IdentityServer External auth provider - auth-callback - Redirection - 400 Bad request

爷,独闯天下 提交于 2021-02-17 19:20:50

问题


I am following https://www.scottbrady91.com/Angular/SPA-Authentiction-using-OpenID-Connect-Angular-CLI-and-oidc-client and https://www.scottbrady91.com/Angular/Migrating-oidc-client-js-to-use-the-OpenID-Connect-Authorization-Code-Flow-and-PKCE to implement OIDC in SPA(Angular)

I am using aspboilerplate integrated IdentityServer

I've set up everything as per the above articles and I was able to navigate to external auth provider and was also able to enter the required credentials.

While redirecting to angular I am getting 400 - Bad request. Here are the details

Call back URL :

http://localhost:4200/auth-callback?code=b74f38054d4becadaa3c45ce58a83c892e0d25e7fc4bfcc1ef29ce369b477596&scope=openid%20profile%20api1&state=18af0415b22b4614882d3e31113e2717&session_state=yP4rCdCetarKTsX6X0JXYTeV_1Xo8dud9V2FnT-14QE.db913b7a39e26220d8ac07de5a523eb2

Cookies : Request sent 9095 bytes of Cookie data:

    .AspNetCore.Antiforgery.xkdte50z5pg=CfDJ8FAKJpEizERFtUzdjBClgctpGC-BWtg81DZ33kUapCDBb84U7ILfbqhExQzI3oVOWReKh72cV8hdROZcCh6wK7tbwl14PnWzNIECZGxyYx-K3MINQnZEp3cp-Ury1Z4KaRHs7mqvmf6oc30h6Q-oFxI
    idsrv.external=chunks-2
    idsrv.externalC1=CfDJ8FAKJpEizERFtUzdjBClgcum3jNb_Pj5sm5cfWLtKGcBqkU1VIUHlMdupOgnYwqTNw3bjxOoeVbCR1YR9y6Y2Q6zZvxX2juNv1iiUTwVIcTAG99R0QU8Ki1EJ8uOvaVN-BgUFNXYzcrct69nxfTGj5Ay2wL18-ziLczxnqurAbgTVkgyZs6IWHgtbOwyoyJb3klbQUkt4nmNZbwNSzeYknhDq7ohwEqeva51TIw73lciD2bJpJZnxUFx9eRI7FiJcf6qM3iYzvQ9R1-IRAmTleGEul_KY0eEcf8srxjPDgCRvj_Chy14N0rJdvWvrgio2yfdKTiCam2y-xPporU1oBOupt4zuaKsnPlHzzY9NksO_Gp7TTXJi91d3P2rl9FtBbQVQQDgpuNlwKO_WWIbd_nvcns647_0Cm0-mXiPecFrCC_plifOJ3ZRQHDYd-_ykOR_8WtGVYNigh0LPn4WxHoWJujUneRVaF_ootP4I1-uzcP6oDtTdxzCBgQpsujS_gRsHzZQ4S_EUX90R_BNEfWpg9Z5je0sT4Rma_tBeDBTCtqaZEKng_n4ybbn8xZc0dwuuGsVjYDSLXXoHLhQ55MalqJmRITH2mBNl89on3l2Y_e3_N-T_ScBJOS6HUHhTbKgiA2-R3XP5T_Gd0Fbmhpyrb4uqRJDybQb3muaKwYAJg51PSoiicA927KTcfiVPUzHY7YoENJ8MqBHkonvpjw9QtrWCgn0t4wTgrj_jIkIg9VmIZFReWGDiIw1cQnvA8u0lnPdxXl0D0ywm1eKCcvliHuFiT4KM2nKhUtlg75X5w5AYBFRb8ocx6Gx4zNEuV6cXzsx0-PVkbm7DllcMu3gMchpk47rDrIUjTDqlSjnlM1JaRWbrxXAui5tvZwOdAlI3e3__RIu-hdSJNO_ZgvPkLRUBiv0weNmsUWPjLzSjP8RVj-fWWCj1DuXSeUKcWTeEiXu019Klco48i1eUKB-vqLsUZHWAc8E02A8xF3kyz8OXOIam4tOlBD03-CgUK8zf0ahdtFegsXspJ75Z7Swml8CHpPkHrdZvGrryd-UbRipNpejtde1B9-WnLhpLQjXYCZdCOFndeg9CG1L9uBpaAU9pOB-AzmLqNIa1zi5qS0h9YqlL4wHGnK0iDlSmmK9kpZuTUS2nSEqs9hDwew1asxl7LPF1sMJyhjfDBAOmcHV4kZA_E6w0Y8_JQC4vu8Oda7vVoApvolhhHPqXpmmwbHxwxv1HjmC1UBdGUOJyn1rX6ASFJnEu1mmgqD1mgXizbmPzJd_KzRUkd5F7M0DcTBX3U3_p337g3QG5WJlBE5v_2JBlh6s-G5Lxs7UNXwcEigg6amJEgcIejNKXRbynJ-IKE41kd9PvXeG29d9B27Y37LPQu0xVaH7C7Z46pkASHZVrcPGLOoN0gHBTNwGaDUfca8Sb2bq3umhNjzK5uNxLaEZErCmjQQzUidKHcbWyuHC0ht0X1phOJv6hMTiUroYVaTP-ma_B350Z0euJq4atEPu59-Redz56aYtuKBW13axJs8qtsvXolwkGGboHzB-gj8PjDrT-iHGVMnoXVLkkOM_nYzfY5PwnaSWUdPtXnI6hxTlJomU5Bvhm-7TKLfB4bl3Fel4MM0QdrTQJz28FBTVFizzdksoPB4N_3jfSZsR373mN0wdtqpEjmKNUvGnVNX5wTc_3oMTO0cprxSVXwUK23phkomKHUYMZ8i11Z7T1mZHx5Yci1CMp-mHqTD-fBbmSK7YYvwtsSLeeI7u4cH-IYRl_3YQtxrFLwqTOzWllcz_JgbvwNXPYirLj0EVqGwttipg8QIuNyJIaPAnovTpJVI15ioJKfS9F9xlx-JVETbgxK3Py259pbTu8r-jHEZT0YdlItIZO-t5FM6hlTHAtQ2SuY8kdFQyBlUNZQPpw3ft6cz6mUt-2CcTdZ-xibkEdr7dEAZflSIrhL3Kt4lrdNalI5j68zG_0g9qfcXKTaqyMN0bawAzBfmaWAIp-u1KZb5vi6Kwf9ZEcNYF4fzHjHIOSNmySgiaYt2zH8EvbcJbTQmfBhuLOG6zBDU1-fDTK4-eBPkRJWEh4OTHm0jC8GV_N-80CrbUxjJUzoBWJXReu-sE00d4zBVHTHNJDlShXlyUPb_vqaGCJDFIlEEZUjyvAdwP0eOOeuhSz6jYicK9WwaZgsoLLsyeNZwLEOLftEBAax5ddoUdwe2kwxJ9eMZd_TE4YYzI9ZI37QAjzfhf573n8l2V--UEr-Kt6asTxzNvg1gK7doRns66W7KC6qnL_9ApLeoZ-hOX2QZ2J32D78mk5h4Dtv06lsNm4pBs8855PeZ7ygBu-p1edi1UjEWLzIxHxQ8YNNErP-U75HDgStXVRBY7CuXqz8RVc62Pjrj6z3Z98nV3KfcYJloq-Qejg1oSmFLgHrs5tTecL3caIopMy_MV0XRg6ly7cZtWq_8GQclQP_-6nTGy2ucN9ncj6sSjbFXxtKPV3bLAUm_JFtMfzzjR4TxP8s95zOiBwF5XXlLPu5QzBOoprI4Qf_XhmlTe8_1Z7X_HzCZSfWtgSDMEmcyOXxp4sPeKnh4U7o6ZlKukGz14F7gB94l0ZEHpbtOScRWb88o0fisHQv_G2Erslx3O5sGDMQG8G_W7d6IMBs1FFU1wcy8gmAznDbgFxtEPmXwdcoMY5MxliQQ8SrmREP_fU32jfGox5BiebA10BtQKjctJdnF_KPu3UzFuPGjFncCrpT74J3bR8O7BTUY175pOR2Vw4dtPCubHDeLHzFT8QWsPOO0CUS1kbtlooYbPS292E8lawWmYcFMcYsDq5x40NeX4-NVLuL0DvaqC_tgBLqvjDsrv6hQy6xQBoJt0PtfB-X0n38TCl9jwmpA3IiLR77FEAbpf0RRs4NB1_fIs9nSgK76JFPunxZ8jsgOW1ERNBTjgCaO72tct0l6rtrZAD35fu6KPBCFsofdoRpw5e5hxiq_Py2nYniCv6BkDLezt5wyYW83Zh8RJ1MQgZxNg3mJj0yvs0b3shdmxcjYZruCswCpcYHUCmqsTIjj4yQOHY15c8R50Asq4-eBuf3FhrIY7UWftvY3f3yL4IRQyX93oD0o1SCgpULpzR3dUAJD-QId3fHHbq-fC80Jqs09LP-HA9r7SutOSDpbcH-qD6ZDIVMddxGNOSyEVEN21fNPMUmVD-7u3-B9hmTrmb48HJLAQn9JjN7SdYjlNOoiyzwqZchnmWE3Twuro0S-GBryAqKdF7eQKpPqgtOks03JcXFERS0iRIJLZe3syjY39SZbhYMahkAc0D2TnJdUSxc-g85H_e0GobgE6R74fAwKeFDNrThwaULJBQTq0EWFikOMpZFzylfluw1M9U4ad-f53bYHPcvKFw8giZN6N-VM6qLrg3D3oU5169cXpmbRDeawreIOHvlVoIfhRZu7cSkARO0AGmL9XUrGivRNgMyDXRBIgIn_tbIPFvIrWkhgcZZZZP2t4YFzhn2MvKoHEFAfQHFFQ4jvCv-Waof19dRzbMSjS_Vz9qPzslbUjYATnIykQCeylOybDQKl5b6QVwmz9ioSl9OrJNFbzy9TDXSqjgCnefoHdZyVubpHSCADKJMB4FnLK5IdCFwcn2MSz_FuZzuCzDzR1B_WNTMuLQBR7Ks70uizUOJ8BKI7tuMO9nU9N6AQ7Preb_XRLVFJ31ISl5DvrQxyh__1Uet1IuT1vYrH4owFgaTnwOPRMPNxmnUTJRsbyEFdP6p6kQjV8zrId3qhBDIRMTfuOgT2n4awFqGbIM5DUnag003rbzpqD5zuL1RAlCfwyf2Yx0u0qY3es-zJV9CtlzU7X7YR-GBDSVJCKSqRRNg7YY-B2Y2E53Wudp6DDzVFuGs5G-XGJKzq3mru5h1CWaplCNgpDkdaRId-mfp1p2EP0vmoVkQnlkXqT0oJTsOBSTLKDrCfkniMbmKP_afqWS5jn6BmRDuFjEhdhl6Wa2GkMznTps_g9My
    idsrv.externalC2=TudWp3eg3iUDnXn_uBCELCcSM1M6cxDlaF2RtsIFq74WusG6xZaIXZi033_2psAUpYZ-rKCn-fR-0p9RsHfw4Tot6oTODOcVUeF61Q3Zw6yoXZp497mMT3u-RMB58Yai5pUSMJk1Ex_2H1ekLjks9_ngpns76ARB3dWi_gzblCLQ-zSujcPw7ksoBLlt2X_h4B3w6Y91lCyHkn77NcAKdTiVgRs4-nX33NEr7Rogr3p365AV9vrJqWIl-eP7I0Di4mQn-EUZAd6C1iqBA-Af0wp3Nm2OmJJr-dEoPpppha7wW0_3IGk4_O_0cZjv5e0-63ER0X3cB5ZoKzRarKkdNEm3uBgcexGLOWJyTL8ntrXfytxxC0iP4DiO-wSnydrD0r-k6F9iLd_-pSuz30MnHDAAXn0141EC7gLr-J1EFS3ou2b8ocjIjJUF9jZ_V9IfibMrI_K7o4e-Yk5uhvjIzOq_usu2LgDhLjLIYXYwX_lQPX-D_z9Apn5IfE6iaGpc2ziqocj2uDFEA_j2dKtJBiyRylBcv89BJfWcsNHLybiB1dVBSFeRmQx_Bi24Hv0fkjw-7FLIFnGHv0UM2t09zp6QL4T9K7ggxOZMWp1-l4yIfnJRBDOVzSUcJZLEmAzv-lFcppUOtvrUmERDHItWFI2IF56flIGH5bLv7FJBFCW8Ke4HcI70EiWwBSHvO6JionGOrXpsAmVGW3WbfVH-iTrepjmYeJpzsKJbjBWvtTOy4BjcxjUe7S0UZvrMIpulv-bH8EJhT-ZnSublufZBtnUa5AB8Eo746zPmoEBhFETx_kGMKtwG11Cj_awV2xlY4P7Teb1UsNYvncPHn7B0gPRq-e3MHeqo0O8GgKcnZb9rR96NpBsLqZ64D--9kbYengtKR25guD1lRRb2ijqkC4aCp7hD7ohE5RjggPoxo5wr8ZQA4-c2HT_uwlpe-QpyY_GdFErAW-eT0sSA0JljDVTsgFFt45CP2Hid2gqRX89-vgBVXjmV9rTZHocGEBg-PgQP0TGeGQMg6RWL9ryzsb0auFRBhiAPkyoPonTNKM_Uh2tSVXKZB27T-dAJRXF4qZ6sFzAgQsrJxphmucPUuFw1RnaFGSM3swf4A8JR6egRegMIHq2qci2uEUyQnfSTYLciNvur5OXXkfYCEb73KaYwzI1I32FUnJ3RsrQPSgS-RhNHSlrfHgf6DjAqa5VNk3u7c4RIreVTxI-ZiGjLJgxHxHUuSIyiKnClH1WrZBZ0yVupkmjcNd08jMbAEIUeP43tMg_Mwl9zjN6kGQdbDbRMNqGw6cIv7_6cCPcT0Uc5e8biHEYdLO6MPsCbH9bOEjVluRY76g8-CNQx188rxm_C1-qmxqbjGlHmebmtA9Gm4WR9RJ4ZBZkuMjMNn-rZv6fuVBtOUxzFUj0RZu4p5yhURxLRDh8OAAYj3gMd1TJ4qXrITd6Qa3VCnaCe9WHJgAEmfHjUiFulqTsv6NIFZiZfr4JysHSSk6qDAwdLDHEfb-XjM7EbS6h-2ehU1wLM6HvXv2PMpq05leZ30XYHpM0m-JGT4iOE-23jcEYba8kx8FpPAEvMaxllEMx-U6cXpaSY7gICbk08mrZJoRwqm1x14JsfWnS40NxypgaEm4Ofz32YP0gzg_96wwS5dPgEU56gS6iQLfdLwyuME7KLcVNGRs0fGDH7hsfBZk1FwBpOQO2o60dsxZTtIHqKnftVrn2fhoc2Q6Cpe3GKPHD3fIzga4_umSTZL_uQg_XTi_01IYRr5dSKQ1GwQVM6ELf1o5Un4YiCZ3qOpjioKWLapQwckdUrKjg95Lxlnq7TkkTlB2C33tjgo_UQ-CLxSYEGR78m0USywEfXi6N0LS2MaDmu0rNY_UweMs9EV0r_y2KqqLy_afFrn3IWn5XcmAaDhI59a_yRtkNYXMnKP3rexMYSdHSY10AVgPO88U-_5nelN5CX4zwNnJsyjD8sno59zEPq1UPvW5q72USgnt3wY4YWSPfkkhNBWr16pKSmTUkuaWtbcP9MQg0uwrHhlQAXcM
    idsrv.session=3a7192efc6a9690cb33226c0241d91be
    .AspNetCore.Identity.Application=CfDJ8FAKJpEizERFtUzdjBClgcva9BrL5NevHGMOeN3Y4e-BtNupVoy3JNq-gAf0-xVS97cU9-h7xQXpsv2zJP6nx5leh2DsRxN4uwXPrxiAoJgdfXyTFvhtATpLLRmWPEFnLSH1hD8BTV0U2b2kbBAFl_ny-27_-xoZdV72SVkJcrwAuWCZkNpMcBdGfmNMWXwyL1c8cz684o0oWicEyHvquOdHW_bBpkUrXSQK9b42pln40tPVBlYFLMEgMDKCwWGwYcR8_gx5P0dyobN1R0RHYXFXiwkFNWzz9ZsEpKk9wxWF_Hn7XDNuVV4IiLRwQiVm60njvg15gKUlxPpYQY-8C7oTRPsgZGvSqisVbSlF1EyoLsarDak_Yns21HEQY2AVGs2VxuPidNe6cRdjb5sIRuHUX8kDawttIu8MnrHyLRjaF94Zz-qrCpZfYiHOtfpu7VVg_7HBNusMBOy9xJQLXBftgPamYkCFhnXepQ34RJiM3-1yfQNibj-TaVvSHtt7_lyQdwcnX2MqjxyX3XI7uYqyYT6ela_qBg1C-bTYoiFbiqcv8C_dME9RsBdB_V7q0BtSPvgcHrG5lUJlvksAGyUzo0fQn9dzdEjKU86CaQ_XD349PPznjRe8Tk1E67XqI0CzPhB3RzV_sHdy4Ghfq7MP_WXvOy3hc0mH4TNN03AbB7_aHcIojeHVNh7cyfmcJ-9A6n0jCrSXHxEdf66jjc_VMgxk3nytS_g749s84jAajtxBGnXmqvAnqEYuZZgTAJFMaajq5rrxBU_X_W0DQbErZu3fQU6e_LYrJxAIcXfy4Qh-iynY1flPZBihr0S3qfOxUhrvpB64zq1b3fa9r5edByt9tgBm8KK-wC0b9JjF6kms3rn3YrJIJF00lUG8vZ_MfRr_fU3-e6rG7eQn6YTiQK2ZFfnEo_dzTegfDTJ2fez984jJzJFSC0s47rrb4N2ofoHpAqqqybEWW2UQtURvOU2d5CLRvo32RTI4EBD6bKbv4k92TBpOsZe09ipHmAO9cIBTNfCEkm7AYjv_ZvRrasb6kU7GcrNwRUx1k4fcmDnEeBZZgMbMjWzE6ieJ2miqxOiA3z2vuYcPTMB43vjKjqeAsn5juCx7l4Qo_zdE9UEqLlBSmEOA-UQsdg6m9Dz48QmW0XIxZ1WGVPz2Dbot4zVrgRNg5FzLpUwsvyd3IoLmjSCnvUxNDAXYN2zlUr2ToGVU6O2fYhjmJHRqTVepTebaZ-qjAzex07SR0Oo-LZq0780WKdKIiq5wNNFTVxN30tZuPcfPqd7CBIfZzlkMlyko_RUs18ZiZ8bQaiDLWSbLV-d6nNCO_TSDbLLWkr0gc6BW0ZM8G6BdCVCS6Pb5WlkVGuwejZ5QXSHjPEfqbr06_6FqnrcRts7irjDWnw1GpnT8jkSlwPnLFkcCndm90nWbQ-EKns1qEXQi-m31jdP7m3i83Fyc3pxpcgkTFi0cLfFc1hswdacpBCHPwyDikQ5mszondBiqCHDzZMy635jq8HHREfnJgDNUxkj1WOKnpwCFa6GLWsN1w_U8KpvTEpXM87PRTqIhZW6EfnLzZHuWGpuWCiEATDyyVvgJFIOxQeEHqfXDPPTxl0EuDYCC-9eaw6q0AcgNYbAqlXHWCgqcXshpI1qVu0aQRP_81UT9vk3orUZNZqD-WSA_GHRUTVMedpp-piqDEZ-q35V_NIzhrUwyflpCcTItrhy57-IJbHujRVosl8x6s2A9J_JytTK9y4lqfBe38h6dQtPNOdjhkA_ioWdvWn2KFVLtULnapFScWLm4ew-Gbrxfrmj68JzmsKUOKmm6i0o2Y0JMEg9gsExTh1K3Z_e_DCnfJl3XGgB6Q5rX_qzcvqwyldPn1xJyXealA5KCi38hqsI0wy5-LZhiIUt6PEQX_WNF5wiL9jkT_6-qVfUhlRB87tcqx6YHwdwlYUErsNkrRwZJQrtXxDJoZwEWYy31Ehpi2XVoKTksNGdvHbJcPtFBt7BactgMy6MRu0LVTI8XFhVaG-9LaiHAq9U3c2vblpNjdlBW0nrujZo5MaV5xroyrL3PxZ3j9oj3FzbtgcN_ys5J8FMdhTBAaN5V_YtAWpBH1kP527q_raw1wWdnIvLKQk9hsQJqdldZoKM6mZgyE5_lAWzLs1KN4xwD7Gbz3uQVoaIdIGGsW1iXhB6wJ7WeN9vD6kAJBiI9aHn_iJLmh-QPEWPdMntVipec4UXAACVXPX_QmOvFYxdVhSQp9tdmzpvAfVpQpsbrF29ro0olru0Aimv73wMp4UtIacGSu2T7rHfwkXJ05o9IDuUnjOC9oXMhxLvz_dBwjHeHt_B3BvBQ-XNSEQra0fD0MzJ3GBRqK1vUWRJQzaUmfZF5aE39az8qoRZBAYKFrAzqE8Y2IsEK6UhrJj4QuJ03l_skguhXuraLyH-IO6fnRqF5lZQgO81RIZKDvRlhNrcGJsM6yOotUXXTpVz9xjOtn1rMO1woO0up8kr16vlcRKp_TUh_VqDvV-AbY93ZYBUuvVUiLonGaOK7V3X7uqJGFsh0f27hy7CKYyjviPLo9eEs_oMsjh34cLEzDEPSZtgdqbv6_82ruVRA6S5wKWr6v3HluBVjJP7Q8iBJbLzFfl85ihIjj04hYZQmBUx0E0a646NVETdibYC7zcmdtGOUb045Nifb3A

IdentityServer Config :

public static class IdentityServerConfig
{
    public static IEnumerable<ApiResource> GetApiResources()
    {
        return new List<ApiResource>
        {
                  new ApiResource("api1", "My API")
        };
    }

    public static IEnumerable<IdentityResource> GetIdentityResources()
    {
        return new List<IdentityResource>
    {
        new IdentityResources.OpenId(),
        new IdentityResources.Profile()
    };
    }

    public static IEnumerable<Client> GetClients()
    {
        return new List<Client>
        {
             new Client
            {
                   ClientId = "angular_spa",
                    ClientName = "Angular 4 Client",
                    AllowedGrantTypes = GrantTypes.Code,
                    RequirePkce = true,
                    RequireClientSecret = false,
                    AllowedScopes = new List<string> {"openid", "profile", "api1"},
                    RedirectUris = new List<string> {"http://localhost:4200/auth-callback", "http://localhost:4200/silent-refresh.html"},
                    PostLogoutRedirectUris = new List<string> {"http://localhost:4200/"},
                    AllowedCorsOrigins = new List<string> {"http://localhost:4200"},
                    AllowAccessTokensViaBrowser = true
            }
        };
    }
}

Angular Configurations :

export function getClientSettings(): UserManagerSettings {
  return {
    authority: 'http://localhost:44380/',
    client_id: 'angular_spa',
    redirect_uri: 'http://localhost:4200/auth-callback',
    post_logout_redirect_uri: 'http://localhost:4200/',
    response_type: "code",
    scope: "openid profile api1",
    filterProtocolClaims: true,
    loadUserInfo: true
  };
}

Kindly let me know what could have gone wrong

Edit: What I've found so far is

  1. Even with another Angular oidc client angular-auth-oidc-client, I am stuck in the same error
  2. With JS client, (https://github.com/IdentityServer/IdentityServer4/tree/master/samples/Quickstarts/6_JavaScriptClient), it is working as expected. but since we have Angular as front end, I implemented the JS sample in Angular by including the required JS library and to my surprise, I am facing the same issue
  3. When I copied the URL and pasted in another browser, the call-back component is invoked. So it seems like there is something wrong in Header & Cookie. Here is the complete data of the request I took from Fiddler

    GET http://localhost:4200/call-back?code=7bc6c3d343067f2ede3ed86268e3622bb909cb8df5d75d2f223b335bd75b730c&scope=openid%20profile%20api1&state=86215491d41a4c3c83d52007edf372cd&session_state=ibjjr0YMpGp_UZ1ezmUMusoAIpht25ySKfq8hoCKHXQ.e7f8f959a82f09b830a9635911c0b9f3 HTTP/1.1

    Host: localhost:4200 Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36 Sec-Fetch-Mode: navigate Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Sec-Fetch-Site: none Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

    Cookie: .AspNetCore.Antiforgery.xkdte50z5pg=CfDJ8FAKJpEizERFtUzdjBClgcvmHhFjLJ4WDhku77bzpIxGI20-YRukepOXg6hGG4AUWzSGKXSWmy0Ie9tQFsXnWx0sUUlh0EAOij8y18d_96_-FVyCrPhtQ0JRtEXvhPXLxqum0sIJmwFD1116QRU-E5A; idsrv.external=chunks-2; idsrv.externalC1=CfDJ8FAKJpEizERFtUzdjBClgcvkhesBnoxqHY0OJtpFJrBLaBijCb1T5yLKQ6APxR0eu5fyn_vfdh5Xp9ttxF4vCwd0PFSJnuEMrqBjnECr2QVYHBFkGC67M6uo238PbjEP9Yo6HiCxRYuj6TbA9LjPQFikWTrz9dmo-8W2jWwbOoCInliwIrrvqrvtnpJ89JGlBv38DroF-EQYlf-Ut34JonFZ9MdSPibkMSx5jk-pVIND0iQziBAZF0uM8VYXBkZnRoCXX1QLiAac122PfxvfdTBlDbGob8fZ3LxTSeMLDxUtWsqjXbZkEt6yF_iQBWlaMhdFapnEsT-PZel1UblaLUKBl6iB9ruz3vIGoKtGTvA0gm0k2RWBqBD6aMsOjCrK_8Js_mW3G864tPidZ3cK3h5pAwlgz7spThU6u_dDr9O90T0xqSi1MIM1oJI4IZ4H9_FR2QPU5wqvLaTyWdM-Gdmlpkt4HdQYfzvnRufOQYkBU7jeumj0j9lLBS-mSw0P3-st8EHnDHdoR0e-JBSIZ_YkOb1BTcdzWoffC83umSsDfq3iHGQeeUyl5C3xYVsjb9ZWh_zVnisUQD7UPcO4lBWhyhgkhUorLBXUxft306BdZeIommcLGmB22u5x5uqVqoocFEQX73fFj22fYqbJXcOeJFMl9NUyUMS-BFA6F-n-5NxDGGyjtGsjdT7hOwVgAXd9wek-LElpEmWltIHFHf9C92qvuli0GqyCYM3UOFiHVUVcsKtTagr5SWwofTP8A-TNlAVFJYEduw1--eI0EPeCfveI2SpZn1U07yNtVP4Bjnltz_DhqJJFCFQvsnwgy7aiIFjHfBczWDiPWOE9hPZZQ4lluuI2hS435qn6uVrSXtyZF16S_hv3w2U0SawU6Mc8Qm7aaH8OpzA8a_U0jhrrtYuvvYnmPvmqrMw78GRMnrgqqCC3DQK1ghV56qUUHtU2HQPme2DyUztFYBjLLOO2VB1dMmbfFJVpJUbkj8EsXiXzsQ43fKO_JNmdcsyGjkVprwAvHVaMnaVWpXUUt3rS2feH5ZthiMCozYitq4W6dZkFeC6ZAbnzxwig6IUISraeGiV-02XbYyjz7nwMBFZionzmoz0z7MxJ72C49z_Rn0kBtOQKe0vQyIOqFizihJhqDdrnpxgCvrESo6EXefiS6D8zfNUnOT5w-vhQ7iMpRJ6f5rgVpg7T1IWljBA-wjUDB9Z5ihaUpsGrlQMZsrCSfUEpynNbEFZVUmr4dMpMSD3itPC4k2S4viB2lij7s6IHdJi96KNfe_lFm5VAP_URpKb12URyn0ozJZs4tVPnL-jvhXimDGxpd2W4VY9zdB-OiIoec4tjaTw4APJd-QdUykukW_W-lJ8nAW-8kDTDbzMMsFIFQ9MOGLF5ipMu1qlYwV5DRdfe6ClF1eiFfvFcffFon95v8KePeptjFzhXURrmN3orY0EX-0LTBpxtocqAT0ABT3aCcCHV0U9pziwCMY1mtlda62rVctIWpjBsKCRhb7Y8V2cwUDGILTmZQ2cUfJAOShATGsjVnmhFThyiFm6SQAB2dCFol2drISAkZBjPL3rE0Quv-yGeNVcz5-Hp6AtV3KQkdfntIVzjBbZxaAanz4iP-bVHmmnml7fLMWyvundtTuVm75wv_OXtzDGpWWkSAvAddUpYnuPdtqSoGZTgCtEbmBpf0Yx-JdOaB3yEi9zD-_BjdfdS7IFOjbDv55ti5AKs2GIwsW6mWO-5ScxBOebccC5ICxhoegyDdVtwQTdS2nHfA1FU8qdsWaFd2Waou9muvf9IqdnMcn7-bKECkcESaf6y0kvW3_OwyRamAu4fHbRVSgeU1F6nJDbh_9Wt1fWnDxN6hnhveEk_W2ggSWxy0hFxruIo5-Bg8cGSKtX419y1zeM2UlMZ83xrEbAbcuuTfkv_UFe_xjTreOLGUXyw5tKCxHI824hdAKXmbdBdO7rnw1GqrXttz2_6qnnxk3rHNOcwBRAypAq3ZfLYNqflcIFHbI6B48uXu772Xy1xAyTeXJ6Xc9riAs9O82dRKj9wn1dMeeF6UKwpKwZaEaHiEzBgwMeWmoPasX9Dvg0drLajEgxg1qL7PLCwz0hHK9m4t7j8vC_w-Wnumq5VUuhEKz-DcoquVZ_bC5o-yE70gOdxyU_Nx3W3Xz44Ni5WzkgO0ELEj8Gnw9WUuby55kNN5cGEcLX8-SCwWM21ooL_WS53wE2suEZDRmpb7K8DtVo7TbaD2zBnmiM8hoC-DIeVCb_qWlfdYVo9o35IogY7HFYYfKdsz4SPGKlIz-ptHdaCnSBTpTdtWrZomCwYq8iVT2dLWLeg10Ly7odj_SZmv9Hzral6WVATATi-FBSKs40wf64IY1QhjyC0xn1mfUZeGUQLAVlOT2AJ8gg7G5OG75do3jsklnhcvArIdwvuGWhrEHLJEHoypGfqNewU1rZixuxxqbFuoIro9DabF88HGXZMAHm4hOfNGBhNhuzKZ0dvxzHCLI-ysEutGgziIJzefizo6RxEam-mMEEuWaE9dfrMirL2-jeiWqWHhsfu57VPoSC4gdZH-BM700nbdW2cRCa0JpzUmk6tbJYoKWaP9M_EgZA-GaWk7DRM5-HA7TgTEeWOJid6EHUr4_ib9aMRGCul0MnTamb8DChq_2mPLv1FRIDTwe4dJT53lJXvJNIJgQDQAQ66ovMFLoyKvuBAKa3ApLmadojoA--USVFURPegzbtFkw8G3yjTutzEju0ln6rVNXyGxg3UHZ8fMJrIyfXcYaMeLG0PuhX_j5yC3QNH9vGFpkQj4JnkQP8npsq_AruH0btyIqo9DS25eF_hpaKKXgUcZoGGgHG-jtjmf-DPuHiYRgo28V_u3omeD3rGsRPskczbSrwYkHMP5ajAVze3-Zt9XOw46xi_mCxhLzc6-7dUWk8gviCZ-f2XmapJpuii4ZPrI_3vEoMDwdZ_BSuDRpuLIcvQfJ8mUlQWJ5l-f20_B8nRm2olzIKVIwPkMdf0L91Z2cNhYwYsvOFO87QaGrqCvW0EmKto69RFHHTNqOQv-gcvNHlxyj_JD3TLya5BYJj6e4ZnLTEiakVWXjfwwfS41naQ70HPlMgbv4LhMtlJekC50uUse16Nqd7EqHWaLvMUhXz0Twy1tp8UZOgbXiJlY3SnfNZXlADU40ACNX9ZM632WMLp_mGD9dpfXAOzqS1kJEYBWDrphsnFhz-3VImvXTowq5xl3cgTjavjaht19x88ACNQqu5QDtmeEYYYZu7aI7F__Ne6DP6cJ_mICZLTOB2tEhJCUPcWaM-yBS3k1hqqfbD-s3OFofPSO1nqwEdm49k_tBmP67DzsAv00Vh8cch_qY6BPRRQ_W-KPhz0HPnq6Z_PAGDvY2BJsLb7ZE3uT1NFAZ6igkBrWMKJYCXZt6vpbZtRl9Qp5K2x2N5V3ChOe1Qpwb40FjU4_UhbkBbiqr5N2R_RfGS8JH5hDDn09LEZojC6YHq_YCc0B8QwlFfiThYCE1QvHpAUJ-Yk1HDVJ2tNW_y04CXwMheBCMB90c2SmyLY6w59G8vKOLk-CHrn7dfL6uaECsNcdieFB_pb3N66tjGd38-dS3DCULT7xZMAxhdZoBgrmehUX2F3dvP6t9snKXc8QrUUkeogFzOpVOCdJKUMwsZLgJjXMfq_psFc3gtbQEGi_n7nH-kHkigntSgaieblXuVzqV0UGCJr3pcEsCt5I2kWGZmUiUhEOLLBApK2vvDl8WgOkGmyIQmVEUa-UDp5XoJeZ8n-8ZVlPbFUg4CFuvCBserjD1b-WTOYgam1ufRRImo0OlsAVDNkZBsc-3SJ-jMhwhukhnE4AycHlB3o5inVRUWvjWckrTetL3d5ivj6rwI6sLQEZXnpBIwDZDTbMnCNFuaMaPT3q1l1MxSRncvF4xolSQraCjjAdpLVtfNM1bBC_1c_3a0z97OlhDFOM9sppnCqWIXdwcNKdj1B4dVdMUescRrVgy; idsrv.externalC2=itwDrb9gl1M-n3C7g2jDsd14QExwuobv7FJ8mLc6vQnIOKN1p8E33i6TG-Q86TURuAZoZFddajjj55UpDN6Nw0gGHaSYfFMc6OGT5gpLw7ifukx-SAnO-iethScz1RHRZARj-B0yXI492eeATJk12pIeY4_8NLD-8W2Xu9Pr60USBY21IANvV5mBdsYjiwciVNnyMADN2fI01dR3y7ukwHhQwfAdtly1PhZenbJ6AY0XpHkz3F5_5hIXZhpMX-0B-PPTpYFk38BO1R74HeQEV1L7K2q2tNGnSGoffYCPDNroOyYiyoELUHkcmaClg6sjXtKmqELaGyc2egXkeQQWX7uzpcLUw41DoidS2UnMVrJNUje4BFuOPOhQZdN9j3rxaD6ByZfMdhEotK1uvaa8F4e4rfGqTU5v-s9LB9u74Q8rLqZMGI0aKME3z4ocQ6xq8k3RLYHQ6jWoZRs_qDtl0TTY8odi83S5qNrW9j2BIV0418jJYNr1GHYT1FTKxuoYk-nib9Lw6-JuOybddLQXd5bvZQwVkoT5SM071yRIsFZ8W2cqiBCCRGUIGVDuVCw96cQ_07y2WsE2rew2i24fkXSv0Kf1VGSyT3Fhbbewa9sLL6uomo5v6QGn86nSTdP7m9pr3XTUrGWzgYMLBHjDu2vvpJBCuScK2uJqmo47rffaXLPcDAfnos_NY0QdfqQnBoC90I1K2FH0WC9xKmN-u9WjJrbxi9UCjBIljJNCgOW_RqdJo-M4_Q3CA3w6h6AQD0mRO_6D4Ih8hR62PJWBkcoYv9eSOpmNucNy8qUy_L0F_0js0szihJUZRlOyDzoAToS9KoR2xbPh9cZ1esU0A2ZELE0WchwxhqayilmRxwf-YW5iJCwvkXZPjp6W9FcSclYjODsQLaeK91Q3c8iQadoxxpaChmBFZlrQQvwuxdfq_M169ll96wR948rE4hhz3qu4CblYtaXMjY24PStOX0YIxElH2x1w2FOYfGEUaBX-NG9bPqj7eJCTXilExPoYuZea1E42w12zHGech6AXNGWDZ5Uc8IexlMQbxvueq3rJBCd0pG8IsxyOg_ZMDmeI3CjJ9zhQCU1uWnTYKPpW7urxpx84oQIBgnbbIQpHUrFmWHwwXMXxJGG1dVdUmg1cSCuFKoVJb0uufsgm5M76NpkUUOS9nENV-1SrXeL-sQ8YlIn7KgFOtMIRpAQzG9BK3IgFEAehRoIL52A_CsYUcEEi6a7Q5SpLFVxxGCu9bt3VarAgQi61CuoQq5s2B77A30zGKf7eCFDbX4h2oak_B9LWCISL04MOyptLthiyDwSDymBNCWHLkBKbGjAUcsfnI_u_9-K-O-T-qU9Rc8WixJMtj3rjA81hedFS9cxMaQ3yqN2RMqXxvxcnnLbWhd-8kgQI5EgL5Pd4evNHg99dJpiNb-HdaICRR_sL-HMTDwuLNxkpCIXlt2iKh5f0AYvyO7-ACzXAmOs-Xj9GVCzszubsk4rZLvVI6epq2sW95UvMtLlXBc6GKYVmwc0RQ1D5yDcUaB7ktmExSQJCC0HyrQZlPD15sjysuaIjgoQ2eyiirYu9uLJEt609N-Aqeuz9ZThGL080viiBF0FoiqL7twNAIAue7rEnCf1sTxkT5aL7O17V71pLzd6s_DJe-JjC7zKa5ePGmubnPoiRUq1WUNbe25BLQJvN_TXx5_2OWfzX7yC8nnCe_icrNO1W_boKRaJJ9EOVa8iHJIRo1QxSGsbYMHV-Fghng-7klfIZWcsuMgx_YJEmTS7clsFKG4kjVEjxQ9VOcVzjjtx4sfuelkEuqdr7cMwbJneRwoiLsIGVPMxSZphdgHb_mn3Hm6Nbb07EibbRIl-Y96fPZCqDGhq1R6DONprDwXJ305kvEspHeQayWiwXOoGg6XQJNtMf9aBrPc3ocQWvTjoRQj6GmpqyEXODhVYuePHiEmqh8XAVdLuIEFra6INZYmev4h8eWMKX3cle2WivccXEe3e5X175Vg1Yi23uw7lOu5o0_-G68; idsrv.session=5d538478b846f725df5730950f1b193e; .AspNetCore.Identity.Application=CfDJ8FAKJpEizERFtUzdjBClgcuzBhZapY0SD1xUXzkYKZkMtNPoKqAHaazwGG1emedx9wANpFRdcXHJZP1p0U16AtdNF1znCOUH5klPydD7Z3Vj0XCcP5mhEu-2wSORtyoXwrHqJ7Wc_Ev_YlRxZ9dJnfhv_6riIa0Zcpgh7tkRCPGHQH4uSu_1ry7rD5ap94dhITHG8l2BGNSr8WjvafnkKbjsYXtW3Aksz1KT9pK8lkqwCDS9anbBckbhnpm9aWsnxm21uDdTAB1f7gOM6HUA3DCSBbNng0STe46j4A107hbKAvyColOMu4I8GJp4wQFBMTaWzwSrPnDSzFxJD4ORR7H-8GuqGkx3hT4cfu-InVlYIWHNHeSardTZU-z0LyGSBJvmRA0pLyy2Ejr1lbAdxSfMrwCjcwkXThUfi_YHycw1mL8NKlVieUKbQ5hXuG-oB9cRCO-5Hu-m4mXQ64EXIrbC5hxfHkk0QY9Gfxf2uELCvXqs8HOGna_ENR6aZF7XVdfl-xeRW3CXd_szV7K-ezgdv-3JeOo0x43iJ_voHQt-INoXjkP_5Vy1PJLjxzdiqwrX6xjn7fifbXotMe8Y-EyFdeyu8DWAm6zqYKvq3jy9wM7sLclqRV9KUN7T8H2YsiFLhrERi_16MM_i_rLpJja2ElVPcbWRAUUWEuwion8HSlrwenmiQ8L3FwMKz5ikEcnsY80O8rFYnSa3CV3cs3zQbABzSWkEKqOWAuDLCK2qdg_BaLWoiTg9XB7TjKhq1JtZJpx6oX-QuK_YGwuGQuMISELOMWNNO3mTJvvgkmFOZlkJ2O5F7HO0Dwm8XBjcAy3OdFLWia4nhOJRDcVpBESO1tSuff_BHhP1TIWKvNPEU-tOOWi6NTjLUNSKxStvjxe57oJO6qKJEfjNdePypL4uOx-Oak6jgPtbGKqLAyfarF0pflvQzXWViHs_u9U3F-rHEnTK26BgLl-MusTEyVakEvBU7kvEmPUknsxVVpimQSPg-HtpCmJTNX7KhsWQC6VLYbyEW82Z7DSPmQ9v6vP0D3E-t5SeoLC4-6l_bMSGYucRKukC07cy1BxwUlwvOWOg49Dp3AaCOnJGPZkw-LAW9-SEp7FSaeWyw8IYEJV1itTnPpJF7RAj6xbo_hQPmUWqBErWrN4oZbQ4sGxr6vs5fR-5vnKnW7x2eTSalY5u74fc3VSmOO-Bm5fYueSZ2aJvw6GLXCiPoj_Qqx6zO92mbsaAwq2BBWbQH5ASJ-QkLfHYlTYGjze1Hqy-0uaX5RY7xD93C4n064lbLLcVZXfyB_P1Op6GDE1azeIX6Zwg8L9MfBlcDiSGzMniDjGWqkFCWu-Jt5qYQApuNVrqLTXHRRc8zOroxaCj9egy2zoHbBNo2-8cMvIKx_hfNhdm1kbB_lee8HCRibID3wIpdnO3YHHstznx9qVTcwLqZo1tIXMxlyFxdpHnwMhPsbLn42gcFrc2YiISu99How2P0sCH3HQ3owjbLffvV1UtB7fouwryZUHIo_QkhjucGvf22DKkb-oakiO22BIIgpJntGmi9eRn2vm2MgJo5LgZ9NX4L687XqQt_iayXmhikzr3qSyZ7BfTMF3US5oUYeDfP1yz76eVX5nelXa4NFaf2FX_5LW5GkADOYMuRbcWwkhqnCMSiHUp39AGQC9PGFRaClQUISQKwfWGlByNrRXfudXEf6LXfT_qTDouHNu1qWcGe4yQ0tVV6uBOr77b78_xs3mcjmcNPN6-4cES_rYhDiaSdwKRUbBu_eUJTL90aYUdLaDWrPGjoD67lVKdnas3Nxf-4bi1JeT0XfYdNHPhkxNlIsQvu9ovtlggaKxKUup9PQ0CH-krXbct4C6NXxnA5Ytd9rIbCHxu9ztdob6yhBRmo9qy4h7qRIxfxfMeY_nUB0HGf9lCtet1CFS8mxbkMC6h_lqLBHbtcxmliYlNBbDIS7YjDUXEFJt0axEHTfToxqOqtJth_mqPrbJGru-LUmsNn7A3n7GaVDQ0fEB7r92Wqjt1DqwNlKsgBiWzFxHPOif5DABGnOZ6EyNjDbVF_CO7HnpfRt57qGc2262LMKjSJB05kwPlufHXYHBmO1hIlTikYJ_jsqc4QYppffclkK2U2fWgv9xnnmTVlmjNNxJSIw565MXf8lnCeZuMyZTVbyndpnaSiQ-4zTTv1jb-3rcC5BEE1M6J4c4n4lO1R7XivZvHifZagMGa3T-EEVapMY7rDSGGU7fUeqdzHSe0nhc7QNBrZ8C3LfGlz5eYVYvm1oRLASXdhUOPGgU9shk_iEqYlzdTVo5ely5_O5cUBJ3JiLhxDJOWdWPsoLsVjmRo6PCqqXwm32XVI7DS_MbpJBZyrKOm2YXwpMnC8WFRC26VttbpNHVXIJ28AZyVvXD2t7js8EMN0GXQrtCD05hRKrDXQtquyer_Xrw9j_FkLqb9-X78bLQ7pjRx2SHGns3LiiRoPVd7TUiPgCJ46LgeDcHiRwMlyfTyzobtGXJa6qofQerRRoiKz_29jnStY9wDmZjpTVi63fB23TBJYvfFO6RPOs0b8CCJIyTMqja6ZFLVBXx0ZY0xd8b4W-szLt4n_j2MxqwzpljN8Xc5N2FZlNyFAdXWk6T31a_sI6_I-enWIeO3BjlExvuDQC-Tt9wR8PJlLThRvT_qxJbQpe3xsQ

    HTTP/1.1 400 Bad Request Connection: close

This is what I see in the browser


回答1:


As you already find out the exact problem is of header limit and solve it by limiting cookie size but limiting cookie size may not be a solution everytime.Main reason behind why angular doesn't accept large header data is bcs angular use node serve webpack-dev-server and there is limit on header size in node js you can find related issue bellow

ng serve fails to serve pages when large cookies are present

400 Bad request due to Node limiting header size to 8kB

Update npm run to fix hpe_header_overflow in recent nodejs versions

Make HTTP_MAX_HEADER_SIZE configurable

So instead of using ng serve using command

node --max-http-header-size=16385 ./node_modules/@angular/cli/bin/ng serve

should be the solution to your problem




回答2:


For some reason Angular do not accept that much data(Cookie) as part of Header. Though this works with JS client, I am not sure why this happens with Angular.

During initial phase of development, for some reason, I have commented out the following lines in Account/ExternalController.cs of IdentityServer

// delete temporary cookie used during external authentication
await HttpContext.SignOutAsync(IdentityServer4.IdentityServerConstants.ExternalCookieAuthenticationScheme);

When this line is commented out, there will be additional Cookie that will be posted to Angular during the call back.

Uncommented the above line will delete the temporary Cookie and there will be less header data during the call back and it invokes the respective Angular call back component and sets the bearer token.

Clarifications Required

  1. If someone can share why Angular isn't accepting large header data while it works perfectly with JS client.
  2. Though Angular says Bad request, I was not able to find from where(which layer in Angular) this error occur is thrown. I did not even see a single line of error from which I could get some hint on reason for the error(large header data)

If some expert could share their experience on the above couple of points, it will be really helpful to understand how Angular works.

If for any reason, you cannot limit the header size, then increase the node's --max-http-header-size. Kindly refer https://stackoverflow.com/a/57667786/2922388 on how to do it.




回答3:


Just try with few fixes. First - RedirectUris seems suspicious, since it contains more than one value, - according to the http://docs.identityserver.io/en/latest/topics/clients.html - declaring this as a List<string> could be the source of the issues.

Next, following the example of server side config https://github.com/IdentityServer/IdentityServer4.Demo/blob/master/src/IdentityServer4Demo/Config.cs

    new Client
    {
       ...
        RequireClientSecret = false,
        RequireConsent = false,

        AllowedGrantTypes = GrantTypes.Code,
        AllowedScopes = { "openid", "profile", "email", "api" },

        AllowOfflineAccess = true,
        RefreshTokenUsage = TokenUsage.ReUse

    }

Let's assume that AllowedScopes should include mandatory email scope, then GetIdentityResources() needs last fix:

    public static IEnumerable<IdentityResource> GetIdentityResources()
    {
        return new List<IdentityResource>
        {
            new IdentityResources.OpenId(),
            new IdentityResources.Profile(),
            new IdentityResources.Email(),
        };
    }

Since SPA code is out of scope here, for proper flow implementation please follow the examples:

https://github.com/IdentityServer/IdentityServer4.Demo/,




回答4:


Perhaps you mixed something up in routes or redirect_url configuration?

Based on configuration of the client and server you posted, redirect_url should be:

http://localhost:4200/auth-callback`

Yet, in the screenshot path is /call-back, not /auth-callback.

I would check if configurations (client and server) and Angular router all have same path /auth-callback configured.



来源:https://stackoverflow.com/questions/57552543/identityserver-external-auth-provider-auth-callback-redirection-400-bad-re

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!