Skip to content
This repository has been archived by the owner on Sep 18, 2021. It is now read-only.

Implicit client flow is not redirecting to return url. #303

Closed
pavanputhra opened this issue Aug 26, 2014 · 3 comments
Closed

Implicit client flow is not redirecting to return url. #303

pavanputhra opened this issue Aug 26, 2014 · 3 comments
Assignees
Labels

Comments

@pavanputhra
Copy link

I have created identity server with below given configuration. I am using implicit client flow (JavaScript sample project) to test identity server. I could able to see login screen. On successful login identity server is not redirecting to client web page.

Even when when I click logout button I will get login page as response. In other words logout link points to ( http://idsrv.local/login?message=7b..... )

What am I doing wrong here?

var factory = FactoryConfiguration.Create();
factory.ViewService = Registration.RegisterType<IViewService>(typeof(CustomViewService));

var idserverOptions = new IdentityServerOptions
{
    IssuerUri = "https://example.com",
    SiteName = "Example Identity Server",
    SigningCertificate = MockCertificate.Get(),
    Factory = factory,
    CorsPolicy = CorsPolicy.AllowAll
};

app.UseIdentityServer(idserverOptions);
public static class FactoryConfiguration
{
    public static IdentityServerServiceFactory Create()
    {
        return new IdentityServerServiceFactory
        {
            UserService =
                Registration.RegisterFactory<IUserService>(
                    (Func<IUserService>) (() => (IUserService) new UserService(new PersonRepository()))),
            ScopeStore = Registration.RegisterFactory<IScopeStore>(
                (Func<IScopeStore>) (() => (IScopeStore) new InMemoryScopeStore(MokeScopes.Get()))),
            ClientStore = 
                Registration.RegisterFactory<IClientStore>(
                    (Func<IClientStore>) (() => (IClientStore) new InMemoryClientStore(MockClients.Get())))
        };
    }
}
@leastprivilege
Copy link
Member

Hard to tell - maybe enable logging and also check network traces.

@pavanputhra
Copy link
Author

I found out the problem, after tracing and seeing network tab in chrome. Below is the flow after client makes request.

HTTP GET /connect/authorize?client_id=........ (302)
HTTPS GET /login?message=..... (200)
HTTPS POST /login?message=.....  (302 -  Now response has idsrv cookies set)
HTTP GET /connect/authorize?client_id=..... (302 - Now request is not sending 
                                         idsrv cookies set in previous response. 
                                         Reason is, previous request/response happened 
                                         in https while this request in http)
HTTPS GET /login?message=..... (200)

After changing my end point form http://idsrv.local/ to https://idsrv.local it started working.

Am wondering, why didn't subsequent request happen in HTTP, while first request (GET /connect/authorize?client_id=... ) was in HTTP?

@leastprivilege
Copy link
Member

We assume HTTPS when generating links. Unless you explicitly set the PublicHostName.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

No branches or pull requests

2 participants