Update 20, April 2023
This article is out of date because I added more functionality to this OAuth server, so to be more updated I suggest download...
For further actions, you may consider blocking this person and/or reporting abuse
Hi, could I ask for some advice? I'm starting with OAuth and I downloaded your server project and I'm trying to connect a test (client) application to it. After starting the OAuth server and the Client, the login screen appears correctly if I am not logged in. After logging in, it redirects to the url where I have the client application (sample: https://localhost:7285/signin-oidc?response_type=code&state=CfDJ8Ecxanf86J1JnZZYH7c8PDzfq9Skgyu5iPZeW31rddOYS-I9c2n8jR...), but this error SecurityTokenException: Unable to validate is displayed the 'id_token', no suitable ISecurityTokenValidator was found for: ''.".
If I edit the url (localhost:7285/), the application is logged in.
I couldn't get to the root cause. Can I ask you for some advice?
Thank you very much Lubos
Hi, sure, can you show me the configuration that you have been make at the client level.
Be sure to remove these lines of codes from the client application.
Because the source code in the GitHub repo now is support the key validator
Hi, thank you very much for your response. I am sending a link to the entire project, where I try and test it
dcfreenet.info/0_test/TestOpenAuth...
My goal will be client applications in Bl@zor
And thank you for adding to your answer. I will try what you wrote.
Hi, I already tried to remove options.TokenValidationParameters from the client according to your advice... but the result is still the same. Both in the Bl@zor project and in the MVC project. I'm sending a command.
So I tried to remove the given code but the result was the same :-(
Let me check your source code
Thanks for the reply, so I'm sending the link to github.
github.com/Svetelak/OAuthServerTes...
Sorry for late to response, yeah there is a bug, the bug is that the user is not logged-in and in the GenerateToken method like so
I will fix that this weekend.
Super thank you very much. As soon as it's ok, I'll test :-)
Thank you so much
Hi, the bug is fixed, you can try now from your side.
I try it with Balzor app it's working.
this is the fixed commit:
github.com/Shoogn/OAuth20Server/co...
I tried it and it works! Thank you very much, perfect job
Hello, just following the first steps of the tutorial.
when i start the two applications the ~/.well-known/openid-configuration endpoint it's not fired. Could it be because I'm working on an api project and not mvc? thanks!
This is the starup config of the client (registered in my oauth server project)
SOLVED
I forgot to decorate the Client controller with the
[Authorize]attribute!Hi, I tried to change the RSA xml to a new one generated by:
When I try to login with my client I get "Signature validation failed. Token does not have a kid. Keys tried: 'System.Text.StringBuilder'".
Should I change anything else, or the generated key is wrong? The original works fine.
Found it. I had to replace "n" and "kid" values in jwks.json under wwwroot folder to the Modulus of the new RSA XML.
Glad to here that, and if you want to change the entire directory, you can navigate to the DiscoveryEndpointController object there is an Action Method named Jwk you will find the current patch assigned to wwwroot folder from there you can provide your preferred path
I'm testing out your Authorization Server from github and I can successfully login through it, which either resulted in creating a new account or log in to at my side. However when I tried to link exiting account on my side to your Authorization Server (via myserver/Identity/Account/Manage/E...), I'm getting the following exception on the Authorization Server,
If I ignore the exception, the Authorization Server's login page will be shown and upon entering the credential, the exception occurs again. On my side, the debug log shows,
Any advice?
Issue resolved. We cannot use the same hostname for both the client and the server even when the ports are different. I tried with different hostnames and it works.
I'm very glad you know about this point, and you fix the problem
Thanks for the post. I'm need to have the similar solution and I'm using your example in our case. I have created two different domains client and server on the windows server 2019. Test is successfully authenticating the request but while calling back the following URL getting error page. Anyone can help?
Following is the callback URL
https://<client domain>/signin-oidc?response_type=code&state=CfDJ8ECkv9oAtGxNm2CqZXor7SUGMwvQj3_9ANUG193arlR7-OOacaFoYMP50c6IdSD7YdSfHHQgOIeLbrBDuDgdW60l1Lm8Ulcu6w6nI0_QOcqi-OR_v-wCXFw44RUJG0xibVecc06tB2QXQjlrACUd8aGG61eQJCs0GBnAItLP4Zn06tMb1M1n3jPXXagHh2QX7Bic2M4BgFqkRcoWxOyfDX2-9Lhht4MxIi-xRZ3w8dDUy0F2QiNvz-bakvWd3vfjEge66sUWXG-T-MkS8zep7ralR3rUstMqoxwgz7NOvJGbkkpi6fYL5F0amhYdstrC4_4npohGgEzUiKSxqsAPi6Key0D9uKOQnDl7tpHoLRPG5AXBsDdID11QUGVqIZPVmQ&code=fsYat7bISln_lWnKYxrP-4gAHcxs7U_9tq1fArrIWLAHi, you can not call this url direc because the auth server generate the code foe one time and also the client generate the state for one time as well.
Hi,
Many thanks for sharing your application. I have executed both (client & server) applications successfully but when I deployed on the server. it shown shared error while return from server. Please help me, I am struck.
Please response urgently
@mohammedahmed Please guide about it
Can you share the Auth Server App and Client app through github link
Hello Sir, what an amazinf post and interesting contribution. Thanks for that. is it possible if you can update this article to align with latest github code. so, a beginner would have more in-depth understanding about all componennts and will have easy to implement code.
Would then allow me to use SSO with the Authorization Server ? Where If I Log In With ClientID 2 I can then go to the homecontroller for lets say ClientID 3 and it will know I already logged in with ClientID 2 ?
@mohammedahmed , I see that you are using a local SQL server database. You didn't provide the db, right?
Yeah, you can run the migration script
Update-Database
How to change InMemory to a database the OAuthOption
I am also curious about this. Where can one find this script? Did not come down with the git clone...
Where is the Update-Database migration script located ?
How can I implement the cliente credentials flow?
It's very easy, all you have to do is to call the token endpoint directly.
Hey, now it's implemented, give it a try!
Oh, nice, thanks
When we will get the next post
Stay tuned!
please provide link to next post
Hi got this error message after login: SecurityTokenInvalidIssuerException: IDX10211: Unable to validate issuer. The 'issuer' parameter is null or whitespace
builder.Services.Configure(configServices.GetSection("OAuthOptions"));
-->
builder.Services.Configure(configServices.GetSection("OAuthOption"));
i have same error, any update ?
You have mentioned: "Ooooooops we do it, now we need to improve our Authorization Server code and application structure. This is the next step. see you in the next post."
Where is the next post?
How to change InMemory Client Store to dynamic
Hi
After receiving the access token I get the folowing error. Could you please assist?
DataError: The JWK "alg" member was inconsistent with that specified by the Web Crypto call.
Do I understand it correctly that this doesn't implement generating the refresh_token and retrieving it? Are you planning on implementing it?
Hi, yeah there no refresh_token support at this time, but Im going to put it in my plan next month
i guess we're in business
It's very nice. Congratulations. Nothing is missing.Could you add receiving protected data when you make a request with an access token to your project?
Hi, dear,
could i get the client app?