1. 技术文章
  2. OpenIdConnectAuthenticationHandler: message.State is null or empty

OpenIdConnectAuthenticationHandler: message.State is null or empty

允我心安 提交于 2019-12-21 20:44:15

问题


I am using UseOpenIdConnectAuthentication middleware for ASP.Net Core application to authenticate against Dells Cloud access manager token provider (setup to provide OpenId/OAuth2 authentication). Following is the code:

        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AutomaticAuthenticate = true,
            AutomaticChallenge = true,
            AuthenticationScheme = "ClientCookie",
            CookieName = CookieAuthenticationDefaults.CookiePrefix + "ClientCookie",
            ExpireTimeSpan = TimeSpan.FromMinutes(5),
            LoginPath = new PathString("/signin"),
            LogoutPath = new PathString("/signout")
        });

        app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
        {
            RequireHttpsMetadata = false,
            SaveTokens = true,
            ClientId = "XYZClient_Id",
            ClientSecret = "XYZ_ClientSecret",
            ResponseType = OpenIdConnectResponseType.Code,
            PostLogoutRedirectUri = "https://example.com",
            Configuration = new OpenIdConnectConfiguration {
                AuthorizationEndpoint = "https://CAM.COM/CloudAccessManager/RPSTS/OAuth2/Default.aspx",
                TokenEndpoint = "https://CAM.COM/CloudAccessManager/RPSTS/OAuth2/Token.aspx",
                UserInfoEndpoint = "https://CAM.COM/CloudAccessManager/RPSTS/OAuth2/User.aspx",
                Issuer= "urn:CAM.COM/CloudAccessManager/RPSTS",
            }
        });

But I am stuck at one point for a few hours now. I get the following error:

SecurityTokenInvalidSignatureException: IDX10500: Signature validation failed. There are no security keys to use to validate the signature

I am getting code and state back in url querystring https://example.com/signin-oidc?code=somecode&state=somestate

Any type of guidance is appreciated.

UPDATE Added Issuer Signing key:

TokenValidationParameters = new TokenValidationParameters
                {
                    IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration.GetValue<string>("AppSettings:ClientSecret")))
                }

回答1:


The error you're seeing is caused by the fact you're not using the OpenID Connect provider configuration discovery feature offered by the OIDC middleware, that allows it to retrieve the cryptographic keys used to sign identity tokens.

If your provider supports this feature, remove the entire Configuration node and set Authority instead. All the endpoints should be automatically registered for you.

If it doesn't support this feature, you'll have to manually add the signing keys to OpenIdConnectOptions.TokenValidationParameters.IssuerSigningKeys.



来源:https://stackoverflow.com/questions/38601672/openidconnectauthenticationhandler-message-state-is-null-or-empty

标签
c#
asp.net-core
asp.net-identity
openid-connect
oauth2
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!