Skip to content
This repository has been archived by the owner on Jul 31, 2024. It is now read-only.

Redirect URI in Client configuration is now required when using a custom IRedirectUriValidator #2810

Closed
Tornhoof opened this issue Nov 19, 2018 · 3 comments
Closed

Redirect URI in Client configuration is now required when using a custom IRedirectUriValidator #2810

Tornhoof opened this issue Nov 19, 2018 · 3 comments
Labels
question

Comments

@Tornhoof
Copy link
Contributor

Please only use the issue tracker for bug reports and/or feature requests. For general security questions, or free or commercial support options do not use the issue tracker and instead see here for more details.

For bug reports, include the relevant log files related to your issue. See here how to enable logging. Delete this line once you have.

Finally, please keep the issue concise and to the point. If you paste in more code than the text for the issue you are reporting then we will most likely not read it.

Issue / Steps to reproduce the problem

After upgrading to IdentityServer4 2.3 from 2.2 my Implicit Client Config stopped working. I use a custom IRedirectUriValidator, because for dev purposes a fixed list of redirectUris is not possible and the custom IRedirectUriValidator handles that (i.e. just checking the hostname against allowed hostnames, not the port). So I left it empty in my 2.2 config, as the IRedirectUriValidator handled it.
1.) Create an implicit client config and don't set RedirectUris
2.) Create a custom IRedirectUriValidator and register it
3.) Use the client config in authorization

Workaround:
Set RedirectUris to a list with an empty value:

RedirectUris = new List<string>{string.Empty},

In 2.2 the ClientValidator was NopClientConfigurationValidator and in 2.3 DefaultClientConfigurationValidator, so I guess #2525 made that change.

What is the suggested way to configure the Client for use with IRedirectUriValidator?

Relevant parts of the log file

2018-11-19 08:45:41.6890 - Trace - ThreadId: 24 - TraceId: 0HLIDVBQ68FF3:00000004 - Identity:  - ValidatingClientStore: Calling into client configuration validator: IdentityServer4.Validation.DefaultClientConfigurationValidator 
2018-11-19 08:45:41.6890 - Error - ThreadId: 24 - TraceId: 0HLIDVBQ68FF3:00000004 - Identity:  - ValidatingClientStore: Invalid client configuration for client js: No redirect URI configured. 
2018-11-19 08:45:41.6890 - Error - ThreadId: 24 - TraceId: 0HLIDVBQ68FF3:00000004 - Identity:  - AuthorizeRequestValidator: Unknown client or not enabled: "js"
@leastprivilege
Copy link
Member

Set a dummy value for dev.

@Tornhoof
Copy link
Contributor Author

Thanks. I think that's it here.

@ThisNoName ThisNoName mentioned this issue Dec 16, 2018
Closed
@lock
Copy link

lock bot commented Jan 12, 2020

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@lock lock bot locked as resolved and limited conversation to collaborators Jan 12, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@leastprivilege @Tornhoof