RequireConsent – Http error or wrong redirect URI

[shackaufsaphir]

I use the identity server 3 (2.2.2) for a connection with a wpf client. Everything works fine when I don’t use required consent (client setting RequireConsent=false). If I activate consent the server doesn’t call my redirect uri. Instead he calls a server internal uri and gets an http error 405.

The following steps I see:

• Login dialog is shown (I will make a valid login)
• Permission dialog is shown (I give all permissions)
• Problem: Now the identity server calls the following uri and inside my browser control I get an HTTP 405 error. He tells me there was a development error.

URI the server calls:
https://localhost:40001/connect/consent?client_id=developerClient&response_type=id_token&scope=openid email&redirect_uri=oob:%2F%2Fwpfapp&state=7f479f6dd11244f685387616bb428fc3&nonce=7f2b29f3e7b01f1b935a258fa8efc597

• My browser control waits for the redirect uri (in my case oob://wpfapp). But with the error my application stops working and still waits for a valid login.

I checked my code but I stuck and do not know what can be my problem. Has anyone an idea what can be my problem. Maybe I forgot a setting. But where can it be?

I use the following versions of identity server:
identity server 3: 2.2.2
identity model: 1.2.1

Here my code ...

Client Settings

var developer = new Client
{
    Enabled = true,
    ClientId = "developerClient",
    ClientName = "Developer Client",
    RequireConsent = true,
    Flow = Flows.Implicit,
    RedirectUris = new List<string> { "oob://wpfapp" },
    AllowedScopes =
    new List<string>
    {
        Constants.StandardScopes.OpenId,
        Constants.StandardScopes.Profile,
        Constants.StandardScopes.Email
    }                                   
};

Create server url

var nonce = CryptoRandom.CreateUniqueId();
var state = Guid.NewGuid().ToString("N");

var client = new AuthorizeRequest(new Uri("https://localhost:40001/connect/authorize"));
var url = client.CreateAuthorizeUrl(
    clientId: "developerClient",
    responseType: "id_token",
    scope: "openid Email",
    state: state,
    nonce: nonce,
    redirectUri: "oob://wpfapp");

Code inside my browser control

private void OnPropertyChanged(object sender, PropertyChangedEventArgs propertyChangedEventArgs)
{
    switch (propertyChangedEventArgs.PropertyName)
    {
        case nameof(this.Uri):
            if (this.Uri.AbsoluteUri.StartsWith(this.LoginWindowRequestContext.CallbackUrl))
            {
                // Do something                    
            }
            break;
    }
}

[leastprivilege]

check our own wpf sample. this works fine with consent

[shackaufsaphir]

Yes i know that the wpf sample works.

I checked the example and saw that after I agree the claim on the ui the side calls the identity server with connect/consent. After that the server calls the redirect URL.

In my case the call of connect/consent won't be accept by the identity server (http error 405). My Visual Studio writes the following exception on the console. Inside the identity server log file is no information about the exception:
Exception thrown: 'System.Web.Http.HttpResponseException' in IdentityServer3.dll

My problem is, that there is no setting inside the identity server, where i can control the calling of the connect/console. I am a little lost, where i can search for the problem.

I saw in the source code from identity server that at 08. Oct. 2015 there was a changing of the endpoint routing (Remove disabled endpoints from routing table #1543). One of this changing was the connect/consent endpoint. Could it be, that i need change one of my settings because of that change?

[shackaufsaphir]

I found my mistake. Has nothing to do with the identity server. I wrote a behavior for my WebBrowser (uri binding) and there was a big bug inside.