okta-aspnetcore-mvc-example
okta-aspnetcore-mvc-example copied to clipboard
oktadev
Problem with htpps & redirect_uri
Hi. I have the next configuration: Login redirect URIs: https://stg.domainname.com/authorization-code/callback Logout redirect URIs: https://stg.domainname.com/signout-callback-oidc Login initiated by: App Only Initiate login URI: https://stg.domainname.com/authorization-code/callback
When I want access to okta login, the redirect_uri has the same domain but "http" so the okta page return a 400 error with the next message:
Proveedor de identidades: Unknown Código de error: invalid_request Descripción: The 'redirect_uri' parameter must be an absolute URI that is whitelisted in the client app settings.
The okta configuration in Startup:
OktaSettings oktaSettings = this.Configuration.GetSection("OktaSettings").Get<OktaSettings>();
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = IdentityConstants.ApplicationScheme;
options.DefaultSignInScheme = IdentityConstants.ApplicationScheme;
options.DefaultChallengeScheme = IdentityConstants.ApplicationScheme;
})
.AddCookie()
.AddOpenIdConnect(options =>
{
options.ClientId = oktaSettings.ClientId;
options.ClientSecret = oktaSettings.ClientSecret;
options.Authority = oktaSettings.Authority;
options.CallbackPath = oktaSettings.CallbackPath;
options.ResponseType = OpenIdConnectResponseType.Code;
options.SaveTokens = oktaSettings.SaveTokens;
options.UseTokenLifetime = oktaSettings.UseTokenLifetime;
options.GetClaimsFromUserInfoEndpoint = oktaSettings.GetClaimsFromUserInfoEndpoint;
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("email");
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name",
};
options.Events = new OpenIdConnectEvents
{
OnTokenResponseReceived = async ctx =>
{
//Get UserInfo from OKTA
RestClient client = new RestClient(oktaSettings.Authority + "/v1/userinfo");
RestRequest request = new RestRequest(Method.POST);
request.AddHeader("authorization", "Bearer " + ctx.TokenEndpointResponse.AccessToken);
request.AddHeader("content-type", "application/x-www-form-urlencoded");
IRestResponse response = client.Execute(request);
if (response == null || response.StatusCode != HttpStatusCode.OK)
{
ctx.Response.Redirect("/Account/Login?q=okta");
ctx.HandleResponse();
}
else
{
OKTAUserInfo oktaUserInfo = JsonConvert.DeserializeObject<OKTAUserInfo>(response.Content);
var userManager = ctx.HttpContext.RequestServices.GetRequiredService<UserManager>();
// Get or Add (if not exist) Okta User from/in BDE
this.userDto = await userManager.GetOrAddFromOkta(oktaUserInfo.email);
// Verify if user is enabled in BDE
if (this.userDto == null || this.userDto.IsDeleted || !this.userDto.IsEnabled)
{
ctx.Response.Redirect("/Account/Login?q=okta");
ctx.HandleResponse();
}
}
},
OnTokenValidated = async ctx =>
{
// Verify if user is administrator
if (this.userDto.IsAdministrator)
{
var claims = new List<Claim> { new Claim(ClaimTypes.Role, "Administrator") };
var appIdentity = new ClaimsIdentity(claims);
ctx.Principal.AddIdentity(appIdentity);
}
},
};
});
Thanks
Hi simons, maybe you can resolve the problem here https://github.com/okta/okta-sdk-dotnet/issues/206
Hi Leanwit, Thanks for replying. Actually the problem ended up being an an incorrect base uri setting. So my own fault. Thanks for following up though.