Blazor Web Assembly and Identity Server 4

242 views Asked by At

I followed this guide to implement some kind of authentication for my Blazor Web Assembly application. I have an Identity Server 4 instance running on some server, it seems to be completely operational.

My problem is that in the guide above, the returnUrl that is passed to identity server is obviously not a local url. By digging into Identity Server's code, I found that it will always fail to login a user if the return url is not local :

        public async Task<AuthorizationRequest> GetAuthorizationContextAsync(string returnUrl)
        {
            var result = await _returnUrlParser.ParseAsync(returnUrl);

            if (result != null)
            {
                _logger.LogTrace("AuthorizationRequest being returned");
            }
            else
            {
                _logger.LogTrace("No AuthorizationRequest being returned");
            }

            return result;
        }

In the code above from DefaultIdentityServerInteractionService, ParseAsync() calls IsLocal() which causes result to be null, which in turn, produces the following in my logs:

2020-09-28T19:37:25.932782009Z [2020-09-28T19:37:25.9324455+00:00] [VRB] [] [IdentityServer4.Services.OidcReturnUrlParser] returnUrl is not valid
2020-09-28T19:37:25.932807561Z [2020-09-28T19:37:25.9325314+00:00] [VRB] [] [IdentityServer4.Services.OidcReturnUrlParser] No AuthorizationRequest being returned
2020-09-28T19:37:25.932817324Z [2020-09-28T19:37:25.9325559+00:00] [VRB] [] [IdentityServer4.Services.DefaultIdentityServerInteractionService] No AuthorizationRequest being returned

Could someone point me towards what I'm not understanding here ? Can I provide any more information ?

1

There are 1 answers

1
nahidf On BEST ANSWER

I'm not sure if your issue is about LocalUrl, it seems that you set it wrong if you followed the guid.

If you are following default settings, its enough to have client config on IDS4 like this:

new Client
                {
                    ClientId = "wasmappauth-client",
                    ClientName = "Blazor Webassembly App Client",
                    RequireClientSecret = false,

                    AllowedGrantTypes = GrantTypes.Code,
                    RequirePkce = true,

                    AllowedCorsOrigins = { "http://localhost:5005" },
                    RedirectUris = { "http://localhost:5005/authentication/login-callback" },
                    PostLogoutRedirectUris = { "http://localhost:5005/authentication/logout-callback" },

                    AllowedScopes = {"openid", "profile"},
                }

Here is my blog post which I explained same thing but in simpler wording: https://nahidfa.com/posts/blazor-webassembly-authentication-and-authorization-with-identityserver4/

Edit: About check for local URLs, its it by design on IDS4