How to set redirect_uri parameter on OpenIdConnectOptions for ASP.NET Core

Question

I'm trying to connect an ASP.NET application to Salesforce using OpenId, Currently this is my connecting code so far. I think I got everything except the redirect_uri parameter, which has to match the value on the other end exactly.


 app.UseCookieAuthentication(x =>
        {
            x.AutomaticAuthenticate = true;
            x.CookieName = "MyApp";
            x.CookieSecure = CookieSecureOption.Always;
            x.AuthenticationScheme = "Cookies";
   
        });

        JwtSecurityTokenHandler.DefaultInboundClaimTypeMap = new Dictionary<string, string>();


        app.UseOpenIdConnectAuthentication(x =>
        {
            x.AutomaticAuthenticate = true;
            x.Authority = "https://login.salesforce.com";
            x.ClientId = "CLIENT_ID_HERE";
            x.ResponseType = "code";
            x.AuthenticationScheme = "oidc";
            x.CallbackPath = new PathString("/services/oauth2/success");
            //x.RedirectUri = "https://login.salesforce.com/services/oauth2/success";
            x.Scope.Add("openid");
            x.Scope.Add("profile");
            x.Scope.Add("email");                
        });

But RedirectUri isn't a valid parameter to pass. What is the right way to set it?

For OIDC add `x.SignInScheme = "Cookies"` and remove `x.AutomaticAuthenticate`. — Tratcher, Mar 15 '16 at 21:05

score 25 · Answer 1 · answered May 10 '18 at 11:57

25

You need to set an event listen for the OnRedirectToIdentityProvider

in your case:

x.Events.OnRedirectToIdentityProvider = async n =>
{
    n.ProtocolMessage.RedirectUri = <Redirect URI string>;
    await Task.FromResult(0);
}

answered May 10 '18 at 11:57

Pedro.The.Kid

1,750
1
13
18

As always some manual work is required when comes to production. At least they made extension points in form of events. – Mabakay Mar 19 '19 at 10:50
Great solution, saved the day today. Thank you! – ScottG Jul 11 '19 at 12:52
2

FYI in .NET 4.6, and all versions of .NET Core, you can use `Task.CompletedTask` instead of creating a new one. – JLRishe Oct 20 '20 at 13:13

Kévin Chalet · Accepted Answer · 2016-03-14T12:43:40.707

21

redirect_uri is automatically computed for you using the scheme, host, port and path extracted from the current request and the CallbackPath you specify.

x.RedirectUri = "https://login.salesforce.com/services/oauth2/success" looks highly suspicious (unless you work for Salesforce): don't forget it's the callback URL the user agent will be redirected to when the authentication flow completes, not the authorization endpoint of your identity provider.

So in your case, the user will be redirected to http(s)://yourdomain.com/services/oauth2/success. Is it the address you registered in your Salesforce options?

edited Mar 14 '16 at 12:43

answered Mar 14 '16 at 01:01

Kévin Chalet

33,128
7
104
124

Works really well with reverse proxy! – Mabakay Mar 19 '19 at 10:49
If the redirect_uri is automatically calculated, how do you deal with an app that's served at `https://some.friendly.url.com` but it's hosted on Azure at `https://some-ugly-hidden-url.not.to.be.used`? Can you take a look at [this](https://stackoverflow.com/questions/67084004/how-to-get-azure-oidc-to-respect-my-redirect-uri), please? – ChiefTwoPencils Apr 14 '21 at 15:09

How to set redirect_uri parameter on OpenIdConnectOptions for ASP.NET Core

2 Answers2

Linked