Identityserver4: Identity Server 4 does not redirect to the default login page
Issue / Steps to reproduce the problem
I followed the quick start(http://docs.identityserver.io/en/release/quickstarts/3_interactive_login.html) and downloaded the UI template. I Configured identity server 4 run on localhost:5000 and mvc client on localhost:5500. I tries to access "authorize" page. I expected identity server 4 to redirect to the default login page, but it returned Error page with "unauthorized_client." In the log, I noticed that the redirect_uri is "http://localhost:5500/signin-oidc", not "http://localhost:5001/signin-oidc." Please help tell me what is wrong.
On identity server 4:
Config.cs
````
// MVC client using implicit flow
new Client
{
ClientId = "mvc",
ClientName = "MVC Client",
AllowedGrantTypes = GrantTypes.Implicit,
ClientSecrets = { new Secret("373f4671-0c18-48d6-9da3-962b1c81299a".Sha256()) },
ClientUri="http://localhost:5500",
RedirectUris = {"http://localhost:5001/signin-oidc",},
LogoutUri = "http://localhost:5001/signout-oidc",
PostLogoutRedirectUris = { "http://localhost:5001/signout-callback-oidc" },
AllowOfflineAccess = true,
AllowedScopes =
{
"api1",
"profile",
"openid"
}
},
````
Startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryIdentityResources(Config.GetIdentityResources())
.AddInMemoryApiResources(Config.GetApis())
.AddInMemoryClients(Config.GetClients())
.AddTestUsers(TestUsers.Users);
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
if (Environment.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseIdentityServer();
// middleware for google authentication
// must use http://localhost:5000 for this configuration to work
app.UseGoogleAuthentication(new GoogleOptions
{
AuthenticationScheme = "Google",
SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme,
ClientId = "708996912208-9m4dkjb5hscn7cjrn5u0r4tbgkbj1fko.apps.googleusercontent.com",
ClientSecret = "wdfPY6t8H8cecgjlxud__4Gh"
});
app.UseStaticFiles();
app.UseMvcWithDefaultRoute();
}
````
On Client-side
Startup.cs
````
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationScheme = "cookies"
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
{
AuthenticationScheme="oidc",
SignInScheme="cookies",
ClientSecret= "373f4671-0c18-48d6-9da3-962b1c81299a",
Authority ="http://localhost:5000",
RequireHttpsMetadata=false,
ClientId="mvc",
SaveTokens=true,
});
````
### Relevant parts of the log file
017-08-07 13:44:51.871 +08:00 [Debug] Start authorize request
2017-08-07 13:44:51.881 +08:00 [Debug] No user present in authorize request
2017-08-07 13:44:51.886 +08:00 [Debug] Start authorize request protocol validation
2017-08-07 13:44:51.898 +08:00 [Error] Invalid redirect_uri: http://localhost:5500/signin-oidc
"{
\"ClientId\": \"mvc\",
\"ClientName\": \"MVC Client\",
\"RedirectUri\": \"http://localhost:5500/signin-oidc\",
\"AllowedRedirectUris\": [
\"http://localhost:5001/signin-oidc\",
\"http://localhost:5000/account/login\"
],
\"SubjectId\": \"anonymous\",
\"RequestedScopes\": \"\",
\"Raw\": {
\"client_id\": \"mvc\",
\"redirect_uri\": \"http://localhost:5500/signin-oidc\",
\"response_type\": \"id_token\",
\"scope\": \"openid profile\",
\"response_mode\": \"form_post\",
\"nonce\": \"636376814918394541.YjU3MGVmZGMtMWY3ZS00MDAyLTk2NTgtMzFjNGE1NTZkZmQzZGJiYTMzMzQtMjgxYi00ODlmLWI1MjAtYmQxMDYxNWY2NTdi\",
\"state\": \"CfDJ8PNhcrkCGhtKk2P27faWG7vLtBLLAHklHhT7VeQ_StpF3gPGDQl2K_pYZucnnSzI0lwxoot04Cnscu56RLm7lRo9hwi_z74GL4omwdepetiMeTVEkaCKWurCgBo8-8Co7OhIWPkwowcehfXwymbD5-BkMAmYgGlvBg1MiY8Wq64tTRAUq6vrBoAe8JYMaMlIH8ApWHFar4FfKk4806tvvX2OXuQ4UBkZod1js_j13YfbZ1tULugrmBRzHOL2j4BvE9ZBWuRN8IMhRLLXzErZIGvznSQtHP3Y8qOGV7u_Fi0m5zgtnjI_5LpwRKlQZ_bJaNO5jz4NDURoyT95pd8AHw0\"
}
}"
2017-08-07 13:44:51.900 +08:00 [Error] Request validation failed
2017-08-07 13:44:51.901 +08:00 [Information] "{
\"ClientId\": \"mvc\",
\"ClientName\": \"MVC Client\",
\"RedirectUri\": \"http://localhost:5500/signin-oidc\",
\"AllowedRedirectUris\": [
\"http://localhost:5001/signin-oidc\",
\"http://localhost:5000/account/login\"
],
\"SubjectId\": \"anonymous\",
\"RequestedScopes\": \"\",
\"Raw\": {
\"client_id\": \"mvc\",
\"redirect_uri\": \"http://localhost:5500/signin-oidc\",
\"response_type\": \"id_token\",
\"scope\": \"openid profile\",
\"response_mode\": \"form_post\",
\"nonce\": \"636376814918394541.YjU3MGVmZGMtMWY3ZS00MDAyLTk2NTgtMzFjNGE1NTZkZmQzZGJiYTMzMzQtMjgxYi00ODlmLWI1MjAtYmQxMDYxNWY2NTdi\",
\"state\": \"CfDJ8PNhcrkCGhtKk2P27faWG7vLtBLLAHklHhT7VeQ_StpF3gPGDQl2K_pYZucnnSzI0lwxoot04Cnscu56RLm7lRo9hwi_z74GL4omwdepetiMeTVEkaCKWurCgBo8-8Co7OhIWPkwowcehfXwymbD5-BkMAmYgGlvBg1MiY8Wq64tTRAUq6vrBoAe8JYMaMlIH8ApWHFar4FfKk4806tvvX2OXuQ4UBkZod1js_j13YfbZ1tULugrmBRzHOL2j4BvE9ZBWuRN8IMhRLLXzErZIGvznSQtHP3Y8qOGV7u_Fi0m5zgtnjI_5LpwRKlQZ_bJaNO5jz4NDURoyT95pd8AHw0\"
}
}"
```
yiren
All 11 comments
Sorry.....I fixed it. the redirect_uri on Config.cs is incorrect.
yiren
on 7 Aug 2017
How it should be ?
nkolchakov
on 9 Feb 2018
@yiren : Could you give us (with @nkolchakov) the right answer please ?
I have same issue, but I didn't find the solution.
Regards
cooxkie
on 22 Feb 2018
how should it be?
oottoohh
on 27 Feb 2018
I had similar problem, solved by installing NuGet Microsoft.AspNetCore.Mvc in identity server project. Hope this helps. :)
RakicSrdjan
on 13 Mar 2018
@RakicSrdjan Worked for me thnx
mirzataimur
on 24 Apr 2018
I had similar problem, solved by installing NuGet Microsoft.AspNetCore.Mvc in identity server project. Hope this helps. :)
This didn't resolved my issue. Need help
sanjaygupta2110
on 7 Oct 2018
I have the same issue.
alshaikh1
on 20 Oct 2018
I had the same issue.
Managed to fix that by fixing "Client" object returned by the Config.GetClients() method in IDP project:
1) Client.RedirectUris property should match the client's web app uri (with enabled SSL)
e.g.: RedirectUris = new List
2) Client.AllowedScopes object should look like:
Client.AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile
}
AndreiIarovoi
on 4 Feb 2019
Thanks Andrei for the solution, I will definitely try this in my
application.
Thanks and Regards
Sanjay Gupta
9891440644
On Mon, Feb 4, 2019 at 7:03 PM Andrei notifications@github.com wrote:
I had the same issue.
Managed to fix that by fixing "Client" object returned by the
Config.GetClients() method in IDP project:1.
Client.RedirectUris property should match the client's web app uri
(with enabled SSL)
e.g.: RedirectUris = new List() { "https://localhost:port/signin-oidc"
}
2.Client.AllowedScopes object should look like:
Client.AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile
}—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/IdentityServer/IdentityServer4/issues/1396#issuecomment-460251025,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFp0Q4E9aAwrfXxsoUsORkU_VpTvQ2iBks5vKDaggaJpZM4OvB-o
.
sanjaygupta2110
on 5 Feb 2019
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
![lock[bot] picture](https://avatars1.githubusercontent.com/in/6672?v=4&s=40)
lock[bot]
on 11 Jan 2020
Related issues
osudude
·
3Comments
osmankibar
·
3Comments
klioqc
·
3Comments
agilenut
·
3Comments
user1336
·
3Comments
Most helpful comment
I had similar problem, solved by installing NuGet Microsoft.AspNetCore.Mvc in identity server project. Hope this helps. :)