Update 20, April 2023
This article is out of date because I added more functionality to this OAuth server, so to be more updated I suggest download...
For further actions, you may consider blocking this person and/or reporting abuse
Hi, could I ask for some advice? I'm starting with OAuth and I downloaded your server project and I'm trying to connect a test (client) application to it. After starting the OAuth server and the Client, the login screen appears correctly if I am not logged in. After logging in, it redirects to the url where I have the client application (sample: https://localhost:7285/signin-oidc?response_type=code&state=CfDJ8Ecxanf86J1JnZZYH7c8PDzfq9Skgyu5iPZeW31rddOYS-I9c2n8jR...), but this error SecurityTokenException: Unable to validate is displayed the 'id_token', no suitable ISecurityTokenValidator was found for: ''.".
If I edit the url (localhost:7285/), the application is logged in.
I couldn't get to the root cause. Can I ask you for some advice?
Thank you very much Lubos
Hi, sure, can you show me the configuration that you have been make at the client level.
Be sure to remove these lines of codes from the client application.
Because the source code in the GitHub repo now is support the key validator
Hi, I already tried to remove options.TokenValidationParameters from the client according to your advice... but the result is still the same. Both in the Bl@zor project and in the MVC project. I'm sending a command.
Hi, thank you very much for your response. I am sending a link to the entire project, where I try and test it
dcfreenet.info/0_test/TestOpenAuth...
My goal will be client applications in Bl@zor
And thank you for adding to your answer. I will try what you wrote.
So I tried to remove the given code but the result was the same :-(
Let me check your source code
Thanks for the reply, so I'm sending the link to github.
github.com/Svetelak/OAuthServerTes...
Sorry for late to response, yeah there is a bug, the bug is that the user is not logged-in and in the GenerateToken method like so
I will fix that this weekend.
Super thank you very much. As soon as it's ok, I'll test :-)
Thank you so much
Hi, the bug is fixed, you can try now from your side.
I try it with Balzor app it's working.
this is the fixed commit:
github.com/Shoogn/OAuth20Server/co...
I tried it and it works! Thank you very much, perfect job
Hi, I tried to change the RSA xml to a new one generated by:
When I try to login with my client I get "Signature validation failed. Token does not have a kid. Keys tried: 'System.Text.StringBuilder'".
Should I change anything else, or the generated key is wrong? The original works fine.
Found it. I had to replace "n" and "kid" values in jwks.json under wwwroot folder to the Modulus of the new RSA XML.
Glad to here that, and if you want to change the entire directory, you can navigate to the DiscoveryEndpointController object there is an Action Method named Jwk you will find the current patch assigned to wwwroot folder from there you can provide your preferred path
Hello, just following the first steps of the tutorial.
when i start the two applications the ~/.well-known/openid-configuration endpoint it's not fired. Could it be because I'm working on an api project and not mvc? thanks!
This is the starup config of the client (registered in my oauth server project)
SOLVED
I forgot to decorate the Client controller with the
[Authorize]attribute!Hi,
Many thanks for sharing your application. I have executed both (client & server) applications successfully but when I deployed on the server. it shown shared error while return from server. Please help me, I am struck.
Please response urgently
@mohammedahmed Please guide about it
Can you share the Auth Server App and Client app through github link
Thanks for the post. I'm need to have the similar solution and I'm using your example in our case. I have created two different domains client and server on the windows server 2019. Test is successfully authenticating the request but while calling back the following URL getting error page. Anyone can help?
Following is the callback URL
https://<client domain>/signin-oidc?response_type=code&state=CfDJ8ECkv9oAtGxNm2CqZXor7SUGMwvQj3_9ANUG193arlR7-OOacaFoYMP50c6IdSD7YdSfHHQgOIeLbrBDuDgdW60l1Lm8Ulcu6w6nI0_QOcqi-OR_v-wCXFw44RUJG0xibVecc06tB2QXQjlrACUd8aGG61eQJCs0GBnAItLP4Zn06tMb1M1n3jPXXagHh2QX7Bic2M4BgFqkRcoWxOyfDX2-9Lhht4MxIi-xRZ3w8dDUy0F2QiNvz-bakvWd3vfjEge66sUWXG-T-MkS8zep7ralR3rUstMqoxwgz7NOvJGbkkpi6fYL5F0amhYdstrC4_4npohGgEzUiKSxqsAPi6Key0D9uKOQnDl7tpHoLRPG5AXBsDdID11QUGVqIZPVmQ&code=fsYat7bISln_lWnKYxrP-4gAHcxs7U_9tq1fArrIWLAHi, you can not call this url direc because the auth server generate the code foe one time and also the client generate the state for one time as well.
I'm testing out your Authorization Server from github and I can successfully login through it, which either resulted in creating a new account or log in to at my side. However when I tried to link exiting account on my side to your Authorization Server (via myserver/Identity/Account/Manage/E...), I'm getting the following exception on the Authorization Server,
If I ignore the exception, the Authorization Server's login page will be shown and upon entering the credential, the exception occurs again. On my side, the debug log shows,
Any advice?
Issue resolved. We cannot use the same hostname for both the client and the server even when the ports are different. I tried with different hostnames and it works.
I'm very glad you know about this point, and you fix the problem
Would then allow me to use SSO with the Authorization Server ? Where If I Log In With ClientID 2 I can then go to the homecontroller for lets say ClientID 3 and it will know I already logged in with ClientID 2 ?
How to change InMemory Client Store to dynamic
Hi got this error message after login: SecurityTokenInvalidIssuerException: IDX10211: Unable to validate issuer. The 'issuer' parameter is null or whitespace
builder.Services.Configure(configServices.GetSection("OAuthOptions"));
-->
builder.Services.Configure(configServices.GetSection("OAuthOption"));
i have same error, any update ?
@mohammedahmed , I see that you are using a local SQL server database. You didn't provide the db, right?
Yeah, you can run the migration script
Update-Database
How to change InMemory to a database the OAuthOption
Where is the Update-Database migration script located ?
How can I implement the cliente credentials flow?
Hey, now it's implemented, give it a try!
Oh, nice, thanks
It's very easy, all you have to do is to call the token endpoint directly.
Do I understand it correctly that this doesn't implement generating the refresh_token and retrieving it? Are you planning on implementing it?
Hi, yeah there no refresh_token support at this time, but Im going to put it in my plan next month
When we will get the next post
Stay tuned!
Hi, dear,
could i get the client app?
i guess we're in business
Hi
After receiving the access token I get the folowing error. Could you please assist?
DataError: The JWK "alg" member was inconsistent with that specified by the Web Crypto call.