Facebook Provider problem #780
Comments
|
The callback url configured on facebook should end with /signin-{providerId} for exemple https://myserver/signin-facebook |
|
I tried /signin-facebook also. When it is like that, after successful login within facebook, it returns to my server like this: https://myserver/signin-facebook?code=somecode&state=somestate and that page shows a 404 error without redirecting to calling client page.
I'm using Duende.IdentityServer |
|
And your provider id is facebook right ? Put the log in debug mode and share it please. |
|
Yes: How to put the log in debug mode? |
|
in the appsettings.json : "Serilog": {
"LevelSwitches": {
"$controlSwitch": "Debug"
}, |
|
Do you see the 404 in logs ? |
|
No 404 in logs. Now when I pressed the Facebook button within the Admin UI application, it works. But if the login page is a result of an OWIN client request, it doesn't returns to that client and shows 404 page. Local Login works for that Owin client. |
|
I guess the host is wrong then, double check it, it's looks like it do not return to your TheIdServer instance. The callback url should callback your identity server. Then the identity server callback to the app. |
|
404 error is showing in TheIdServer URL page. Which callback setting do you mean? I'm try to implement this logic to an old ASP.NET MVC 4 application and here is my owin startup code: JwtSecurityTokenHandler.DefaultInboundClaimTypeMap = new Dictionary<string, string>(); app.UseCookieAuthentication(new CookieAuthenticationOptions app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions #if DEBUG ResponseType = "id_token", UseTokenLifetime = false, }); |
|
On Facebook Developers app you need to provide the redirect URI for your client, this is the callback url. In this case the client is your TheIdServer, facebook should redirect to your TheIdServer instance not to your MVC client directly. As you don't see a 404 entry in your TheIdServer log, it means the callback do not return to your TheIdServer instance, do you agree ? If it was redirected to an unknown page of TheIdServer, the admin app should display:
|
|
Here is my Provider latest setup:
|
|
Are you behind a proxy ? If we can not found the 404 request in the log, it's because the request is not processed by TheIdServer, do you agree ? Can you look for /signin-facebook in log ? |
|
No, I'm not behind a proxy. Just use Burp to show the flow. Only one entry containing "signin-facebook" :
https://myidserver/signin-facebook?code=somecode&state=somestate URL gives 404 error. That means the server code can't find a matching route for this URL, isn't it? When this happens, is there a global error handling routine in the code and does it writes to log? |
|
And what if you try to login with facebook using TheIdServer admin ? if you use SEQ, try to filter logs with :
|
|
And your MVC application should use the Hybrid grant type, not Token exchange, nor Implicit, nor Client credentials |
|
The theidserveradmin redirect uri should be : "https://auth.bebyaz.com/authentication/login-callback" ,"/signin-facebook" should not be used as redirect path for clients. Drop the database. it'll recreate at startup. You probably have issue with stored security keys. |
|
I found that the IIS was filtering the request because of long query string. Adding this to web.config solved the problem: Thank you for your support. I learned OAuth, OpenId flows and learning new things is always a joy :) |
Local logins work without a problem. I tried to add facebook provider.
Pressing Facebook button at /account/login page redirects to facebook and after successful authentication, it returns to my authority server with an url like this:
https://myserver/?code=somecode&state=somestate
and this page gives a 404 error without returning to the calling client page.
I tried almost any option in the provider setup page. My last configuration is like this:
The text was updated successfully, but these errors were encountered: