问题
I'm getting the error "Cannot redirect to the authorization endpoint, the configuration may be missing or invalid" when used with IPostConfigurationOptions configuration. IPostConfigurationOptions implementation is used to fetch user roles from API and add them as claims to user identity in web client. The error is thrown by Logout method, specifically by "await HttpContext.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme);" line of code.
When IPostConfigurationOptions is commented out in Startup.cs, the logout works as expected. Any suggestions why post configuration affects logout?
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.ClientId = "XXXX";
options.ClientSecret = "XXXX";
options.Authority = "https://XXXX.us-east-2.amazonaws.com/XXXX(user pool)";
options.ResponseType = "code";
options.SaveTokens = true;
options.Events = new OpenIdConnectEvents()
{
OnRedirectToIdentityProviderForSignOut = context =>
{
var logoutUri = $"https://XXXX.auth.us-east-2.amazoncognito.com/logout?client_id=XXXX";
logoutUri += $"&logout_uri={context.Request.Scheme}://{context.Request.Host}/";
context.Response.Redirect(logoutUri);
context.HandleResponse();
return Task.CompletedTask;
}
};
});
// works as expected but throws error at logout. when commented out, logout works fine.
services.AddSingleton<IPostConfigureOptions<OpenIdConnectOptions>,
PostConfigureOptions>();
IPostConfigureOptions is used to call the API.
public class PostConfigureOptions : IPostConfigureOptions<OpenIdConnectOptions>
{
private readonly IHttpClientFactory _httpClientFactory;
public PostConfigureOptions(IHttpClientFactory httpClientFactory)
{
_httpClientFactory = httpClientFactory;
}
public void PostConfigure(string name, OpenIdConnectOptions options)
{
options.Events = new OpenIdConnectEvents()
{
OnTicketReceived = async ticketReceivedContext =>
{
var cognitoUserId = ticketReceivedContext.Principal.Claims
.FirstOrDefault(c => c.Type == "cognito:username").Value;
// create http client
// send cognitoUserId to API server
// read & deserialize response
// create new Claims Identity
var identity = new ClaimsIdentity();
identity.AddClaim(
new Claim("yourClaimName", deserialized response));
// Add claim to application user identity
ticketReceivedContext.Principal.AddIdentity(identity);
}
The line of code that throws error in Logout()
public async Task Logout()
{
await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
await HttpContext.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme); // <-- throws error
}
来源:https://stackoverflow.com/questions/65150819/ipostconfigurationoptionsopenidconnectoptions-causes-cannot-redirect-to-the-e