My application is basically this one: https://github.com/IdentityServer/IdentityServer4.Quickstart.UI
But I'm trying to map it to "/identity" using this piece of code:
app.Map("/identity", builder => { builder.UseIdentityServer(); });
It's working well, I can access /identity/.well-known/openid-configuration successfully.
However, if I try to connect, the application redirects me to /identity/account/login, which is on the IdentityServer side. IdentityServer cannot find my controller, so it returns me 404.
I tried to the LoginUrl property:
services.AddIdentityServer(options =>
{
options.UserInteraction.LoginUrl = "/bleh/account/login";
})
But it also returns 404.
I also tried to make the Quickstart controller route the same as the redirect one:
[Route("identity/account/login")]
But it also returns 404.
Any idea?
If anyone is still looking for this. This worked for me:
app.Map("/identity", builder => {
builder.UseStaticFiles();
builder.UseIdentityServer();
builder.UseMvcWithDefaultRoute();
});
Related
I'm currently migrating my oauth server to the Spring Authorization Server and want to use the code workflow. My frontend is a Angular App and I use there the angular-oauth2-oidc plugin. More or less it's kind of working, but I have troubles with the redirect URI.
When I do the Authorization Server Configuration I have to register my client application with redirectUris.
RegisteredClient.withId(UUID.randomUUID().toString())
.clientId("foo")
.clientAuthenticationMethod(ClientAuthenticationMethod.NONE)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
.redirectUri("https://foo.planyourtrip.travel")
.scope(OidcScopes.OPENID)
.build()
My problem is, that I offer the login button on different pages and I want to redirect the user to the former page after he logged in. I could register all client pages there, but some of them have a dynamic path and it would be a lot of pages. So this is not a option for me.
ATM, there is a Exception in OAuth2AuthorizationCodeRequestAuthenticationProvider
if (!registeredClient.getRedirectUris().contains(requestedRedirectUri)) {
throwError(OAuth2ErrorCodes.INVALID_REQUEST, OAuth2ParameterNames.REDIRECT_URI,
authorizationCodeRequestAuthentication, registeredClient);
}
I tried already to add parameters to the redirect uri, but this wasn't working too.
I'm thinking about adding a login path, where I load the origin path from a cookie, but this seems to be a lot of work and I'm surprised that there is no wildcard solution for this.
I hope someone can help me and give me some advice. Thanks in advance!
I would recommend using the state part of OIDC for this. The library has built in support.
For example, suppose you have an Angular guard that protects any route and sends people to your Auth server along these lines:
#Injectable()
export class AuthGuardWithForcedLogin implements CanActivate {
constructor(private authService: AuthService) { }
canActivate(
route: ActivatedRouteSnapshot,
state: RouterStateSnapshot,
): Observable<boolean> {
return this.authService.isDoneLoading$.pipe(
filter(isDone => isDone),
switchMap(_ => this.authService.isAuthenticated$),
tap(isAuthenticated => isAuthenticated || this.authService.login(state.url)),
);
}
}
The state.url part passed to login(...) should be passed along in the URL and arrive in your app again after the user gets back. You can then grab it in your login sequence and forward the user to the intended page:
this.oauthService.loadDiscoveryDocument()
.then(() => this.oauthService.tryLogin())
.then(() => {
this.isDoneLoadingSubject$.next(true);
if (this.oauthService.state && this.oauthService.state !== 'undefined' && this.oauthService.state !== 'null') {
let stateUrl = this.oauthService.state;
if (stateUrl.startsWith('/') === false) {
stateUrl = decodeURIComponent(stateUrl);
}
console.log(`There was state of ${this.oauthService.state}, so we are sending you to: ${stateUrl}`);
this.router.navigateByUrl(stateUrl);
}
})
That way you can have just one solid "redirect" url in your Authorization Server, and persist intended route via that state.
You can clone, install, and run my sample repository to see this in action.
Hope that helps!
In my Angular2 Application, I'm submitting a form and send data through POST API to dotnet core backend. I've created a new form, that is working fine with chrome, but on firefox, I'm receiving null in POST API parameter.
I'm all stuck what to search and how to?? I've checked every possible issue and didn't find anything, because App is working fine with chrome, all data is up to date and correct but a single form is not working on firefox.
Can anyone help me out what to do? because I'm totally stuck and have
no idea what to do??
My Endpoints are;
[HttpPost]
[Route("api/Intimation/SaveIntimation")]
public async Task<ActionResult> SaveIntimation([FromBody] ViewModelCreateIntimation objCreateIntimation)
{
if (objCreateIntimation == null || objCreateIntimation.objIntimation == null)
{
return Ok("null received");
}
// remaining code
}
my service on angular side
saveIntimation(intiModel) {
console.log(intiModel);
return this.httpClient.post<ViewModelResponse>(this.baseUrl + this._SubmitIntimationUrl, JSON.stringify(intiModel), { headers: this.configurations.getHeaderWithAuth() });
}
where this._SubmitIntimationUrl is "/api/Intimation/SaveIntimation", intiModel is object that I'm passing.
Controller function - Angular
this.intimationModel = this.admissionForm.value;
this.adminService.SubmitAdmissionIntimationService(this.createIntimationModel).subscribe(
(response) => {
this.responseModel = response;
// further process
},
(error) => {
this.notification.onClear();
this.notification.onError(this.errorHandler.handleError(error).error, Constants.MESSAGE_ERROR);
}
);
Data that is sending from service (Last place where I can check data)
The problem looks like it's because of the name of the parameter in your controller is different to that being passed up in the request.
In your controller, the parameter the framework is trying to bind to is called objCreateIntimation, but your request shows you're sending up objIntimation instead. As they have different names, the model binder has no idea that objIntimation should be bound to objCreateIntimation.
Give them both the same name, and that should fix it for you.
I went through same issue once, and It took almost a day to figure out the reason behind it,
do check your date pickers and its values, and make sure it is not null and its format is also correct. Because firefox is a bit strict in this matter and a litter change in datepicker makes it null.
hope it helps you.
I am using the repo https://github.com/mschwarzmueller/laravel-ng2-vue/tree/03-vue-frontend so I have 100% confidence in the reliability of the code. I can post through the laravel api endpoint through the very simple Vue client, and also through Postman. Through Postman I can retrieve the table data array, but not so in the client app. In POSTMAN:
localhost:8000/api/quotes
works just fine.
IN THE vue 2 js CLIENT APP:
methods: {
onGetQuotes() {
axios.get('http://localhost:8000/api/quotes')
.then(
response => {
this.quotes = (response.data.quotes);
}
)
.catch(
error => console.log(error)
);
}
returns nothing. returning the response to Console.log returns nothing. The Network/XHR tab shows the table data rows, but I am not sure what that means.
I know for sure that this code works for others with their unique api endpoints, which I assume may not use localhost or '127:0.0.1:1080.
Edit: in response to request for more info
public function getQuotes()
{
$quotes = Quote::all();
$response = [$quotes];
return response()->json($response, 200);
}
and the relevant route:
Route::get('/quotes', [
'uses' => 'QuoteController#getQuotes'
]);
Just to confirm: I am using verified github repo code in which the ONLY change is my api endpoint addressas mentioned in the first line of the body of this question. . Note that the Laravel back end is also derived from a related repo in Max's fine tutorial. The running code can be seen at
So I really don't think this is a coding error- but is it a configuration error due to me using local host??
EDIT: It WAS a coding error in the laravel controller as shown below
The reason your code isn't working if because you haven't provided a key for your $quotes in your controller but you're looking for it in your vue file (response.data.quotes).
[$quotes] is essentially [0 => $quotes] so when the json response comes through it be 0: [...] not quotes: [...].
To get this to work you just need to change:
$response = [$quotes];
to:
$response = ['quotes' => $quotes];
Furthermore, just an FYI, you don't need to provide the 200 in response->json() as it's the default and you can just return an array and Laravel automatically return the correct json response e.g.:
public function getQuotes()
{
$quotes = \App\Models\Artist::all();
return compact('quotes'); //<-- This is just another way of writting ['quotes' => $quotes]
}
Obviously, you don't have to if you don't want to.
Hope this helps!
I am using MVC 6 web api and I have a method (shown below). When the user is not authenticated (logged on) and makes the call (example url: https://localhost:44338/api/account/Test), they get automatically pushed to url:
https://localhost:44338/Account/Login?ReturnUrl=%2Fapi%2Faccount%2FTest
BUT this is a web api project and does not have any views (such as im automatically getting pushed to here).
Code:
[HttpGet("test")]
[Authorize]
public async Task<IActionResult> Test()
{
return Json("success");
}
Why am I getting automatically pushed to the login page? I've NOTHING in my startup.cs or web.config that specifies this. It seems like default behaviour? How do I disable this so I just get the 401 status?
Thanks in advance!
For convenience, here's the solution that worked for me:
services.Configure<IdentityOptions>(o =>
{
o.Cookies.ApplicationCookie.Events = new CookieAuthenticationEvents()
{
OnRedirectToLogin = ctx =>
{
if (ctx.Response.StatusCode == (int)HttpStatusCode.Unauthorized)
{
return Task.FromResult<object>(null);
}
ctx.Response.Redirect(ctx.RedirectUri);
return Task.FromResult<object>(null);
}
};
});
I was pointed to this article: mvc6 unauthorized results in redirect instead by #TrevorWard
ASP.NET automatically redirects to the login page, if you have AuthorizationAttribute defined in your App_Start/FilterConfig.cs, see if AuthorizeAttribute() is defined. If it does, remove it.
Check if you have App_Start/Startup.Auth.cs. If it does, delete it.
If Startup.cs is decorated with the attribute [assembly: OwinStartupAttribute(typeof(FleetSys.Startup))], remove that attribute.
You are probably using wrong Authorize attribute.
In MVC, you should use System.Web.Mvc.AuthorizeAttribute and that one will redirect.
In Web API, you should use System.Web.Http.AuthorizeAttribute and that one will return 401 status code.
I have been trying to test my controllers as per this tutorial -> Zend Framework 2.1 Unit testing
I have tried every possible variation of the code to send POST or GET data along with the dispatch but the only thing I get back from running the test is "Undefined Index" when I try to access that data from the $_POST array in the controller.
I am using PHPUnit 3.7.17, Everything else works perfectly except for POST and GET data, I have tried the following code:
public function testIndexActionCanBeAccessed() {
$this->getRequest()
->setMethod("POST")
->setPost(new \Zend\Stdlib\Parameters(array('argument' => 'value')));
$response = $this->dispatch('/app/api/index');
$this->assertResponseStatusCode(200);
}
AND
public function testIndexActionCanBeAccessed() {
$post_data = array("argument" => "value");
$response = $this->dispatch("/app/api/index", "POST", $post_data);
$this->assertResponseStatusCode(200);
}
I can't find any help on the web how to fix this issue. Can anyone help out? Any ideas?
$p = new Parameters();
$p->set('username','foo');
$p->set('password','bar');
$this->getRequest()->setMethod('POST');
$this->getRequest()->setPost($p);
$this->dispatch('/login');
This works for me. The Parameters() constructor doesn't seem to be what you're expecting it to be.
The docs say it takes an array, but I could only get it to work this way. The Stdlib\Parameters() constructor doesn't seem to do anything with the array passed in.
Get/Post data not sending, this issue is related to server, can you check the function use for fetching data from server.