问题
I am following https://www.scottbrady91.com/Angular/SPA-Authentiction-using-OpenID-Connect-Angular-CLI-and-oidc-client and https://www.scottbrady91.com/Angular/Migrating-oidc-client-js-to-use-the-OpenID-Connect-Authorization-Code-Flow-and-PKCE to implement OIDC in SPA(Angular)
I am using aspboilerplate integrated IdentityServer
I've set up everything as per the above articles and I was able to navigate to external auth provider and was also able to enter the required credentials.
While redirecting to angular I am getting 400 - Bad request. Here are the details
Call back URL :
http://localhost:4200/auth-callback?code=b74f38054d4becadaa3c45ce58a83c892e0d25e7fc4bfcc1ef29ce369b477596&scope=openid%20profile%20api1&state=18af0415b22b4614882d3e31113e2717&session_state=yP4rCdCetarKTsX6X0JXYTeV_1Xo8dud9V2FnT-14QE.db913b7a39e26220d8ac07de5a523eb2
Cookies : Request sent 9095 bytes of Cookie data:
.AspNetCore.Antiforgery.xkdte50z5pg=CfDJ8FAKJpEizERFtUzdjBClgctpGC-BWtg81DZ33kUapCDBb84U7ILfbqhExQzI3oVOWReKh72cV8hdROZcCh6wK7tbwl14PnWzNIECZGxyYx-K3MINQnZEp3cp-Ury1Z4KaRHs7mqvmf6oc30h6Q-oFxI
idsrv.external=chunks-2
idsrv.externalC1=CfDJ8FAKJpEizERFtUzdjBClgcum3jNb_Pj5sm5cfWLtKGcBqkU1VIUHlMdupOgnYwqTNw3bjxOoeVbCR1YR9y6Y2Q6zZvxX2juNv1iiUTwVIcTAG99R0QU8Ki1EJ8uOvaVN-BgUFNXYzcrct69nxfTGj5Ay2wL18-ziLczxnqurAbgTVkgyZs6IWHgtbOwyoyJb3klbQUkt4nmNZbwNSzeYknhDq7ohwEqeva51TIw73lciD2bJpJZnxUFx9eRI7FiJcf6qM3iYzvQ9R1-IRAmTleGEul_KY0eEcf8srxjPDgCRvj_Chy14N0rJdvWvrgio2yfdKTiCam2y-xPporU1oBOupt4zuaKsnPlHzzY9NksO_Gp7TTXJi91d3P2rl9FtBbQVQQDgpuNlwKO_WWIbd_nvcns647_0Cm0-mXiPecFrCC_plifOJ3ZRQHDYd-_ykOR_8WtGVYNigh0LPn4WxHoWJujUneRVaF_ootP4I1-uzcP6oDtTdxzCBgQpsujS_gRsHzZQ4S_EUX90R_BNEfWpg9Z5je0sT4Rma_tBeDBTCtqaZEKng_n4ybbn8xZc0dwuuGsVjYDSLXXoHLhQ55MalqJmRITH2mBNl89on3l2Y_e3_N-T_ScBJOS6HUHhTbKgiA2-R3XP5T_Gd0Fbmhpyrb4uqRJDybQb3muaKwYAJg51PSoiicA927KTcfiVPUzHY7YoENJ8MqBHkonvpjw9QtrWCgn0t4wTgrj_jIkIg9VmIZFReWGDiIw1cQnvA8u0lnPdxXl0D0ywm1eKCcvliHuFiT4KM2nKhUtlg75X5w5AYBFRb8ocx6Gx4zNEuV6cXzsx0-PVkbm7DllcMu3gMchpk47rDrIUjTDqlSjnlM1JaRWbrxXAui5tvZwOdAlI3e3__RIu-hdSJNO_ZgvPkLRUBiv0weNmsUWPjLzSjP8RVj-fWWCj1DuXSeUKcWTeEiXu019Klco48i1eUKB-vqLsUZHWAc8E02A8xF3kyz8OXOIam4tOlBD03-CgUK8zf0ahdtFegsXspJ75Z7Swml8CHpPkHrdZvGrryd-UbRipNpejtde1B9-WnLhpLQjXYCZdCOFndeg9CG1L9uBpaAU9pOB-AzmLqNIa1zi5qS0h9YqlL4wHGnK0iDlSmmK9kpZuTUS2nSEqs9hDwew1asxl7LPF1sMJyhjfDBAOmcHV4kZA_E6w0Y8_JQC4vu8Oda7vVoApvolhhHPqXpmmwbHxwxv1HjmC1UBdGUOJyn1rX6ASFJnEu1mmgqD1mgXizbmPzJd_KzRUkd5F7M0DcTBX3U3_p337g3QG5WJlBE5v_2JBlh6s-G5Lxs7UNXwcEigg6amJEgcIejNKXRbynJ-IKE41kd9PvXeG29d9B27Y37LPQu0xVaH7C7Z46pkASHZVrcPGLOoN0gHBTNwGaDUfca8Sb2bq3umhNjzK5uNxLaEZErCmjQQzUidKHcbWyuHC0ht0X1phOJv6hMTiUroYVaTP-ma_B350Z0euJq4atEPu59-Redz56aYtuKBW13axJs8qtsvXolwkGGboHzB-gj8PjDrT-iHGVMnoXVLkkOM_nYzfY5PwnaSWUdPtXnI6hxTlJomU5Bvhm-7TKLfB4bl3Fel4MM0QdrTQJz28FBTVFizzdksoPB4N_3jfSZsR373mN0wdtqpEjmKNUvGnVNX5wTc_3oMTO0cprxSVXwUK23phkomKHUYMZ8i11Z7T1mZHx5Yci1CMp-mHqTD-fBbmSK7YYvwtsSLeeI7u4cH-IYRl_3YQtxrFLwqTOzWllcz_JgbvwNXPYirLj0EVqGwttipg8QIuNyJIaPAnovTpJVI15ioJKfS9F9xlx-JVETbgxK3Py259pbTu8r-jHEZT0YdlItIZO-t5FM6hlTHAtQ2SuY8kdFQyBlUNZQPpw3ft6cz6mUt-2CcTdZ-xibkEdr7dEAZflSIrhL3Kt4lrdNalI5j68zG_0g9qfcXKTaqyMN0bawAzBfmaWAIp-u1KZb5vi6Kwf9ZEcNYF4fzHjHIOSNmySgiaYt2zH8EvbcJbTQmfBhuLOG6zBDU1-fDTK4-eBPkRJWEh4OTHm0jC8GV_N-80CrbUxjJUzoBWJXReu-sE00d4zBVHTHNJDlShXlyUPb_vqaGCJDFIlEEZUjyvAdwP0eOOeuhSz6jYicK9WwaZgsoLLsyeNZwLEOLftEBAax5ddoUdwe2kwxJ9eMZd_TE4YYzI9ZI37QAjzfhf573n8l2V--UEr-Kt6asTxzNvg1gK7doRns66W7KC6qnL_9ApLeoZ-hOX2QZ2J32D78mk5h4Dtv06lsNm4pBs8855PeZ7ygBu-p1edi1UjEWLzIxHxQ8YNNErP-U75HDgStXVRBY7CuXqz8RVc62Pjrj6z3Z98nV3KfcYJloq-Qejg1oSmFLgHrs5tTecL3caIopMy_MV0XRg6ly7cZtWq_8GQclQP_-6nTGy2ucN9ncj6sSjbFXxtKPV3bLAUm_JFtMfzzjR4TxP8s95zOiBwF5XXlLPu5QzBOoprI4Qf_XhmlTe8_1Z7X_HzCZSfWtgSDMEmcyOXxp4sPeKnh4U7o6ZlKukGz14F7gB94l0ZEHpbtOScRWb88o0fisHQv_G2Erslx3O5sGDMQG8G_W7d6IMBs1FFU1wcy8gmAznDbgFxtEPmXwdcoMY5MxliQQ8SrmREP_fU32jfGox5BiebA10BtQKjctJdnF_KPu3UzFuPGjFncCrpT74J3bR8O7BTUY175pOR2Vw4dtPCubHDeLHzFT8QWsPOO0CUS1kbtlooYbPS292E8lawWmYcFMcYsDq5x40NeX4-NVLuL0DvaqC_tgBLqvjDsrv6hQy6xQBoJt0PtfB-X0n38TCl9jwmpA3IiLR77FEAbpf0RRs4NB1_fIs9nSgK76JFPunxZ8jsgOW1ERNBTjgCaO72tct0l6rtrZAD35fu6KPBCFsofdoRpw5e5hxiq_Py2nYniCv6BkDLezt5wyYW83Zh8RJ1MQgZxNg3mJj0yvs0b3shdmxcjYZruCswCpcYHUCmqsTIjj4yQOHY15c8R50Asq4-eBuf3FhrIY7UWftvY3f3yL4IRQyX93oD0o1SCgpULpzR3dUAJD-QId3fHHbq-fC80Jqs09LP-HA9r7SutOSDpbcH-qD6ZDIVMddxGNOSyEVEN21fNPMUmVD-7u3-B9hmTrmb48HJLAQn9JjN7SdYjlNOoiyzwqZchnmWE3Twuro0S-GBryAqKdF7eQKpPqgtOks03JcXFERS0iRIJLZe3syjY39SZbhYMahkAc0D2TnJdUSxc-g85H_e0GobgE6R74fAwKeFDNrThwaULJBQTq0EWFikOMpZFzylfluw1M9U4ad-f53bYHPcvKFw8giZN6N-VM6qLrg3D3oU5169cXpmbRDeawreIOHvlVoIfhRZu7cSkARO0AGmL9XUrGivRNgMyDXRBIgIn_tbIPFvIrWkhgcZZZZP2t4YFzhn2MvKoHEFAfQHFFQ4jvCv-Waof19dRzbMSjS_Vz9qPzslbUjYATnIykQCeylOybDQKl5b6QVwmz9ioSl9OrJNFbzy9TDXSqjgCnefoHdZyVubpHSCADKJMB4FnLK5IdCFwcn2MSz_FuZzuCzDzR1B_WNTMuLQBR7Ks70uizUOJ8BKI7tuMO9nU9N6AQ7Preb_XRLVFJ31ISl5DvrQxyh__1Uet1IuT1vYrH4owFgaTnwOPRMPNxmnUTJRsbyEFdP6p6kQjV8zrId3qhBDIRMTfuOgT2n4awFqGbIM5DUnag003rbzpqD5zuL1RAlCfwyf2Yx0u0qY3es-zJV9CtlzU7X7YR-GBDSVJCKSqRRNg7YY-B2Y2E53Wudp6DDzVFuGs5G-XGJKzq3mru5h1CWaplCNgpDkdaRId-mfp1p2EP0vmoVkQnlkXqT0oJTsOBSTLKDrCfkniMbmKP_afqWS5jn6BmRDuFjEhdhl6Wa2GkMznTps_g9My
idsrv.externalC2=TudWp3eg3iUDnXn_uBCELCcSM1M6cxDlaF2RtsIFq74WusG6xZaIXZi033_2psAUpYZ-rKCn-fR-0p9RsHfw4Tot6oTODOcVUeF61Q3Zw6yoXZp497mMT3u-RMB58Yai5pUSMJk1Ex_2H1ekLjks9_ngpns76ARB3dWi_gzblCLQ-zSujcPw7ksoBLlt2X_h4B3w6Y91lCyHkn77NcAKdTiVgRs4-nX33NEr7Rogr3p365AV9vrJqWIl-eP7I0Di4mQn-EUZAd6C1iqBA-Af0wp3Nm2OmJJr-dEoPpppha7wW0_3IGk4_O_0cZjv5e0-63ER0X3cB5ZoKzRarKkdNEm3uBgcexGLOWJyTL8ntrXfytxxC0iP4DiO-wSnydrD0r-k6F9iLd_-pSuz30MnHDAAXn0141EC7gLr-J1EFS3ou2b8ocjIjJUF9jZ_V9IfibMrI_K7o4e-Yk5uhvjIzOq_usu2LgDhLjLIYXYwX_lQPX-D_z9Apn5IfE6iaGpc2ziqocj2uDFEA_j2dKtJBiyRylBcv89BJfWcsNHLybiB1dVBSFeRmQx_Bi24Hv0fkjw-7FLIFnGHv0UM2t09zp6QL4T9K7ggxOZMWp1-l4yIfnJRBDOVzSUcJZLEmAzv-lFcppUOtvrUmERDHItWFI2IF56flIGH5bLv7FJBFCW8Ke4HcI70EiWwBSHvO6JionGOrXpsAmVGW3WbfVH-iTrepjmYeJpzsKJbjBWvtTOy4BjcxjUe7S0UZvrMIpulv-bH8EJhT-ZnSublufZBtnUa5AB8Eo746zPmoEBhFETx_kGMKtwG11Cj_awV2xlY4P7Teb1UsNYvncPHn7B0gPRq-e3MHeqo0O8GgKcnZb9rR96NpBsLqZ64D--9kbYengtKR25guD1lRRb2ijqkC4aCp7hD7ohE5RjggPoxo5wr8ZQA4-c2HT_uwlpe-QpyY_GdFErAW-eT0sSA0JljDVTsgFFt45CP2Hid2gqRX89-vgBVXjmV9rTZHocGEBg-PgQP0TGeGQMg6RWL9ryzsb0auFRBhiAPkyoPonTNKM_Uh2tSVXKZB27T-dAJRXF4qZ6sFzAgQsrJxphmucPUuFw1RnaFGSM3swf4A8JR6egRegMIHq2qci2uEUyQnfSTYLciNvur5OXXkfYCEb73KaYwzI1I32FUnJ3RsrQPSgS-RhNHSlrfHgf6DjAqa5VNk3u7c4RIreVTxI-ZiGjLJgxHxHUuSIyiKnClH1WrZBZ0yVupkmjcNd08jMbAEIUeP43tMg_Mwl9zjN6kGQdbDbRMNqGw6cIv7_6cCPcT0Uc5e8biHEYdLO6MPsCbH9bOEjVluRY76g8-CNQx188rxm_C1-qmxqbjGlHmebmtA9Gm4WR9RJ4ZBZkuMjMNn-rZv6fuVBtOUxzFUj0RZu4p5yhURxLRDh8OAAYj3gMd1TJ4qXrITd6Qa3VCnaCe9WHJgAEmfHjUiFulqTsv6NIFZiZfr4JysHSSk6qDAwdLDHEfb-XjM7EbS6h-2ehU1wLM6HvXv2PMpq05leZ30XYHpM0m-JGT4iOE-23jcEYba8kx8FpPAEvMaxllEMx-U6cXpaSY7gICbk08mrZJoRwqm1x14JsfWnS40NxypgaEm4Ofz32YP0gzg_96wwS5dPgEU56gS6iQLfdLwyuME7KLcVNGRs0fGDH7hsfBZk1FwBpOQO2o60dsxZTtIHqKnftVrn2fhoc2Q6Cpe3GKPHD3fIzga4_umSTZL_uQg_XTi_01IYRr5dSKQ1GwQVM6ELf1o5Un4YiCZ3qOpjioKWLapQwckdUrKjg95Lxlnq7TkkTlB2C33tjgo_UQ-CLxSYEGR78m0USywEfXi6N0LS2MaDmu0rNY_UweMs9EV0r_y2KqqLy_afFrn3IWn5XcmAaDhI59a_yRtkNYXMnKP3rexMYSdHSY10AVgPO88U-_5nelN5CX4zwNnJsyjD8sno59zEPq1UPvW5q72USgnt3wY4YWSPfkkhNBWr16pKSmTUkuaWtbcP9MQg0uwrHhlQAXcM
idsrv.session=3a7192efc6a9690cb33226c0241d91be
.AspNetCore.Identity.Application=CfDJ8FAKJpEizERFtUzdjBClgcva9BrL5NevHGMOeN3Y4e-BtNupVoy3JNq-gAf0-xVS97cU9-h7xQXpsv2zJP6nx5leh2DsRxN4uwXPrxiAoJgdfXyTFvhtATpLLRmWPEFnLSH1hD8BTV0U2b2kbBAFl_ny-27_-xoZdV72SVkJcrwAuWCZkNpMcBdGfmNMWXwyL1c8cz684o0oWicEyHvquOdHW_bBpkUrXSQK9b42pln40tPVBlYFLMEgMDKCwWGwYcR8_gx5P0dyobN1R0RHYXFXiwkFNWzz9ZsEpKk9wxWF_Hn7XDNuVV4IiLRwQiVm60njvg15gKUlxPpYQY-8C7oTRPsgZGvSqisVbSlF1EyoLsarDak_Yns21HEQY2AVGs2VxuPidNe6cRdjb5sIRuHUX8kDawttIu8MnrHyLRjaF94Zz-qrCpZfYiHOtfpu7VVg_7HBNusMBOy9xJQLXBftgPamYkCFhnXepQ34RJiM3-1yfQNibj-TaVvSHtt7_lyQdwcnX2MqjxyX3XI7uYqyYT6ela_qBg1C-bTYoiFbiqcv8C_dME9RsBdB_V7q0BtSPvgcHrG5lUJlvksAGyUzo0fQn9dzdEjKU86CaQ_XD349PPznjRe8Tk1E67XqI0CzPhB3RzV_sHdy4Ghfq7MP_WXvOy3hc0mH4TNN03AbB7_aHcIojeHVNh7cyfmcJ-9A6n0jCrSXHxEdf66jjc_VMgxk3nytS_g749s84jAajtxBGnXmqvAnqEYuZZgTAJFMaajq5rrxBU_X_W0DQbErZu3fQU6e_LYrJxAIcXfy4Qh-iynY1flPZBihr0S3qfOxUhrvpB64zq1b3fa9r5edByt9tgBm8KK-wC0b9JjF6kms3rn3YrJIJF00lUG8vZ_MfRr_fU3-e6rG7eQn6YTiQK2ZFfnEo_dzTegfDTJ2fez984jJzJFSC0s47rrb4N2ofoHpAqqqybEWW2UQtURvOU2d5CLRvo32RTI4EBD6bKbv4k92TBpOsZe09ipHmAO9cIBTNfCEkm7AYjv_ZvRrasb6kU7GcrNwRUx1k4fcmDnEeBZZgMbMjWzE6ieJ2miqxOiA3z2vuYcPTMB43vjKjqeAsn5juCx7l4Qo_zdE9UEqLlBSmEOA-UQsdg6m9Dz48QmW0XIxZ1WGVPz2Dbot4zVrgRNg5FzLpUwsvyd3IoLmjSCnvUxNDAXYN2zlUr2ToGVU6O2fYhjmJHRqTVepTebaZ-qjAzex07SR0Oo-LZq0780WKdKIiq5wNNFTVxN30tZuPcfPqd7CBIfZzlkMlyko_RUs18ZiZ8bQaiDLWSbLV-d6nNCO_TSDbLLWkr0gc6BW0ZM8G6BdCVCS6Pb5WlkVGuwejZ5QXSHjPEfqbr06_6FqnrcRts7irjDWnw1GpnT8jkSlwPnLFkcCndm90nWbQ-EKns1qEXQi-m31jdP7m3i83Fyc3pxpcgkTFi0cLfFc1hswdacpBCHPwyDikQ5mszondBiqCHDzZMy635jq8HHREfnJgDNUxkj1WOKnpwCFa6GLWsN1w_U8KpvTEpXM87PRTqIhZW6EfnLzZHuWGpuWCiEATDyyVvgJFIOxQeEHqfXDPPTxl0EuDYCC-9eaw6q0AcgNYbAqlXHWCgqcXshpI1qVu0aQRP_81UT9vk3orUZNZqD-WSA_GHRUTVMedpp-piqDEZ-q35V_NIzhrUwyflpCcTItrhy57-IJbHujRVosl8x6s2A9J_JytTK9y4lqfBe38h6dQtPNOdjhkA_ioWdvWn2KFVLtULnapFScWLm4ew-Gbrxfrmj68JzmsKUOKmm6i0o2Y0JMEg9gsExTh1K3Z_e_DCnfJl3XGgB6Q5rX_qzcvqwyldPn1xJyXealA5KCi38hqsI0wy5-LZhiIUt6PEQX_WNF5wiL9jkT_6-qVfUhlRB87tcqx6YHwdwlYUErsNkrRwZJQrtXxDJoZwEWYy31Ehpi2XVoKTksNGdvHbJcPtFBt7BactgMy6MRu0LVTI8XFhVaG-9LaiHAq9U3c2vblpNjdlBW0nrujZo5MaV5xroyrL3PxZ3j9oj3FzbtgcN_ys5J8FMdhTBAaN5V_YtAWpBH1kP527q_raw1wWdnIvLKQk9hsQJqdldZoKM6mZgyE5_lAWzLs1KN4xwD7Gbz3uQVoaIdIGGsW1iXhB6wJ7WeN9vD6kAJBiI9aHn_iJLmh-QPEWPdMntVipec4UXAACVXPX_QmOvFYxdVhSQp9tdmzpvAfVpQpsbrF29ro0olru0Aimv73wMp4UtIacGSu2T7rHfwkXJ05o9IDuUnjOC9oXMhxLvz_dBwjHeHt_B3BvBQ-XNSEQra0fD0MzJ3GBRqK1vUWRJQzaUmfZF5aE39az8qoRZBAYKFrAzqE8Y2IsEK6UhrJj4QuJ03l_skguhXuraLyH-IO6fnRqF5lZQgO81RIZKDvRlhNrcGJsM6yOotUXXTpVz9xjOtn1rMO1woO0up8kr16vlcRKp_TUh_VqDvV-AbY93ZYBUuvVUiLonGaOK7V3X7uqJGFsh0f27hy7CKYyjviPLo9eEs_oMsjh34cLEzDEPSZtgdqbv6_82ruVRA6S5wKWr6v3HluBVjJP7Q8iBJbLzFfl85ihIjj04hYZQmBUx0E0a646NVETdibYC7zcmdtGOUb045Nifb3A
IdentityServer Config :
public static class IdentityServerConfig
{
public static IEnumerable<ApiResource> GetApiResources()
{
return new List<ApiResource>
{
new ApiResource("api1", "My API")
};
}
public static IEnumerable<IdentityResource> GetIdentityResources()
{
return new List<IdentityResource>
{
new IdentityResources.OpenId(),
new IdentityResources.Profile()
};
}
public static IEnumerable<Client> GetClients()
{
return new List<Client>
{
new Client
{
ClientId = "angular_spa",
ClientName = "Angular 4 Client",
AllowedGrantTypes = GrantTypes.Code,
RequirePkce = true,
RequireClientSecret = false,
AllowedScopes = new List<string> {"openid", "profile", "api1"},
RedirectUris = new List<string> {"http://localhost:4200/auth-callback", "http://localhost:4200/silent-refresh.html"},
PostLogoutRedirectUris = new List<string> {"http://localhost:4200/"},
AllowedCorsOrigins = new List<string> {"http://localhost:4200"},
AllowAccessTokensViaBrowser = true
}
};
}
}
Angular Configurations :
export function getClientSettings(): UserManagerSettings {
return {
authority: 'http://localhost:44380/',
client_id: 'angular_spa',
redirect_uri: 'http://localhost:4200/auth-callback',
post_logout_redirect_uri: 'http://localhost:4200/',
response_type: "code",
scope: "openid profile api1",
filterProtocolClaims: true,
loadUserInfo: true
};
}
Kindly let me know what could have gone wrong
Edit: What I've found so far is
- Even with another Angular oidc client
angular-auth-oidc-client, I am stuck in the same error - With JS client, (https://github.com/IdentityServer/IdentityServer4/tree/master/samples/Quickstarts/6_JavaScriptClient), it is working as expected. but since we have Angular as front end, I implemented the JS sample in Angular by including the required JS library and to my surprise, I am facing the same issue
When I copied the URL and pasted in another browser, the
call-backcomponent is invoked. So it seems like there is something wrong in Header & Cookie. Here is the complete data of the request I took from FiddlerGET http://localhost:4200/call-back?code=7bc6c3d343067f2ede3ed86268e3622bb909cb8df5d75d2f223b335bd75b730c&scope=openid%20profile%20api1&state=86215491d41a4c3c83d52007edf372cd&session_state=ibjjr0YMpGp_UZ1ezmUMusoAIpht25ySKfq8hoCKHXQ.e7f8f959a82f09b830a9635911c0b9f3 HTTP/1.1
Host: localhost:4200 Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36 Sec-Fetch-Mode: navigate Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Sec-Fetch-Site: none Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Cookie: .AspNetCore.Antiforgery.xkdte50z5pg=CfDJ8FAKJpEizERFtUzdjBClgcvmHhFjLJ4WDhku77bzpIxGI20-YRukepOXg6hGG4AUWzSGKXSWmy0Ie9tQFsXnWx0sUUlh0EAOij8y18d_96_-FVyCrPhtQ0JRtEXvhPXLxqum0sIJmwFD1116QRU-E5A; idsrv.external=chunks-2; idsrv.externalC1=CfDJ8FAKJpEizERFtUzdjBClgcvkhesBnoxqHY0OJtpFJrBLaBijCb1T5yLKQ6APxR0eu5fyn_vfdh5Xp9ttxF4vCwd0PFSJnuEMrqBjnECr2QVYHBFkGC67M6uo238PbjEP9Yo6HiCxRYuj6TbA9LjPQFikWTrz9dmo-8W2jWwbOoCInliwIrrvqrvtnpJ89JGlBv38DroF-EQYlf-Ut34JonFZ9MdSPibkMSx5jk-pVIND0iQziBAZF0uM8VYXBkZnRoCXX1QLiAac122PfxvfdTBlDbGob8fZ3LxTSeMLDxUtWsqjXbZkEt6yF_iQBWlaMhdFapnEsT-PZel1UblaLUKBl6iB9ruz3vIGoKtGTvA0gm0k2RWBqBD6aMsOjCrK_8Js_mW3G864tPidZ3cK3h5pAwlgz7spThU6u_dDr9O90T0xqSi1MIM1oJI4IZ4H9_FR2QPU5wqvLaTyWdM-Gdmlpkt4HdQYfzvnRufOQYkBU7jeumj0j9lLBS-mSw0P3-st8EHnDHdoR0e-JBSIZ_YkOb1BTcdzWoffC83umSsDfq3iHGQeeUyl5C3xYVsjb9ZWh_zVnisUQD7UPcO4lBWhyhgkhUorLBXUxft306BdZeIommcLGmB22u5x5uqVqoocFEQX73fFj22fYqbJXcOeJFMl9NUyUMS-BFA6F-n-5NxDGGyjtGsjdT7hOwVgAXd9wek-LElpEmWltIHFHf9C92qvuli0GqyCYM3UOFiHVUVcsKtTagr5SWwofTP8A-TNlAVFJYEduw1--eI0EPeCfveI2SpZn1U07yNtVP4Bjnltz_DhqJJFCFQvsnwgy7aiIFjHfBczWDiPWOE9hPZZQ4lluuI2hS435qn6uVrSXtyZF16S_hv3w2U0SawU6Mc8Qm7aaH8OpzA8a_U0jhrrtYuvvYnmPvmqrMw78GRMnrgqqCC3DQK1ghV56qUUHtU2HQPme2DyUztFYBjLLOO2VB1dMmbfFJVpJUbkj8EsXiXzsQ43fKO_JNmdcsyGjkVprwAvHVaMnaVWpXUUt3rS2feH5ZthiMCozYitq4W6dZkFeC6ZAbnzxwig6IUISraeGiV-02XbYyjz7nwMBFZionzmoz0z7MxJ72C49z_Rn0kBtOQKe0vQyIOqFizihJhqDdrnpxgCvrESo6EXefiS6D8zfNUnOT5w-vhQ7iMpRJ6f5rgVpg7T1IWljBA-wjUDB9Z5ihaUpsGrlQMZsrCSfUEpynNbEFZVUmr4dMpMSD3itPC4k2S4viB2lij7s6IHdJi96KNfe_lFm5VAP_URpKb12URyn0ozJZs4tVPnL-jvhXimDGxpd2W4VY9zdB-OiIoec4tjaTw4APJd-QdUykukW_W-lJ8nAW-8kDTDbzMMsFIFQ9MOGLF5ipMu1qlYwV5DRdfe6ClF1eiFfvFcffFon95v8KePeptjFzhXURrmN3orY0EX-0LTBpxtocqAT0ABT3aCcCHV0U9pziwCMY1mtlda62rVctIWpjBsKCRhb7Y8V2cwUDGILTmZQ2cUfJAOShATGsjVnmhFThyiFm6SQAB2dCFol2drISAkZBjPL3rE0Quv-yGeNVcz5-Hp6AtV3KQkdfntIVzjBbZxaAanz4iP-bVHmmnml7fLMWyvundtTuVm75wv_OXtzDGpWWkSAvAddUpYnuPdtqSoGZTgCtEbmBpf0Yx-JdOaB3yEi9zD-_BjdfdS7IFOjbDv55ti5AKs2GIwsW6mWO-5ScxBOebccC5ICxhoegyDdVtwQTdS2nHfA1FU8qdsWaFd2Waou9muvf9IqdnMcn7-bKECkcESaf6y0kvW3_OwyRamAu4fHbRVSgeU1F6nJDbh_9Wt1fWnDxN6hnhveEk_W2ggSWxy0hFxruIo5-Bg8cGSKtX419y1zeM2UlMZ83xrEbAbcuuTfkv_UFe_xjTreOLGUXyw5tKCxHI824hdAKXmbdBdO7rnw1GqrXttz2_6qnnxk3rHNOcwBRAypAq3ZfLYNqflcIFHbI6B48uXu772Xy1xAyTeXJ6Xc9riAs9O82dRKj9wn1dMeeF6UKwpKwZaEaHiEzBgwMeWmoPasX9Dvg0drLajEgxg1qL7PLCwz0hHK9m4t7j8vC_w-Wnumq5VUuhEKz-DcoquVZ_bC5o-yE70gOdxyU_Nx3W3Xz44Ni5WzkgO0ELEj8Gnw9WUuby55kNN5cGEcLX8-SCwWM21ooL_WS53wE2suEZDRmpb7K8DtVo7TbaD2zBnmiM8hoC-DIeVCb_qWlfdYVo9o35IogY7HFYYfKdsz4SPGKlIz-ptHdaCnSBTpTdtWrZomCwYq8iVT2dLWLeg10Ly7odj_SZmv9Hzral6WVATATi-FBSKs40wf64IY1QhjyC0xn1mfUZeGUQLAVlOT2AJ8gg7G5OG75do3jsklnhcvArIdwvuGWhrEHLJEHoypGfqNewU1rZixuxxqbFuoIro9DabF88HGXZMAHm4hOfNGBhNhuzKZ0dvxzHCLI-ysEutGgziIJzefizo6RxEam-mMEEuWaE9dfrMirL2-jeiWqWHhsfu57VPoSC4gdZH-BM700nbdW2cRCa0JpzUmk6tbJYoKWaP9M_EgZA-GaWk7DRM5-HA7TgTEeWOJid6EHUr4_ib9aMRGCul0MnTamb8DChq_2mPLv1FRIDTwe4dJT53lJXvJNIJgQDQAQ66ovMFLoyKvuBAKa3ApLmadojoA--USVFURPegzbtFkw8G3yjTutzEju0ln6rVNXyGxg3UHZ8fMJrIyfXcYaMeLG0PuhX_j5yC3QNH9vGFpkQj4JnkQP8npsq_AruH0btyIqo9DS25eF_hpaKKXgUcZoGGgHG-jtjmf-DPuHiYRgo28V_u3omeD3rGsRPskczbSrwYkHMP5ajAVze3-Zt9XOw46xi_mCxhLzc6-7dUWk8gviCZ-f2XmapJpuii4ZPrI_3vEoMDwdZ_BSuDRpuLIcvQfJ8mUlQWJ5l-f20_B8nRm2olzIKVIwPkMdf0L91Z2cNhYwYsvOFO87QaGrqCvW0EmKto69RFHHTNqOQv-gcvNHlxyj_JD3TLya5BYJj6e4ZnLTEiakVWXjfwwfS41naQ70HPlMgbv4LhMtlJekC50uUse16Nqd7EqHWaLvMUhXz0Twy1tp8UZOgbXiJlY3SnfNZXlADU40ACNX9ZM632WMLp_mGD9dpfXAOzqS1kJEYBWDrphsnFhz-3VImvXTowq5xl3cgTjavjaht19x88ACNQqu5QDtmeEYYYZu7aI7F__Ne6DP6cJ_mICZLTOB2tEhJCUPcWaM-yBS3k1hqqfbD-s3OFofPSO1nqwEdm49k_tBmP67DzsAv00Vh8cch_qY6BPRRQ_W-KPhz0HPnq6Z_PAGDvY2BJsLb7ZE3uT1NFAZ6igkBrWMKJYCXZt6vpbZtRl9Qp5K2x2N5V3ChOe1Qpwb40FjU4_UhbkBbiqr5N2R_RfGS8JH5hDDn09LEZojC6YHq_YCc0B8QwlFfiThYCE1QvHpAUJ-Yk1HDVJ2tNW_y04CXwMheBCMB90c2SmyLY6w59G8vKOLk-CHrn7dfL6uaECsNcdieFB_pb3N66tjGd38-dS3DCULT7xZMAxhdZoBgrmehUX2F3dvP6t9snKXc8QrUUkeogFzOpVOCdJKUMwsZLgJjXMfq_psFc3gtbQEGi_n7nH-kHkigntSgaieblXuVzqV0UGCJr3pcEsCt5I2kWGZmUiUhEOLLBApK2vvDl8WgOkGmyIQmVEUa-UDp5XoJeZ8n-8ZVlPbFUg4CFuvCBserjD1b-WTOYgam1ufRRImo0OlsAVDNkZBsc-3SJ-jMhwhukhnE4AycHlB3o5inVRUWvjWckrTetL3d5ivj6rwI6sLQEZXnpBIwDZDTbMnCNFuaMaPT3q1l1MxSRncvF4xolSQraCjjAdpLVtfNM1bBC_1c_3a0z97OlhDFOM9sppnCqWIXdwcNKdj1B4dVdMUescRrVgy; idsrv.externalC2=itwDrb9gl1M-n3C7g2jDsd14QExwuobv7FJ8mLc6vQnIOKN1p8E33i6TG-Q86TURuAZoZFddajjj55UpDN6Nw0gGHaSYfFMc6OGT5gpLw7ifukx-SAnO-iethScz1RHRZARj-B0yXI492eeATJk12pIeY4_8NLD-8W2Xu9Pr60USBY21IANvV5mBdsYjiwciVNnyMADN2fI01dR3y7ukwHhQwfAdtly1PhZenbJ6AY0XpHkz3F5_5hIXZhpMX-0B-PPTpYFk38BO1R74HeQEV1L7K2q2tNGnSGoffYCPDNroOyYiyoELUHkcmaClg6sjXtKmqELaGyc2egXkeQQWX7uzpcLUw41DoidS2UnMVrJNUje4BFuOPOhQZdN9j3rxaD6ByZfMdhEotK1uvaa8F4e4rfGqTU5v-s9LB9u74Q8rLqZMGI0aKME3z4ocQ6xq8k3RLYHQ6jWoZRs_qDtl0TTY8odi83S5qNrW9j2BIV0418jJYNr1GHYT1FTKxuoYk-nib9Lw6-JuOybddLQXd5bvZQwVkoT5SM071yRIsFZ8W2cqiBCCRGUIGVDuVCw96cQ_07y2WsE2rew2i24fkXSv0Kf1VGSyT3Fhbbewa9sLL6uomo5v6QGn86nSTdP7m9pr3XTUrGWzgYMLBHjDu2vvpJBCuScK2uJqmo47rffaXLPcDAfnos_NY0QdfqQnBoC90I1K2FH0WC9xKmN-u9WjJrbxi9UCjBIljJNCgOW_RqdJo-M4_Q3CA3w6h6AQD0mRO_6D4Ih8hR62PJWBkcoYv9eSOpmNucNy8qUy_L0F_0js0szihJUZRlOyDzoAToS9KoR2xbPh9cZ1esU0A2ZELE0WchwxhqayilmRxwf-YW5iJCwvkXZPjp6W9FcSclYjODsQLaeK91Q3c8iQadoxxpaChmBFZlrQQvwuxdfq_M169ll96wR948rE4hhz3qu4CblYtaXMjY24PStOX0YIxElH2x1w2FOYfGEUaBX-NG9bPqj7eJCTXilExPoYuZea1E42w12zHGech6AXNGWDZ5Uc8IexlMQbxvueq3rJBCd0pG8IsxyOg_ZMDmeI3CjJ9zhQCU1uWnTYKPpW7urxpx84oQIBgnbbIQpHUrFmWHwwXMXxJGG1dVdUmg1cSCuFKoVJb0uufsgm5M76NpkUUOS9nENV-1SrXeL-sQ8YlIn7KgFOtMIRpAQzG9BK3IgFEAehRoIL52A_CsYUcEEi6a7Q5SpLFVxxGCu9bt3VarAgQi61CuoQq5s2B77A30zGKf7eCFDbX4h2oak_B9LWCISL04MOyptLthiyDwSDymBNCWHLkBKbGjAUcsfnI_u_9-K-O-T-qU9Rc8WixJMtj3rjA81hedFS9cxMaQ3yqN2RMqXxvxcnnLbWhd-8kgQI5EgL5Pd4evNHg99dJpiNb-HdaICRR_sL-HMTDwuLNxkpCIXlt2iKh5f0AYvyO7-ACzXAmOs-Xj9GVCzszubsk4rZLvVI6epq2sW95UvMtLlXBc6GKYVmwc0RQ1D5yDcUaB7ktmExSQJCC0HyrQZlPD15sjysuaIjgoQ2eyiirYu9uLJEt609N-Aqeuz9ZThGL080viiBF0FoiqL7twNAIAue7rEnCf1sTxkT5aL7O17V71pLzd6s_DJe-JjC7zKa5ePGmubnPoiRUq1WUNbe25BLQJvN_TXx5_2OWfzX7yC8nnCe_icrNO1W_boKRaJJ9EOVa8iHJIRo1QxSGsbYMHV-Fghng-7klfIZWcsuMgx_YJEmTS7clsFKG4kjVEjxQ9VOcVzjjtx4sfuelkEuqdr7cMwbJneRwoiLsIGVPMxSZphdgHb_mn3Hm6Nbb07EibbRIl-Y96fPZCqDGhq1R6DONprDwXJ305kvEspHeQayWiwXOoGg6XQJNtMf9aBrPc3ocQWvTjoRQj6GmpqyEXODhVYuePHiEmqh8XAVdLuIEFra6INZYmev4h8eWMKX3cle2WivccXEe3e5X175Vg1Yi23uw7lOu5o0_-G68; idsrv.session=5d538478b846f725df5730950f1b193e; .AspNetCore.Identity.Application=CfDJ8FAKJpEizERFtUzdjBClgcuzBhZapY0SD1xUXzkYKZkMtNPoKqAHaazwGG1emedx9wANpFRdcXHJZP1p0U16AtdNF1znCOUH5klPydD7Z3Vj0XCcP5mhEu-2wSORtyoXwrHqJ7Wc_Ev_YlRxZ9dJnfhv_6riIa0Zcpgh7tkRCPGHQH4uSu_1ry7rD5ap94dhITHG8l2BGNSr8WjvafnkKbjsYXtW3Aksz1KT9pK8lkqwCDS9anbBckbhnpm9aWsnxm21uDdTAB1f7gOM6HUA3DCSBbNng0STe46j4A107hbKAvyColOMu4I8GJp4wQFBMTaWzwSrPnDSzFxJD4ORR7H-8GuqGkx3hT4cfu-InVlYIWHNHeSardTZU-z0LyGSBJvmRA0pLyy2Ejr1lbAdxSfMrwCjcwkXThUfi_YHycw1mL8NKlVieUKbQ5hXuG-oB9cRCO-5Hu-m4mXQ64EXIrbC5hxfHkk0QY9Gfxf2uELCvXqs8HOGna_ENR6aZF7XVdfl-xeRW3CXd_szV7K-ezgdv-3JeOo0x43iJ_voHQt-INoXjkP_5Vy1PJLjxzdiqwrX6xjn7fifbXotMe8Y-EyFdeyu8DWAm6zqYKvq3jy9wM7sLclqRV9KUN7T8H2YsiFLhrERi_16MM_i_rLpJja2ElVPcbWRAUUWEuwion8HSlrwenmiQ8L3FwMKz5ikEcnsY80O8rFYnSa3CV3cs3zQbABzSWkEKqOWAuDLCK2qdg_BaLWoiTg9XB7TjKhq1JtZJpx6oX-QuK_YGwuGQuMISELOMWNNO3mTJvvgkmFOZlkJ2O5F7HO0Dwm8XBjcAy3OdFLWia4nhOJRDcVpBESO1tSuff_BHhP1TIWKvNPEU-tOOWi6NTjLUNSKxStvjxe57oJO6qKJEfjNdePypL4uOx-Oak6jgPtbGKqLAyfarF0pflvQzXWViHs_u9U3F-rHEnTK26BgLl-MusTEyVakEvBU7kvEmPUknsxVVpimQSPg-HtpCmJTNX7KhsWQC6VLYbyEW82Z7DSPmQ9v6vP0D3E-t5SeoLC4-6l_bMSGYucRKukC07cy1BxwUlwvOWOg49Dp3AaCOnJGPZkw-LAW9-SEp7FSaeWyw8IYEJV1itTnPpJF7RAj6xbo_hQPmUWqBErWrN4oZbQ4sGxr6vs5fR-5vnKnW7x2eTSalY5u74fc3VSmOO-Bm5fYueSZ2aJvw6GLXCiPoj_Qqx6zO92mbsaAwq2BBWbQH5ASJ-QkLfHYlTYGjze1Hqy-0uaX5RY7xD93C4n064lbLLcVZXfyB_P1Op6GDE1azeIX6Zwg8L9MfBlcDiSGzMniDjGWqkFCWu-Jt5qYQApuNVrqLTXHRRc8zOroxaCj9egy2zoHbBNo2-8cMvIKx_hfNhdm1kbB_lee8HCRibID3wIpdnO3YHHstznx9qVTcwLqZo1tIXMxlyFxdpHnwMhPsbLn42gcFrc2YiISu99How2P0sCH3HQ3owjbLffvV1UtB7fouwryZUHIo_QkhjucGvf22DKkb-oakiO22BIIgpJntGmi9eRn2vm2MgJo5LgZ9NX4L687XqQt_iayXmhikzr3qSyZ7BfTMF3US5oUYeDfP1yz76eVX5nelXa4NFaf2FX_5LW5GkADOYMuRbcWwkhqnCMSiHUp39AGQC9PGFRaClQUISQKwfWGlByNrRXfudXEf6LXfT_qTDouHNu1qWcGe4yQ0tVV6uBOr77b78_xs3mcjmcNPN6-4cES_rYhDiaSdwKRUbBu_eUJTL90aYUdLaDWrPGjoD67lVKdnas3Nxf-4bi1JeT0XfYdNHPhkxNlIsQvu9ovtlggaKxKUup9PQ0CH-krXbct4C6NXxnA5Ytd9rIbCHxu9ztdob6yhBRmo9qy4h7qRIxfxfMeY_nUB0HGf9lCtet1CFS8mxbkMC6h_lqLBHbtcxmliYlNBbDIS7YjDUXEFJt0axEHTfToxqOqtJth_mqPrbJGru-LUmsNn7A3n7GaVDQ0fEB7r92Wqjt1DqwNlKsgBiWzFxHPOif5DABGnOZ6EyNjDbVF_CO7HnpfRt57qGc2262LMKjSJB05kwPlufHXYHBmO1hIlTikYJ_jsqc4QYppffclkK2U2fWgv9xnnmTVlmjNNxJSIw565MXf8lnCeZuMyZTVbyndpnaSiQ-4zTTv1jb-3rcC5BEE1M6J4c4n4lO1R7XivZvHifZagMGa3T-EEVapMY7rDSGGU7fUeqdzHSe0nhc7QNBrZ8C3LfGlz5eYVYvm1oRLASXdhUOPGgU9shk_iEqYlzdTVo5ely5_O5cUBJ3JiLhxDJOWdWPsoLsVjmRo6PCqqXwm32XVI7DS_MbpJBZyrKOm2YXwpMnC8WFRC26VttbpNHVXIJ28AZyVvXD2t7js8EMN0GXQrtCD05hRKrDXQtquyer_Xrw9j_FkLqb9-X78bLQ7pjRx2SHGns3LiiRoPVd7TUiPgCJ46LgeDcHiRwMlyfTyzobtGXJa6qofQerRRoiKz_29jnStY9wDmZjpTVi63fB23TBJYvfFO6RPOs0b8CCJIyTMqja6ZFLVBXx0ZY0xd8b4W-szLt4n_j2MxqwzpljN8Xc5N2FZlNyFAdXWk6T31a_sI6_I-enWIeO3BjlExvuDQC-Tt9wR8PJlLThRvT_qxJbQpe3xsQ
HTTP/1.1 400 Bad Request Connection: close
This is what I see in the browser
回答1:
As you already find out the exact problem is of header limit and solve it by limiting cookie size but limiting cookie size may not be a solution everytime.Main reason behind why angular doesn't accept large header data is bcs angular use node serve webpack-dev-server and there is limit on header size in node js you can find related issue bellow
ng serve fails to serve pages when large cookies are present
400 Bad request due to Node limiting header size to 8kB
Update npm run to fix hpe_header_overflow in recent nodejs versions
Make HTTP_MAX_HEADER_SIZE configurable
So instead of using ng serve using command
node --max-http-header-size=16385 ./node_modules/@angular/cli/bin/ng serve
should be the solution to your problem
回答2:
For some reason Angular do not accept that much data(Cookie) as part of Header. Though this works with JS client, I am not sure why this happens with Angular.
During initial phase of development, for some reason, I have commented out the following lines in Account/ExternalController.cs of IdentityServer
// delete temporary cookie used during external authentication
await HttpContext.SignOutAsync(IdentityServer4.IdentityServerConstants.ExternalCookieAuthenticationScheme);
When this line is commented out, there will be additional Cookie that will be posted to Angular during the call back.
Uncommented the above line will delete the temporary Cookie and there will be less header data during the call back and it invokes the respective Angular call back component and sets the bearer token.
Clarifications Required
- If someone can share why Angular isn't accepting large header data while it works perfectly with JS client.
- Though Angular says Bad request, I was not able to find from where(which layer in Angular) this error occur is thrown. I did not even see a single line of error from which I could get some hint on reason for the error(large header data)
If some expert could share their experience on the above couple of points, it will be really helpful to understand how Angular works.
If for any reason, you cannot limit the header size, then increase the node's --max-http-header-size. Kindly refer https://stackoverflow.com/a/57667786/2922388 on how to do it.
回答3:
Just try with few fixes.
First - RedirectUris seems suspicious, since it contains more than one value, - according to the http://docs.identityserver.io/en/latest/topics/clients.html - declaring this as a List<string> could be the source of the issues.
Next, following the example of server side config https://github.com/IdentityServer/IdentityServer4.Demo/blob/master/src/IdentityServer4Demo/Config.cs
new Client
{
...
RequireClientSecret = false,
RequireConsent = false,
AllowedGrantTypes = GrantTypes.Code,
AllowedScopes = { "openid", "profile", "email", "api" },
AllowOfflineAccess = true,
RefreshTokenUsage = TokenUsage.ReUse
}
Let's assume that AllowedScopes should include mandatory email scope,
then GetIdentityResources() needs last fix:
public static IEnumerable<IdentityResource> GetIdentityResources()
{
return new List<IdentityResource>
{
new IdentityResources.OpenId(),
new IdentityResources.Profile(),
new IdentityResources.Email(),
};
}
Since SPA code is out of scope here, for proper flow implementation please follow the examples:
https://github.com/IdentityServer/IdentityServer4.Demo/,
回答4:
Perhaps you mixed something up in routes or redirect_url configuration?
Based on configuration of the client and server you posted, redirect_url should be:
http://localhost:4200/auth-callback`
Yet, in the screenshot path is /call-back, not /auth-callback.
I would check if configurations (client and server) and Angular router all have same path /auth-callback configured.
来源:https://stackoverflow.com/questions/57552543/identityserver-external-auth-provider-auth-callback-redirection-400-bad-re