Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenIdConnectProtocolException: Message contains error: 'invalid_client', error_description: 'error_description is null', error_uri: 'error_uri is null'. #1

Open
markpendlebury opened this issue Apr 7, 2022 · 4 comments
Open

OpenIdConnectProtocolException: Message contains error: 'invalid_client', error_description: 'error_description is null', error_uri: 'error_uri is null'. #1

markpendlebury opened this issue Apr 7, 2022 · 4 comments

Comments

@markpendlebury
Copy link

markpendlebury commented Apr 7, 2022
edited
Loading

Following your sample i get the above mentioned error after entering my username/password into the cognito login page.

I've re-created the pool and app client numerous times incase i missed something but keep hitting the same error, is there maybe something missing from your sample?

The full exception i'm getting is;

System.Exception: An error was encountered while handling the remote login.
 ---> Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolException: Message contains error: 'invalid_client', error_description: 'error_description is null', error_uri: 'error_uri is null'.
   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.RedeemAuthorizationCodeAsync(OpenIdConnectMessage tokenEndpointRequest)
   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync()
   --- End of inner exception stack trace ---
   at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

As a side note the callback url you use is incorrect (as far as i know) the correct callback url should be: https://localhost:5001/signin-oidc
@ddowningms
Copy link

ddowningms commented Nov 30, 2022
edited
Loading

@markpendlebury I'm getting a similar error and haven't been able to make further progress. Were you ever able to resolve this?

image

@markpendlebury
Copy link
Author

The error you're getting, similar to mine, indicates you are missing a (or are submitting an incorrect) client_id. In the conctext of the readme in this repo there are a number of missing peices:

Here's what i did:

services.AddOpenIdConnect(options =>
        {
            // Signin:
            options.ResponseType = Environment.GetEnvironmentVariable("ResponseType")!;
            options.MetadataAddress = Environment.GetEnvironmentVariable("MetadataAddress")!;
            options.ClientId = Environment.GetEnvironmentVariable("ClientId")!;
            options.ClientSecret = Environment.GetEnvironmentVariable("ClientSecret")!;
            // Signout
            options.Events = new OpenIdConnectEvents()
            {
                OnRedirectToIdentityProviderForSignOut = OnRedirectToIdentityProviderForSignOut
            };
        });

Where

"ResponseType"="code"
"MetadataAddress"="https://cognito-idp.${AWS_COGNITO_REGION}.amazonaws.com/${AWS_COGNITO_USER_POOL_ID}/.well-known/openid-configuration"
"ClientId"="${AWS_COGNITO_CLIENT_ID}"
"ClientSecret"="${AWS_COGNITO_CLIENT_SECRET}"

For Clarity, your Cognito user pool details (id and region) can be found via the console by naviagating to
Amazon Cognito --> User Pools --> Your Pool and can be found in the top header titled User pool ID (region included)

As for the Client ID and Secret, they can be found by navigating from the above pool page then selecting the "App Integration" tab, the last panel contains a list of your "App Client Names". On this page tyou will see "Client ID" and "Show client secret" on the top panel.

Additionally, on the App Client Page, under "Hosted UI" make sure you have the correct "Allowed Callback URLs". For me i used the following patterns:

Callback URLS:

  • https://localhost:5001/signin-oidc
  • https://www.mydomain.com/signin-oidc
  • https://mydomain.com/signin-oidc

Allowed Sign-out URLS:

  • https://localhost:5001/logout/callback
  • https://www.mydomain.com/logout/callback
  • https://mydomain.com/logout/callback

Hope this helps

@ddowningms
Copy link

@markpendlebury, thank you for the detailed reply. I was able to get the login part of the sample working correctly.

I am however not able to get the logout functionality working as the sample is currently coded. I'm getting the following, any idea what I'm doing wrong. Do I need to modify the sample to get it working?

image

@xtianrivas
Copy link

xtianrivas commented Aug 4, 2023
edited
Loading

tuve el mismo problema pero era algo mas simple:

supongo que los datos de la cuenta AWS no son tomados desde el Appsetting.json porque no esta direccionandolo correctamente en Program.cs en mi caso decía

            .ConfigureAppConfiguration((hostingContext, config) =>
            {
                config.AddJsonFile(
                    "appsettings.local.json",
                    optional: true,
                    reloadOnChange: true);
            });

debiendo ser:

            .ConfigureAppConfiguration((hostingContext, config) =>
            {
                config.AddJsonFile(
                    "launchSettings.json",
                    optional: true,
                    reloadOnChange: true);
            });

como estaba en Properties\launchSettings.json en el proyecto. con eso el proyecto parte correctamente.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@xtianrivas @markpendlebury @ddowningms