New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Tested against AWS Cognito? #81
Comments
They could implement the spec properly, or you can disable that protocol violation with this flag: |
Same error
Disabling this seems to sort it :)
https://github.com/IdentityModel/IdentityModel2/blob/dev/src/IdentityModel/Client/DiscoveryPolicy.cs#L47
…On 10 August 2018 at 19:14, Brock Allen ***@***.***> wrote:
Is there something that can be done to make this work?
They could implement the spec properly, or you can disable that protocol
violation with this flag:
https://github.com/IdentityModel/IdentityModel2/
blob/dev/src/IdentityModel/Client/DiscoveryPolicy.cs#L42
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#81 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAGaprPZcwMEdOfd16o0uvw4kfhHxsTmks5uPc1ugaJpZM4V4lzW>
.
|
You should open an issue with them. You can refer them to the exact item in the spec: https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationValidation and let them know their implementation hurts interoperability. :) |
Oh sorry -- now I understand why your other flag fixed the issue. It's the endpoints, not the issuer. Ok, that's somewhat different. Sorry for my confusion. |
No worries.
It's working better although after login with AWS it redirects back to
localhost with a code and state querystring but in
ResponseProcessor.RedeemCodeAsync returns a TokenResponse which contains
a {"error":"invalid_client"}
Not sure how it can get that far to return that response. Not really sure
where the problem lies
…On 10 August 2018 at 20:35, Brock Allen ***@***.***> wrote:
Oh sorry -- now I understand why your other flag fixed the issue. It's the
endpoints, not the issuer. Ok, that's somewhat different. Sorry for my
confusion.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#81 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAGapitWndam7mZ2YIYlVM0-xXNQOKoBks5uPeCMgaJpZM4V4lzW>
.
|
Ah I got it working. Needed to pass in the ClientSecret. Don't really
understand why when my JS client worked without it. Thanks again
On 10 August 2018 at 21:02, Jonathan Channon <jonathan.channon@gmail.com>
wrote:
… No worries.
It's working better although after login with AWS it redirects back to
localhost with a code and state querystring but in ResponseProcessor.RedeemCodeAsync
returns a TokenResponse which contains a {"error":"invalid_client"}
Not sure how it can get that far to return that response. Not really sure
where the problem lies
On 10 August 2018 at 20:35, Brock Allen ***@***.***> wrote:
> Oh sorry -- now I understand why your other flag fixed the issue. It's
> the endpoints, not the issuer. Ok, that's somewhat different. Sorry for my
> confusion.
>
> —
> You are receiving this because you authored the thread.
> Reply to this email directly, view it on GitHub
> <#81 (comment)>,
> or mute the thread
> <https://github.com/notifications/unsubscribe-auth/AAGapitWndam7mZ2YIYlVM0-xXNQOKoBks5uPeCMgaJpZM4V4lzW>
> .
>
|
This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue. |
I have a local asp.net core application with an api endpoint. I have a AWS Cognito user pool setup. I can go through an index.html page and some Javascript to log into Cognito and get a token back. I can then make a request to asp.net core app with the token and after the token validation get to my api endpoint.
Using the sample netcore app for this library I tried hooking it all up but get back an error when it reads the discovery document.
Endpoint is on a different host than authority: https://REDACTED.auth.eu-west-2.amazoncognito.com/oauth2/authorize
Looking at the raw json in the discoveryResponse that is correct.
Is there something that can be done to make this work?
The text was updated successfully, but these errors were encountered: