Identityserver4: IdentityServer still preserves old allowedredirecturis value which crashes with error unauthorized_client

Created on 10 May 2017 · 8Comments · Source: IdentityServer/IdentityServer4

I am getting unauthorized_client error when trying to authenticate. I have working solution on localhost. I have checked the logs and I see that AllowedRedirectUris still has localhost value, and I have updated all urls to server urls which is app-notreal.azurwebsites.net (app-notreal is dummy not real).

Why is identityserver still perserving old value in AllowedRedirectUris?

Relevant parts of the log file

2017-05-10 15:27:12.333 +00:00 [Information] Request starting HTTP/1.1 GET http://auth-notreal.azurewebsites.net/connect/authorize?response_type=id_token%20token&client_id=angular2client&redirect_uri=http://app-notreal.azurewebsites.net&scope=gymApi%20openid&nonce=N0.93528539470965841494430031034&state=14944300310340.6061822215065553  
2017-05-10 15:27:12.333 +00:00 [Debug] AuthenticationScheme: "Identity.Application" was not authenticated.
2017-05-10 15:27:12.333 +00:00 [Debug] Request path "/connect/authorize" matched to endpoint type Authorize
2017-05-10 15:27:12.365 +00:00 [Debug] Mapping found for endpoint: Authorize, creating handler: "IdentityServer4.Endpoints.AuthorizeEndpoint"
2017-05-10 15:27:14.023 +00:00 [Information] Invoking IdentityServer endpoint: "IdentityServer4.Endpoints.AuthorizeEndpoint" for "/connect/authorize"
2017-05-10 15:27:14.054 +00:00 [Debug] Start authorize request
2017-05-10 15:27:14.084 +00:00 [Debug] AuthenticationScheme: "Identity.Application" was not authenticated.
2017-05-10 15:27:14.102 +00:00 [Debug] No user present in authorize request
2017-05-10 15:27:14.115 +00:00 [Debug] Start authorize request protocol validation
2017-05-10 15:27:14.225 +00:00 [Error] Invalid redirect_uri: http://app-notreal.azurewebsites.net
"{
  \"ClientId\": \"angular2client\",
  \"ClientName\": \"angular2client\",
  \"RedirectUri\": \"http://app-notreal.azurewebsites.net\",
  \"AllowedRedirectUris\": [
    \"http://localhost:5000\"
  ],
  \"SubjectId\": \"anonymous\",
  \"RequestedScopes\": \"\",
  \"Raw\": {
    \"response_type\": \"id_token token\",
    \"client_id\": \"angular2client\",
    \"redirect_uri\": \"http://app-notreal.azurewebsites.net\",
    \"scope\": \"api openid\",
    \"nonce\": \"N0.93528539470965841494430031034\",
    \"state\": \"14944300310340.6061822215065553\"
  }
}"

question

Source

nukec

Most helpful comment

I lost hours on this, it turns out that the AllowedRedirectUris was being read from the ClientRedirectUris table in the database, not from the Client config.

It had persisted the value there initially, and I hadn't reseeded the db after updating the value in config, and Identity Server was reading the value from the db regardless of what was in the config

declanmc on 13 Oct 2017

❤4 👍3

All 8 comments

I'm having the same problem!

My problem was due to my publishing profile being set to debug not resetting my precompiler variables correctly

billscottboston on 19 May 2017

Any update?

brockallen on 25 May 2017

I lost hours on this, it turns out that the AllowedRedirectUris was being read from the ClientRedirectUris table in the database, not from the Client config.

It had persisted the value there initially, and I hadn't reseeded the db after updating the value in config, and Identity Server was reading the value from the db regardless of what was in the config

declanmc on 13 Oct 2017

❤4 👍3

@declanmc how can I change localhost:5000/signin-oidc to localhost:5000/ ? My clients are hardcoded (in-memory storage). Where can I change this property, called AllowedRedirectUris - saw it in moreFailures.

pizzadev on 30 Apr 2018

@declanmc Thanks for your research and that you left some info about what's happening with AllowedRedirectUris in IdentityServer4. Now I have the same problem as you had. Can you tell me please what could be possible solutions of this problem? How to set reading of data from Config.cs after it's changed?