Menu
Identity Server 4 redirects to the AccountController for login, once the user is validated the HttpContext.SignInAsync method is called and then a Redirect to the ReturnUrl is performed.
However, in some cases there is an internal server error that needs to be sent back to the original client instead of being displayed to the end user in a View. In this case, I would like to issue a standard OAuth2 error response but I don't see a way of doing this.
Update:
I've added more information. This part of the OAuth 2.0 spec is what I'm referring to. Can Identity Server do this or do I have to manually build the URL from the RedirectUri.
An example of the RedirectUri based on this spec would be this:
For example, the authorization server redirects the user-agent by sending the following HTTP response:
HTTP/1.1 302 Found
Location: https://client.example.com/cb?error=access_denied&state=xyz
Section 4.1.2.1 of the OAuth 2.0 spec states:
If the request fails due to a missing, invalid, or mismatching
redirection URI, or if the client identifier is missing or invalid,
the authorization server SHOULD inform the resource owner of the
error and MUST NOT automatically redirect the user-agent to the
invalid redirection URI.
If the resource owner denies the access request or if the request
fails for reasons other than a missing or invalid redirection URI,
the authorization server informs the client by adding the following
parameters to the fragment component of the redirection URI using the
"application/x-www-form-urlencoded" format.
429
When a user tries to login after the session id is expired, the system throws the OAuth error. Solution: Typically, clearing the browser or device cache fixes the problem.
Callback URL. A callback URL is the URL that is invoked after OAuth authorization for the consumer (connected app). In some contexts, the URL must be a real URL that the client's web browser is redirected to.
Advertisements. Access token is a type of token that is assigned by the authorization server. The authorization server issues the access token if the access token request is valid and authorized.
When you initiate an implicit or token auth flow, you provide a redirect URI with that request. After the user authenticates successfully, they will be redirected to the provided redirect URI, provided it exactly matches one of the redirect URIs configured on the oauth client.
It is not possible, this is intended by design of Identity Server 4.
If you check source code https://github.com/IdentityServer/IdentityServer4/blob/master/src/IdentityServer4/src/Validation/Default/AuthorizeRequestValidator.cs#L146 you will find:
//////////////////////////////////////////////////////////
// check for valid client
//////////////////////////////////////////////////////////
var client = await _clients.FindEnabledClientByIdAsync(request.ClientId);
if (client == null)
{
LogError("Unknown client or not enabled", request.ClientId, request);
return Invalid(request, OidcConstants.AuthorizeErrors.UnauthorizedClient, "Unknown client or client not enabled");
}
This was inspired by this answer question.
191
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
