Setting redirect_uri on AspNetCore OpenIdConnect

Question

On a .Net When i create a Open ID connect Authentication Options I have a property to set the RedirectUri this is even defined as recommended on the documentation but no such property exists on the AspNetCore it is automatically set to the current server EX:(http://localhost), is there a way to change this?

Trying to find a solution for this I came across of lots of shortcomings of the new AspNetCore Authentication is this production ready or just WIP?

what version of asp.net core are you using? show your code where you want to set the option. A lot changed from asp.net core version 1.x to 2.x. I think the property on OpenIdConnectOptions is CalbackPath — Joe Audette, May 09 '18 at 16:08
@JoeAudette the version is 2.x, and no the property is not CallbackPath that is appended to the responseURI after the response is redirected. — Pedro.The.Kid, May 10 '18 at 11:48

score 7 · Accepted Answer · answered May 10 '18 at 12:03

7

After fiddling around with this I found out that you have to set an event listener for the OnRedirectToIdentityProvider event.

services.AddOpenIdConnect(options =>
{
    Configuration.Bind("<Json Config Filter>", options);
    options.Events.OnRedirectToIdentityProvider = async context =>
    {
        context.ProtocolMessage.RedirectUri = "<Return URI String>";
        await Task.FromResult(0);
    };
});

answered May 10 '18 at 12:03

Pedro.The.Kid

1,750
1
13
18

1

You shouldn't need to set that. What's wrong with the current value? – Tratcher May 10 '18 at 12:26
1

In my specific case I'm setting it to null because I'm generation requests from a develop machine to a client server that only replies to the client specific URI, I then get the response and check that response is well formed, In well configured environment this should never be necessary but on my case I have no access to the client configurations. – Pedro.The.Kid May 21 '18 at 11:14
5

Here is the use case for me. If my application is being hosted on a platform that is handling HTTPS, but I have an F5 appliance offloading SSL certs before the request hits the application, then the application is technically resolving as HTTP but the browser is saying HTTPS. The middleware then detects HTTP and redirects to oidc as "redirect_uri=http://". OIDC sees it, redirects to HTTP, cookie is set, my app redirects to HTTPS because F5 does not allow HTTP, HTTPS hits, cookie is not set because it was set for HTTP not HTTPS, redirects back to OIDC. infinite redirect loop. – Jerrod Horton Oct 30 '18 at 17:28
1

this was helpfull, but using this, does not sign me into the middleware. So i keep trying to log in, and going back and forth. I've removed the callback : https://auth0.com/docs/quickstart/backend/aspnet-core-webapi/01-authorization, and doing now the `context.ProtocolMessage.RedirectUri = config.Callback;` any ideas? – Roelant M May 07 '19 at 14:52

score 0 · Answer 2 · answered Apr 06 '21 at 08:38

I am changing the schema as below

public static void AddCookieAuthentication(this IServiceCollection services, IConfiguration configuration)
    {
        _configuration = configuration;
        services.AddAuthentication(options =>
            {
                options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
            })
            .AddCookie()
            .AddOpenIdConnect(options =>
            {
                options.TokenValidationParameters.AuthenticationType = IdentityConstants.ApplicationScheme;
                options.ResponseType = "code";
                options.MetadataAddress = configuration["Authentication:Cognito:MetadataAddress"];
                options.ClientId = configuration["Authentication:Cognito:ClientId"];
                options.ClientSecret = configuration["Authentication:Cognito:ClientSecret"];
                options.GetClaimsFromUserInfoEndpoint = true;
                options.Scope.Add("openid");
                options.Scope.Add("profile");
                options.Scope.Add("email");
                options.Scope.Add("aws.cognito.signin.user.admin");

                options.Events = new OpenIdConnectEvents
                {
                    // this makes signout working
                    OnRedirectToIdentityProviderForSignOut = OnRedirectToIdentityProviderForSignOut,
                    OnRedirectToIdentityProvider = OnRedirectToIdentityProvider,
                };
            });
    }

    private static Task OnRedirectToIdentityProvider(RedirectContext ctx)
    {
        ctx.Options.Events.OnRedirectToIdentityProvider = async context =>
        {
            **context.ProtocolMessage.RedirectUri = context.ProtocolMessage.RedirectUri.Replace("http:", "https:");**
            await Task.FromResult(0);
        };
        return Task.CompletedTask;
    }

Setting redirect_uri on AspNetCore OpenIdConnect

2 Answers2