问题
I've got an issue with redirecting after loggin in with identity server.
I have the following angular-auth-oidc-client config:
export function configureAuth(oidcConfigService: OidcConfigService) {
return () =>
oidcConfigService.withConfig({
stsServer: 'http://localhost:5002',
redirectUrl: window.location.origin,
postLogoutRedirectUri: window.location.origin,
clientId: 'applications-portal',
scope: 'openid profile',
responseType: 'id_token token',
logLevel: LogLevel.Debug,
});
}
And app.component.ts:
ngOnInit() {
this.oidcSecurityService.checkAuth().subscribe((auth) => {
console.log('is authenticated', auth);
if (!auth) {
this.login();
}
});
}
login() {
this.oidcSecurityService.authorize();
}
This is the client configuration in the identity server app:
new Client
{
ClientId = "applications-portal",
ClientName = "Applications Portal",
AllowedGrantTypes = GrantTypes.Implicit,
AllowedScopes =
{
"service",
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile
},
AccessTokenType = AccessTokenType.Jwt,
AllowAccessTokensViaBrowser = true,
RequireConsent = false,
RequireClientSecret = false,
RequirePkce = true,
RedirectUris = {
"http://localhost:4200",
},
PostLogoutRedirectUris =
{
"http://localhost:4200"
},
AllowedCorsOrigins =
{
"http://localhost:4200"
},
}
And StartUp.cs:
services.ConfigureApplicationCookie(config =>
{
config.Cookie.Name = "Identity.Cookie";
config.LoginPath = "/Auth/Login";
});
The problem is that when I get redirected to AuthController in Login (GET) method I get returnUrl that looks like this: returnUrl Value
And after the login it does not redirect me back to the client app, but stays on the login page. I belive that there's something wrong with the returnUrl itself. I'm using IdentityServer for the first time, so I don't really know what to dig for.
UPDATED:
The problem is in Chrome browser. SameSite thing prevents it to redirect. I've tried the solution here https://www.thinktecture.com/en/identity/samesite/prepare-your-identityserver/ but it didn't work. In other browsers, it works as expected. Could you give me a hint what to do in this case with Chrome?
I've also tried setting it to Lax but nothing changes.
services.ConfigureApplicationCookie(config =>
{
config.Cookie.Name = "Identity.Cookie";
config.LoginPath = "/Auth/Login";
config.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Lax;
});
回答1:
One idea is if the redirect URL Should be:
RedirectUris = {"http://localhost:4200/auth-callback"}.
The link should be to the URL that Angular wants the token to be sent to.
See these links:
- IdentityServer External auth provider - auth-callback - Redirection - 400 Bad request
- User Authentication and Identity with Angular, Asp.Net Core and IdentityServer
回答2:
Solved it by changing the Cookie configuration to:
services.ConfigureApplicationCookie(config =>
{
config.Cookie.Name = "Identity.Cookie";
config.LoginPath = "/Auth/Login";
config.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Lax;
});
And in Configure method:
app.UseCookiePolicy(new CookiePolicyOptions
{
MinimumSameSitePolicy = Microsoft.AspNetCore.Http.SameSiteMode.Lax,
});
来源:https://stackoverflow.com/questions/63449387/cannot-redirect-back-to-angular-client-after-login-in-identity-server