We're attempting to get a preview setup for a client, with the API hosting on an Azure Web App and the front end in Firebase.
I'm not going to lie, it was one of the hardest tasks I've ever had to accomplish. Aside from the fact that in a production environment, you need two certificates for OpenIddict, and the information to create is scant at best, and the code also only loads the same certificate for both the Digital Signature and Key Encipherment, and then it seems that loading the certificate by filepath doesn't seem to work, but filename does, and it is a red herring anyway because what the error is actually telling you, is that X509Certificate2() couldn't load your local certificate store as you need to add a seemingly undocumented WEBSITE_LOAD_CERTIFICATES to the Web App, at this point, everything flings into life, and we can update our URL's.
So there may or may not be any issues there. Everything looks like it is setup correctly, so I am just advising that in case we need to check any settings here.
What we are now getting, when we go to the Login page from the Angular application, we get:
ErrorAn internal error occurred during your request!
The failed request log indicates:
<failedRequest url="https://test-app:80/Error?httpStatusCode=400"
siteId="1862431124"
appPoolId="test-app"
processId="6860"
verb="GET"
remoteUserName=""
userName=""
tokenUserName="IIS APPPOOL\test-app"
authenticationType="anonymous"
activityId="{80014295-0002-F300-B63F-84710C7967BB}"
failureReason="STATUS_CODE"
statusCode="400"
triggerStatusCode="400"
timeTaken="47"
xmlns:freb="http://schemas.microsoft.com/win/2006/06/iis/freb"
And the error indicates as much with an error 404
<div id="content">
<div class="content-container">
<h3>HTTP Error 404.0 - Not Found</h3>
<h4>The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.</h4>
</div>
<div class="content-container">
<fieldset><h4>Most likely causes:</h4>
<ul> <li>The directory or file specified does not exist on the Web server.</li> <li>The URL contains a typographical error.</li> <li>A custom filter or module, such as URLScan, restricts access to the file.</li> </ul>
</fieldset>
</div>
<div class="content-container">
<fieldset><h4>Things you can try:</h4>
<ul> <li>Create the content on the Web server.</li> <li>Review the browser URL.</li> <li>Create a tracing rule to track failed requests for this HTTP status code and see which module is calling SetStatus. For more information about creating a tracing rule for failed requests, click <a href="http://go.microsoft.com/fwlink/?LinkID=66439">here</a>. </li> </ul>
</fieldset>
</div>
There is nowhere within Angular, or the database, or the C# code or settings, that references "test-app" by itself, so it's either getting it from the App Pool Id, the token user name, or it's splitting the URL or taking only the hostname and appending :80 to the end.
If the problem is encountring 400 error on the login page after you are redirected, you can check the AuthServer application logs for detailed information.
The error is probably related to invalid redirect_uri. Which indicates you may have forgotten to override the redirect URIs of the DBMigrator project.