Identity server registration doesn't redirect back to React app

Question

I have an ASP.NET Core backend with a React frontend hosted in different origins.

The ASP.NET core backend is configured to use the inbuilt identity server:

// Startup
public void ConfigureServices(IServiceCollection services)
{
  ...
  services.AddIdentityServer()
    .AddApiAuthorization<ApplicationUser, ApplicationDbContext>();
  ...
}

I have added the OidcConfigurationController that the identity server expects:

public class OidcConfigurationController : Controller
{
    public OidcConfigurationController(IClientRequestParametersProvider clientRequestParametersProvider)
    {
        ClientRequestParametersProvider = clientRequestParametersProvider;
    }

    public IClientRequestParametersProvider ClientRequestParametersProvider { get; }

    [HttpGet("_configuration/{clientId}")]
    public IActionResult GetClientRequestParameters([FromRoute]string clientId)
    {
        var parameters = ClientRequestParametersProvider.GetClientParameters(HttpContext, clientId);
        return Ok(parameters);
    }
}

I have also added the following settings in appsettings.json that the identity server reads:

...
"IdentityServer": {
  "Clients": {
    "WebApplication1": {
      "Profile": "SPA",
      "RedirectUri": "http://localhost:3000/authentication/login-callback",
      "LogoutUri": "http://localhost:3000/authentication/logout-callback"
    }
  }
},
...

The React app is hosted at http://localhost:3000 and uses oidc-client to interact with the ASP.NET Core server. The frontend code appears to correctly request a sign in passing the correct return url:

The ASP.NET Core authentication pages are successfully shown:

But if you post a new registration, ASP.NET Core redirects to its root rather than http://localhost:3000:

Is there anything I've missed or does the inbuilt ASP.NET identity only work if the client is hosted in the same origin?

Any help appreciated.

Answer 1

You just miss your return url during roundtrip to Account/Register. That has nothing to do with origins. Check with a pure signin -- that should work out of the box.

New account registration is not what Identityserver is responsible for. You have to handle that yourself. You need to pass through your return url each time you redirect, starting from the "Register" button on your login form and ending at your [HttpPost]Register action. Most likely you would like to keep that url even when you user cancels the registration in the middle and decides to signin with an existing account.

See this question/answer for the reference.