OpenId Connect after Upgrading from 10.3 to v12.4 #11716

medigmbh created 7 months ago

Hi,

We are currently working on an update of our aspnet zero based application from version 10.3 to version 12.3 Asp Net Core Angular. At this point of time we get all working except the configuration of OpenId Connect.

The old working setting is:

"OpenId": { "IsEnabled": "true", "ClientId": "xxxx", "ClientSecret": "xxxx", "LoginUrl": "https://login.microsoftonline.com/xxx/oauth2/v2.0/authorize", "ValidateIssuer": "true", "ClaimsMapping": [ { "claim": "unique_name", "key": "preferred_username" }, { "claim": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", "key": "http://schemas.microsoft.com/identity/claims/objectidentifier" } ] },

After upgrading the code we not are able to log in anymore.

What I am able to see is that the login.service.ts calls the oauthService to retrieve provider informations GetExternalAuthenticationProviders ( { "name": "OpenIdConnect", "clientId": "xxx", "additionalParams": { "Authority": "https://login.microsoftonline.com/xxx/v2.0", "LoginUrl": "https://login.microsoftonline.com/xxx/oauth2/v2.0/authorize", "ValidateIssuer": "True", "ResponseType": "" } } ). Next step is passing the information to the oauthService via configure method and retrieveing the claims. And the step to retrieve the claims fails with an null object.

public openIdConnectLoginCallback(resp) { this.initExternalLoginProviders(() => { let openIdProvider = _filter(this.externalLoginProviders, { name: 'OpenIdConnect', })[0]; console.log("Provider ", openIdProvider); let authConfig = this.getOpenIdConnectConfig(openIdProvider); console.log("Config ", authConfig); this.oauthService.configure(authConfig); this.spinnerService.show();

   **    let claims = this.oauthService.getIdentityClaims();**

claims is null. -> service-proxies.ts:42047 ERROR TypeError: Cannot read properties of null (reading 'sub')

Do you have some informations what has changed between this versions, or what I currently do wrong?

Regards,

Frank

5 Answer(s)

0

ismcagdas created 7 months ago
Support Team

Hi @medigmbh

Are there any server side logs related to this problem ? Could you check that ?
0

medigmbh created 7 months ago

There are some logs but no errors. All calls to the backend return with 200. The only error i can see is the frontend one, with the empty claims.

The token which im recieving from azure { "aud": "xxx", "iss": "https://login.microsoftonline.com/xxxx/v2.0", "iat": xxx, "nbf": xxx, "exp": xxx, "aio": "xxx", "name": "xxx", "nonce": "xxx", "oid": "xxx", "preferred_username": xxx", "rh": "xxx", "sub": "xxx", "tid": "xxx", "uti": "xxx", "ver": "2.0" }
0

ismcagdas created 7 months ago
Support Team

Hi,

Is it possible to test this on your live app ? If so, could you send its URL to [email protected] ?
0

medigmbh created 7 months ago

I am gonig to check whether I am allowed to deploy it to our test environment.
0

ismcagdas created 7 months ago
Support Team

Hi @medigmbh

We got your email about this problem, we can continue via email and I will write the latest result here.

Have an answer to this question? Log in and write your answer.