer();
            app.UseAuthorization();

           app.UseEndpoints(endpoints => endpoints.MapDefaultControllerRoute());

        }
    }

---

UPDATE

After adding the debugger in program.cs as suggested:

public static IHostBuilder CreateHostBuilder(string[] args) =>
        Host.CreateDefaultBuilder(args)
            .ConfigureWebHostDefaults(webBuilder =>
            {
                webBuilder.UseStartup<Startup>();
            })
            .ConfigureLogging(builder =>
            {
                builder.SetMinimumLevel(LogLevel.Debug);
                builder.AddFilter("IdentityServer4", LogLevel.Debug);
            });

I finally noticed that it is calling the redirect uri that belongs to the project named WeatherMVC using it's sslPort: 44398. Please see the launchsettings.json for that weathermvc projcect. Can't seem to understand why it is redirecting that URI if I do not have it set to that.

Answer 1

if anyone have similar problem with database. Check you uri in table.ClientRedirectUris

Answer 2

I have faced the same error because I have missed added URLs with "http" whereas it requires "https". Confirm that you have added URLs with "https" and not the "http".

public static class RedirectUrls
{
    public const string WebSigninURI = "https://localhost:44332/signin-oidc";
    public const string WebSignOutURI = "https://localhost:44332/signout-callback-oidc";
}

Answer 3

I think your project is based on this tutorial. This could be helpful for people to follow the steps involved. It also has a link to the code.

Answer 4

WeatherApi is a client to IdentityServer and when it authenticates it tells IdentityServer its redirect uri. IdentityServer checks against its allowed redirect uris and redirects if it finds a match.

This code specifies a list of VALID redirect uris not THE redirect uri.

RedirectUris = {"https://localhost:5444/signin-oidc"},

You have IISExpress and also Kestrel setup in your launchsettings.json and I think your WeatherApi project is just using the first setting that it finds as the redirect uri.

Some possible solutions are:

Add the other uri for WeatherApi to the allowed uris e.g.

RedirectUris = {
  "https://localhost:5444/signin-oidc", "https://localhost:44398/signin-oidc"},

You can also change Kestrel in launchsettings.json for WeatherApi to use the same ports

"applicationUrl": "https://localhost:44398;http://localhost:65206"