We are developing an ASP.NET Web based application with Angular interface.
The project is older, it was migrated to Duende from an older version where the authentication was done by us with tokens. After the default project in Visual Studio added support for Individual user authentication (starting with dotnet 6), we started to migrate the code in the new project with the improved authentication (Duende).
We are also trying to create an Android app, we added the client in appsettings.json:
"Clients": {
"AppName": {
"Profile": "IdentityServerSPA",
},
"AndroidID": {
"Profile": "IdentityServerSPA",
"Enabled": true,
"ClientId": "AndroidID",
"RequireClientSecret": false,
"ClientName": "AndoidApp",
"ClientSecrets": [ { "Value": "" } ],
"RequirePkce": true,
"AllowedGrantTypes": [ "code", "implicit", "client_credentials" ],
"AllowedScopes": [ "openid", "profile", "email", "phone", "api" ],
"RedirectUris": [ "https://aaa/well-known/openid-configuration" ],
"RequireConsent": false,
"AllowOfflineAccess": true
}
}
For the Android side we are using the library: https://github.com/openid/AppAuth-Android . In our tests we are changing the configuration in the sample application from the AppAuth repo.
{
"client_id": "AndroidID",
"redirect_uri": "https://aaa/authentication/login-callback",
"end_session_redirect_uri": "https://aaa/connect/endsession",
"authorization_scope": "openid email profile SIGADAPI",
"authorization_endpoint_uri": "https://aaa/identity/account/login",
"token_endpoint_uri": "https://aaa/connect/token",
"registration_endpoint_uri": "",
"user_info_endpoint_uri": "https://aaa/home",
"https_required": true,
"end_session_endpoint": "https://aaa/connect/endsession",
"client_secret" : "",
"response_types": "code",
"jwks_uri": "https://aaa/.well-known/openid-configuration/jwks",
"revocation_endpoint": "https://aaa/connect/revocation",
"grant_types": [ "code", "implicit", "client_credentials"],
"scopes_supported" : [ "openid", "profile", "email", "phone", "SIGADAPI" ]
}
The problem is that on the Login.cshtml, returnUrl is null. In C# we receive a success response for the _signInManager.PasswordSignInAsync, but we do not have a valid returnUrl for the callback so, in the end, in Android we are not logged-in.
I know the answer is really easy and we are stuck for a long time in this step, but what are we doing wrong and how do you manage to login from another client.
The dotnet version is 6 and Duende IdentityServer is 6.0.8.
Thank you very much for your help
On the Android side you can actually use the openid-configuration as a
discovery_uriparameter and after that you don't need to set theauthorization_endpoint_uriandauthorization_endpoint_uri. Also, make sure that theauthorization_scopematches the expected parameters.You can inspect the android Custom Tab using the Chrome tool: chrome://inspect/#devices, maybe you have a error in the Custom tab and the redirect is not done as expected.