Base solution for your next web application
Open Closed

OpenIddict integration always results in invalid redirect_uri error #12223


User avatar
0
clahey created

Hi,

We are trying to use the aspnet zero system as an external auth provider for a marketing website. We have configured the app settings accordingly: "OpenIddict": { "IsEnabled": "true", "Applications": [ { "ClientId": "client", "ClientSecret": "def2edf7-5d42-4edc-a84a-30136c340e13", "DisplayName": "etransit_App", "ConsentType": "Explicit", "RedirectUris": [ "https://localhost:44342/signin-oidc", "https://localhost:44342" ], "PostLogoutRedirectUris": [], "Scopes": [ "default-api", "profile", "openid", "email", "phone", "address" ], "Permissions": [ "ept:token", "ept:authorization", "gt:password", "gt:client_credentials", "gt:authorization_code", "rst:code", "rst:code id_token" ] } ] } And are running the etransit web host project. In order to make the request, we are using this sample umbraco project. https://github.com/jbreuer/Umbraco-OpenIdConnect-Example Specifically this file - https://github.com/jbreuer/Umbraco-OpenIdConnect-Example/blob/main/Umbraco-OpenIdConnect-Example.Core/Extensions/UmbracoBuilderExtensions.cs With the settings updated for the aspnet zero application: "OpenIdConnect": { "MetadataAddress": "https://localhost:44301/.well-known/openid-configuration", "ClientId": "client", "ClientSecret": "def2edf7-5d42-4edc-a84a-30136c340e13", "LogoutUrl": "https://localhost:44301/logout", "ReturnAfterLogout": "https://localhost:44342/" }

However, when trying to authenticate, we receive the following error: error:invalid_request error_description:The specified 'redirect_uri' is not valid for this client application. error_uri:https://documentation.openiddict.com/errors/ID2043

This is the url in the browser when we receive the error: https://localhost:44301/connect/authorize?client_id=client&redirect_uri=https%3A%2F%2Flocalhost%3A44342%2Fsignin-oidc&response_type=code&scope=openid%20profile&code_challenge=wMNJT4QoiT7y9Boxhz5IQHNvQzo1MHyF4Y1lJ2oGSHI&code_challenge_method=S256&response_mode=form_post&nonce=638664064041654643.YTQzYzc0MzAtOWQyNy00ZjNiLTg2ZjMtMTQwYTM2ZWUzYTE2NTlhY2VhOGQtMTFmMi00YjA3LWE3NmItOWNlOWUzNDliYWNi&state=CfDJ8DTfbC_8CzBKrpYXkEW7lEHZsthRRkGeXEeRdPB9k51hNTD1db2pGFcHUQfjGEir7gr3co_4QRf6W7R4_Cvgv_1TM5YYFIBPFpxC3Ytf_xeJ1xVSHG72l9-GBo4SHc3DLW2eW8UndDWh-payTgrFSX0QG8ihUNt7O4L7IbzQybs708hs1nQ6Cb5ZxcgBvx8SbBij_h6Vg-LTTvcS0cALyUyMCCB7AqIg2cMru5ZukC83g77BnCje_APBBAia8klxhjrIclMYQJsw_Ah8INHzsNHztph9nyK-IGzBwjVf9SFB6ncRgRusVn8fiwwquNXx3BeeW1qS7MDuqvnc4I9asmO74LOW4UhYRV8ZsRAU2xDR_yL9T1JjoS_oaErm1mKIKb9pFRCO8rox-kunl681uAGh3g5WAM5bdVnCV8BFoZfhx3v6sTr_5gU7nKGcJktA2KKqLRoi-VnenfoxTToyzztQgvgnfJ2cmr4nA79jfsiU8tZYvyrMcoyiwl68SSXTIS0uxCYTfW1VaZvTh6TBolS8F1NNT2taa2HtRIO4lZTlBmypDC1dSP5FmKoKZq4tZvDG2BJ01cgAhDGbh7s8S_5MSs-EWTZ9xBk1rZidXmWpQkffsx28WV7QXlozVpc5DoS4EFS39pzrRibDuOzCAGylGAjXlFQXmqikPsyC26ifq9OfUVZay_T2aL0iJjvf45wLJp8uRchzO-rvyzakbOjnD-3K__dZ-4UdQQbG9T13&x-client-SKU=ID_NET8_0&x-client-ver=8.0.2.0

As you can see, the redirect_uri matches exactly what is defined in the application settings so we are stuck on what this error could really be pointing to. Can you please advise? Are we missing a piece of configuration somewhere?

Thanks


4 Answer(s)
  • User Avatar
    0
    oguzhanagir created
    Support Team

    Hi clahey

    Is Redis active in your project? Try clearing your Redis. If this doesn’t solve the issue, could you please send your project to [email protected] so that we can reproduce the issue on our end?

  • User Avatar
    0
    oguzhanagir created
    Support Team

    Hi clahey

    The reason for this error is that the ClientId value in the OpenIddictApplications table does not match the RedirectUris value specified in your appsettings.json. To fix this error, you can either delete this entry from the database and recreate it using SeedWorker based on the values in appsettings.json, or manually update the value in the database. Alternatively, you can specify a new ClientId in appsettings.json.

  • User Avatar
    0
    clahey created

    Hi oguzhanagir,

    I updated the db ([OpenIddictApplications] table) but now receive an error that the client id is invalid. I have checked that the client id in the db matches exactly with the client id in the umbraco application.

    localhost:44301/connect/authorize?client_id=client&redirect_uri=https%3A%2F%2Flocalhost%3A44342%2Fsignin-oidc&response_type=code&scope=openid profile&code_challenge=oXT8rx4MrpNCGiqX0ZTuZsuOYy0ABuaHFQfcdcw0v_E&code_challenge_method=S256&response_mode=form_post&nonce=638665094411147229.NjU1NmZlNjMtMGU4Ny00YTBiLTk2ZWItZGZjNzEzMGQyMWMwZmFlZmI3MDQtNzY5Yi00OThhLWFiMTktOGM5NDEwY2YwNjY2&state=CfDJ8DTfbC_8CzBKrpYXkEW7lEGOg-fGgK2Y99PPaV_fRADddfI92DXAW6IEIRAdgKbIcip3IxiY-U2lIZsIV94sdHINeBEGp5w41W-f5mC66yzQN8CB1aM1PjroDQKNETWgzn2vgLOB8jBGPHNWLSEX-dg57M4G3CTGWtak7pDJ5mar_4fJmoa3QRbvwUTfBLsPrI3XvonpHhzmhdblU2XXPTda0zcGjjaEQ86beoPUexxbKN1daLMA9vEgb83ZyXgoCiltYq-L_eIzJH3tdTdIGp91VnFc-qMa_UbSjdeUhiPyTGskaH3N_4ZYzU_JFy0i02a1p5sd7vXVUnVW_9m8_N52J0NHmXBI2phn2lLj2yGOk6UDaSGQQKDv9FYx95eZHIPEr7GEK2V6vngcXbP0Wbl9gZaUMviAMszQEaShfpARWKH8Y1IDgBYiT5lMtVDvguLHS5yIN4g4PpsJIAmNTHP28lQxDvWT_42ypL1hKUJqq8Zn2blIHaRqlZ5ve9gsnKljgzsAFJovpSJyFM_dueH4bcna3uhKet4in8lYRq0rvGDmrJ3b1yksmyu_ywMey6jTA97a6nd_qqxEDwzIhj1ZP0Jay2s8er_6Sw3lljNRB_wG1Dv4hRtFv9-eSWMO-7wz-BbX5VZBEl5zxGUhkOAbNd0w73ZVbe553qiXZn3RDQ_7B86lUujXRhPcBc6UTQXiiPYN5HJqS3ch49pAO407UHxNS5H42C1sYRdBRBvZ&x-client-SKU=ID_NET8_0&x-client-ver=8.0.2.0

    error:invalid_request error_description:The specified 'client_id' is invalid. error_uri:https://documentation.openiddict.com/errors/ID2052

  • User Avatar
    0
    oguzhanagir created
    Support Team

    Hi clahey

    Can you create a new unique value as the Client value in appsettings.json? Can you change the value you gave in Umbraco application? You can also clear data in related tables. When you run the application, data will be generated according to the client name you added.