How can I bypass certificate (SSL) validation in OAuth2Introspection?

1.5k views Asked by At

I am working on an API but I get this error whenever I try to connect to it:

Request starting HTTP/1.1 GET https://localhost:5061/api/machine
info: System.Net.Http.HttpClient.IdentityModel.AspNetCore.OAuth2Introspection.BackChannelHttpClientName.LogicalHandler[100]
Start processing HTTP request GET https://localhost:5001/.well-known/openid-configuration
info: System.Net.Http.HttpClient.IdentityModel.AspNetCore.OAuth2Introspection.BackChannelHttpClientName.ClientHandler[100]
Sending HTTP request GET https://localhost:5001/.well-known/openid-configuration
fail: Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware[1]
An unhandled exception has occurred while executing the request.
System.InvalidOperationException: Error parsing discovery document from https://localhost:5001: Error connecting to https://localhost:5001/.well-known/openid-configuration. The SSL connection could not be established, see inner exception..
at IdentityModel.AspNetCore.OAuth2Introspection.PostConfigureOAuth2IntrospectionOptions.GetIntrospectionEndpointFromDiscoveryDocument(OAuth2IntrospectionOptions options)
at IdentityModel.AspNetCore.OAuth2Introspection.PostConfigureOAuth2IntrospectionOptions.InitializeIntrospectionClient(OAuth2IntrospectionOptions options)
at IdentityModel.AspNetCore.OAuth2Introspection.OAuth2IntrospectionHandler.LoadClaimsForToken(String token)
at IdentityModel.AspNetCore.OAuth2Introspection.OAuth2IntrospectionHandler.HandleAuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished in 145.1044ms 500 text/plain

I am using IdentityModel.AspNetCore.OAuth2Introspection but there is no option there to configure a Backchannel HTTP Handler like the ones in JwtBearer.

I want to bypass certificate validation in OAuth2Introspection in development, something like the code below:

.AddOAuth2Introspection("introspection", options =>
{
    // SOME INTROSPECTION CODES

    options.BackchannelHttpHandler = new SocketsHttpHandler
    {
        SslOptions = new SslClientAuthenticationOptions
        {
            RemoteCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => true
        }
    };

    // MORE INTROSPECTION CODES
});
1

There are 1 answers

2
jysummers On

resolved it by using ConfigurePrimaryHttpMessageHandler extension method

services.AddHttpClient(OAuth2IntrospectionDefaults.BackChannelHttpClientName)
    .ConfigurePrimaryHttpMessageHandler(() =>
    {
        return new SocketsHttpHandler
        {
            SslOptions = new SslClientAuthenticationOptions
            {
                RemoteCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => true
            }
        };
    });