I am using msaljs in angular with .net. I am able to get a v2 oauth token but in .net, the GetMyMemberOfGroupsAsyncmethod returns a 401 with invalid compact token error. I tried changing the scopes in the application but to no use.
Here's the angular config file
{
"msalConfig": {
"clientId": "CLIENT_ID",
"authority": "https://login.microsoftonline.com/TENANT_ID/",
"validateAuthority": true,
"redirectUri": "http://localhost:3000/",
"postLogoutRedirectUri": "http://localhost:3000/"
},
"angular": {
"popUp": false,
"consentScopes": [
"user.read.all",
"directory.Read.all"
]
}
}
Below is the token parsed via JWT.io
{
"aud": "AUD",
"iss": "https://login.microsoftonline.com/TENANT_ID/v2.0",
"iat": 1592242137,
"nbf": 1592242137,
"exp": 1592246037,
"aio": "",
"email": "",
"family_name": "",
"given_name": "",
"name": "",
"nonce": "",
"oid": "",
"preferred_username": "USERNAME",
"sub": "",
"tid": "",
"uti": "",
"ver": "2.0"
}
The exception occurs in the last line of the below code segment:
public async Task<List<Group>> GetMyMemberOfGroupsAsync(string accessToken)
{
List<Group> groups = new List<Group>();
PrepareAuthenticatedClient(accessToken);
// Get groups the current user is a direct member of.
IUserMemberOfCollectionWithReferencesPage memberOfGroups = await graphServiceClient.Me.MemberOf.Request().GetAsync();
I get the following exception on my .net backend
fail: Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware[1]
An unhandled exception has occurred while executing the request.
Status Code: Unauthorized
Microsoft.Graph.ServiceException: Code: InvalidAuthenticationToken
Message: CompactToken parsing failed with error code: 80049217
Inner error:
AdditionalData:
date: 2020-06-16T12:44:50
request-id: ce0a83bf-3e33-4510-b4f6-9840dfb85a8a
ClientRequestId: ce0a83bf-3e33-4510-b4f6-9840dfb85a8a
The endpoints use v2.0. Also, i tried adding protected resource maps like the following in the config file but the token seems to be unaffected:
protectedResourceMap: [
['https://graph.microsoft.com/v1.0/me', ['user.read']]
];
Related
Hello I have an issue with IdentityServer 4.
When we intiate a cal to IDP with Swagger for the first time I can get a token
[12:36:21 DBG] Getting claims for identity token for subject: 3680d5aa-4b35-4e39-a1ce-cfbc6961f4c3 and client: Idp.UserIdentitySwagger
[12:36:21 DBG] In addition to an id_token, an access_token was requested. No claims other than sub are included in the id_token. To obtain more user claims, either use the user info endpoint or set AlwaysIncludeUserClaimsInIdToken on the client configuration.
[12:36:21 VRB] Creating JWT identity token
[12:36:21 INF] {"ClientId": "Idp.UserIdentitySwagger", "ClientName": "Idp.UserIdentity Swagger", "RedirectUri": null, "Endpoint": "Token", "SubjectId": "3680d5aa-4b35-4e39-a1ce-cfbc6961f4c3", "Scopes": "openid profile email", "GrantType": "authorization_code", "Tokens": [{"TokenType": "id_token", "TokenValue": "****dlrQ", "$type": "Token"}, {"TokenType": "access_token", "TokenValue": "****g_rw", "$type": "Token"}], "Category": "Token", "Name": "Token Issued Success", "EventType": "Success", "Id": 2000, "Message": null, "ActivityId": "0HMJ7TTLK79RA:0000000E", "TimeStamp": "2022-07-17T12:36:21.0000000Z", "ProcessId": 1, "LocalIpAddress": "10.244.1.16:443", "RemoteIpAddress": "10.244.0.9", "$type": "TokenIssuedSuccessEvent"}
[12:36:21 VRB] Identity token issued for Idp.UserIdentitySwagger (Idp.UserIdentity Swagger) / 3680d5aa-4b35-4e39-a1ce-cfbc6961f4c3: eyJhbGciOiJSUzI1NiIsImtpZCI6IjIzNTJFMjcwQkFDQjUwMDAwNjM1NkY3RjIwRDM0MEIwQjk3NDRCRThSUzI1NiIsInR5cCI6IkpXVCIsIng1dCI6IkkxTGljTHJMVUFBR05XOV9JTk5Bc0xsMFMtZyJ9.eyJuYmYiOjE2NTgwNjEzODEsImV4cCI6MTY1ODA2NDk4MSwiaXNzIjoiaHR0cHM6Ly9pZHAub3Vpb3VpZGlzY291bnQuY29tIiwiYXVkIjoiSWRwLlVzZXJJZGVudGl0eVN3YWdnZXIiLCJpYXQiOjE2NTgwNjEzODEsImF0X2hhc2giOiJFWWRZYWtpb0ZFUTN6Z19qeHZ1Umd3Iiwic19oYXNoIjoiMUxYeTNQMXpaOTZiU2lDWjBrRmNBZyIsInNpZCI6IjYzREQ4OEQ5QTQ0NEEyRDQzRDU1QUNBMjYyQTM1MTc3Iiwic3ViIjoiMzY4MGQ1YWEtNGIzNS00ZTM5LWExY2UtY2ZiYzY5NjFmNGMzIiwiYXV0aF90aW1lIjoxNjU4MDYxMzczLCJpZHAiOiJsb2NhbCIsImFtciI6WyJwd2QiXX0.kyOSEob49JTd10Wmz3YMgg48MB-RRWmSJ6JB2dZeu-0r8WPOK69XXlq74bGAoyV6DwytsyTOmwb7h5Wnu5zcgbHFJ_ycGAi5PwOiO1clyDIpYW5ql__SZ2JH31ppuRg616eDaX0M2p9PFfW4MBSM1d4p69aWrbqAmuj8g833VjtZOFkZcgS6OZotqbM_zxOGLhfkzwJQtDjHdh1_imJp80fa4uv_0KOpWc62hclOXcBS8oKvgQYyeeS8AIXGrIBoNII8ZQ8yK-BrqOAjm4f1PVyyhQa8P19gXWoASQL6EHb-zCUo5VUXAu7bukBb4JNNzk8jUTCWvSUo9z4_rDdlrQ
[12:36:21 VRB] Access token issued for Idp.UserIdentitySwagger (Idp.UserIdentity Swagger) / 3680d5aa-4b35-4e39-a1ce-cfbc6961f4c3: eyJhbGciOiJSUzI1NiIsImtpZCI6IjIzNTJFMjcwQkFDQjUwMDAwNjM1NkY3RjIwRDM0MEIwQjk3NDRCRThSUzI1NiIsInR5cCI6ImF0K2p3dCIsIng1dCI6IkkxTGljTHJMVUFBR05XOV9JTk5Bc0xsMFMtZyJ9.eyJuYmYiOjE2NTgwNjEzODEsImV4cCI6MTY1ODA2NDk4MSwiaXNzIjoiaHR0cHM6Ly9pZHAub3Vpb3VpZGlzY291bnQuY29tIiwiY2xpZW50X2lkIjoiSWRwLlVzZXJJZGVudGl0eVN3YWdnZXIiLCJzdWIiOiIzNjgwZDVhYS00YjM1LTRlMzktYTFjZS1jZmJjNjk2MWY0YzMiLCJhdXRoX3RpbWUiOjE2NTgwNjEzNzMsImlkcCI6ImxvY2FsIiwic2lkIjoiNjNERDg4RDlBNDQ0QTJENDNENTVBQ0EyNjJBMzUxNzciLCJpYXQiOjE2NTgwNjEzODEsInNjb3BlIjpbIm9wZW5pZCIsInByb2ZpbGUiLCJlbWFpbCJdLCJhbXIiOlsicHdkIl19.BXtDlQKqw8rGmgnLjJuWJicF2BIHPzpp48NC-aP9cpzy7dqYY2a8kI1x07vTnhX2rcEjdfqhfMIfyJuqZJBhXVtfI7R60QyfuAj3Ozpa4KGE2Y28d9Xntizf4ctwUXFLZVboH8MrXflcIiDL8s5h_c6P6W2NafYK_1m7xpU68Qq0NsxqXsaG2SZT_nph-bl_hEvfR_AfXbkDI12Z606hSqAhjP5v_TQfc6_0zveCVTiFRUMCzTzndtRSVtNrP3WPGXalOTtOaeOIUFssDvqNYeF6nch245vjw5NQQu3zUgETOSJfeO_d0c7VCeEvp_s_yCEFCVOIl2_xvWd3Hig_rw
I disconnect and try to login again and a “invalid_grant” is raised. I clear the cache and try again and it does not work. After several retries I can login. I think it is random error. I cannot figure out the reason behind this error. Here is the error message and the IDP configuration and the client configuration. I hope that it can help.
[12:42:06 DBG] A data reader was disposed.
[12:42:06 DBG] Closing connection to database 'IdpDb' on server 'tcp://XXXXXXXXXXX:5432'.
[12:42:06 DBG] Closed connection to database 'IdpDb' on server ''.
[12:42:06 DBG] tJc155MKnmvPDXowrLH4laE8GBDyxFtEveiaB/ONE4w= found in database: False
[12:42:06 DBG] authorization_code grant with value: E3661868CE07773D4612B6A32A5D10B9B0A48D00E616718C795D9ED5F6827348 not found in store.
[12:42:06 ERR] Invalid authorization code{"code": "E3661868CE07773D4612B6A32A5D10B9B0A48D00E616718C795D9ED5F6827348"}, details: {"ClientId": "Idp.UserIdentitySwagger", "ClientName": "Idp.UserIdentity Swagger", "GrantType": "authorization_code", "Scopes": null, "AuthorizationCode": "****7348", "RefreshToken": "********", "UserName": null, "AuthenticationContextReferenceClasses": null, "Tenant": null, "IdP": null, "Raw": {"grant_type": "authorization_code", "code": "E3661868CE07773D4612B6A32A5D10B9B0A48D00E616718C795D9ED5F6827348", "client_id": "Idp.UserIdentitySwagger", "client_secret": "***REDACTED***", "redirect_uri": "https://identity.*******.com/swagger/oauth2-redirect.html", "code_verifier": "eMCIRwHDzhTf1YrRr651Uaqi_COopBhc7ZfOGyjRiAc"}, "$type": "TokenRequestValidationLog"}
[12:42:06 INF] {"ClientId": "Idp.UserIdentitySwagger", "ClientName": "Idp.UserIdentity Swagger", "RedirectUri": null, "Endpoint": "Token", "SubjectId": null, "Scopes": null, "GrantType": "authorization_code", "Error": "invalid_grant", "ErrorDescription": null, "Category": "Token", "Name": "Token Issued Failure", "EventType": "Failure", "Id": 2001, "Message": null, "ActivityId": "0HMJ7TTLK79RH:00000008", "TimeStamp": "2022-07-17T12:42:06.0000000Z", "ProcessId": 1, "LocalIpAddress": "10.244.1.16:443", "RemoteIpAddress": "10.244.0.9", "$type": "TokenIssuedFailureEvent"}
[12:42:06 VRB] Invoking result: IdentityServer4.Endpoints.Results.TokenErrorResult
IdpConfiguration
services.AddIdentityServer(options =>
{
options.Events.RaiseErrorEvents = true;
options.Events.RaiseInformationEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseSuccessEvents = true;
})
.AddConfigurationStore(options =>
{
options.ConfigureDbContext = (t) =>
{
t.UseNpgsql(configuration.GetConnectionString("IdpDb"),
b => b.MigrationsAssembly(migrationsAssembly));
t.EnableSensitiveDataLogging();
};
})
.AddOperationalStore(options =>
{
options.ConfigureDbContext = (t) =>
{
t.UseNpgsql(configuration.GetConnectionString("IdpDb"),
b => b.MigrationsAssembly(migrationsAssembly));
t.EnableSensitiveDataLogging();
};
})
.AddProfileService<BrandeeUserProfileService>()
.AddSigningCredential(LoadCertificate(configuration));
DataProtection Code:
services.AddDataProtection()
.SetApplicationName("TAASe")
.UseCryptographicAlgorithms(
new AuthenticatedEncryptorConfiguration()
{
EncryptionAlgorithm = EncryptionAlgorithm.AES_256_CBC,
ValidationAlgorithm = ValidationAlgorithm.HMACSHA256,
}
)
.ProtectKeysWithCertificate(new X509Certificate2(configuration["Certificate:Path"],
configuration["Certificate:Password"]))
.PersistKeysToDbContext<AppDataProtectionDbContext>()
.SetDefaultKeyLifetime(TimeSpan.FromDays(14));
Client Definition:
{
"clientId": "Idp.UserIdentity Swagger",
"clientName": "Idp.UserIdentity Swagger",
"requireConsent": true,
"accessTokenLifetime": 3600,
"identityTokenLifetime": 3600,
"allowOfflineAccess": true,
"alwaysSendClientClaims": true,
"secrets": [
"secret"
],
"scopes": [
"openid","profile","email"
],
"allowedGrantType": [
"authorization_code"
],
"redirectUris": [
"https://identity.XXXXXXXXXX.com/swagger/oauth2-redirect.html"
],
"corsOrigins": [
"https://identity.XXXXXXX.com"
],
"postLogoutRedirectUri": []
}
and in Swagger
services.AddSwaggerGen(options =>
{
var oauthSecuritySchema = new OpenApiSecurityScheme()
{
Type = SecuritySchemeType.OAuth2,
Flows = new OpenApiOAuthFlows()
{
AuthorizationCode = new OpenApiOAuthFlow()
{
AuthorizationUrl = new Uri(configuration["Idp:AuthorizationUrl"]),
Scopes = new Dictionary<string, string>()
{
// {"Idp.UserManagement","Identity"},
{"openid","openid"},
{"profile","profile"},
{"email","email"}
},
TokenUrl = new Uri(configuration["Idp:TokenUrl"]),
}
},
Name = configuration["Swagger:Name"],
};
options.SwaggerDoc("v1", new OpenApiInfo {Title = "Protected API", Version = "v1"});
options.AddSecurityDefinition("oauth2", oauthSecuritySchema);
options.OperationFilter<AuthorizeCheckOperationFilter>();
options.EnableAnnotations();
});
When the user logs in, the Idp saves the code in the PersistedGrants table with the key formed by (code + ":" + "authorization_code").Sha256(). For your code E3661868CE07773D4612B6A32A5D10B9B0A48D00E616718C795D9ED5F6827348 the key is tJc155MKnmvPDXowrLH4laE8GBDyxFtEveiaB/ONE4w=. That is correct according to the logs. Then, the Idp returns this code to the caller.
Then, the client can change this code for the tokens in the token endpoint. The Idp try to recover this record by forming the key again, retrieving it from the database and checking if the passed code match with the stored previously.
It seems the persistence in the operational store is not working properly. Either this record is not saved in the first part, or the query to get it in the second part is not working. Whatever the reason the service returns a generic invalid_grant error message.
Check if the record is saved in the PersistedGrants table. You can use my Fiddle to form the key and test with other codes.
Check the previous logs if you have any EF exception when SaveAsync is called.
Since the latest maintenances from ConnectyCube servers, I am experiencing a new issue when I authenticate with the custom identity provider.
I use Firebase as endpoint and it return the following json file (tested with Postman) :
{
"kind": "identitytoolkit#GetAccountInfoResponse",
"users": [
{
"localId": "The uid that I want to get",
"email": "test#test.com",
"passwordHash": "xxxxxx",
"emailVerified": false,
"passwordUpdatedAt": 1607681539305,
"providerUserInfo": [
{
"providerId": "password",
"federatedId": "test#test.com",
"email": "test#test.com",
"rawId": "test#test.com"
}
],
"validSince": "1607681539",
"disabled": false,
"lastLoginAt": "1620422687374",
"createdAt": "1607681539305",
"lastRefreshAt": "2021-05-07T21:24:47.374Z"
}
]
}
Previously, to get the localId, I used the following as responses params {"uid": "#{users[0].localId}"} and it worked.
Now I get the error "base":["Custom Identity Provider uid is required"] when I try to sign in the users while nothing changed in my code.
Do you have a solution to access to the localID parameter without using [0] as it seems to be the cause of the issue?
My current settings for the custom identity provider:
ENDPOINT: https://identitytoolkit.googleapis.com/v1/accounts:lookup?key=API_WEBKEY
REQUEST HEADERS: {"Content-Type": "application/json"}
REQUEST PARAMS: {"idToken": "#{login}"}
RESPONSE PARAMS: {"uid": "#{users[0].localId}"}
Extract of my script where the error appear:
final token = await FirebaseLib().auth.currentUser.getIdToken();
createSession().then((cubeSession) {
CubeUser user = CubeUser(login: "$token", password: "");
signIn(user).then((cubeUser) {
Print("Worked!");
}).catchError((error) {});
}).catchError((error) {});
This should work now again
Please check
I have a Blazor WebAssembly application that is hosted in ASP.NET CORE server. I am using IIS in process self-contained deployment and the application is configured as a sub-application of the Default Web Site. So the URL is something like [https:]//myserver/APPLICATIONNAME/
I am getting an error saying that the redirect URI does not match the allowed URIs for the client, but in the log the two URIs are exactly the same. The redirect URI is defined in appsettings.json file.
I have followed the Microsoft docs here
This is the log error without explicit redirect URI:
{
"ClientId": "TestBlazorAuth.Client",
"ClientName": "TestBlazorAuth.Client",
"AllowedRedirectUris": [
"/authentication/login-callback"
],
"SubjectId": "anonymous",
"RequestedScopes": "",
"Raw": {
"client_id": "TestBlazorAuth.Client",
"redirect_uri": "https://localhost/TestBlazorAuth/authentication/login-callback",
"response_type": "code",
"scope": "TestBlazorAuth.ServerAPI openid profile",
"state": "d53f88ebd6dc413fb929f01b06cd8efa",
"code_challenge": "XPaEMOg02714PWrx9POC3oSwsO2mXAhBe_IerH4p75E",
"code_challenge_method": "S256",
"prompt": "none",
"response_mode": "query"
}
}
This is the explicit setting:
"IdentityServer": {
"Clients": {
"TestBlazorAuth.Client": {
"Profile": "IdentityServerSPA",
"RedirectUri": "https://localhost/TestBlazorAuth/authentication/login-callback"
}
},
"Key": {
"Type": "File",
"FilePath": "C:\\temp\\som_cert_file.pfx",
"Password": "blablabla"
}
},
This is the error log when explicit setting is used:
Invalid redirect_uri: https://localhost/TestBlazorAuth/authentication/login-callback
{
"ClientId": "TestBlazorAuth.Client",
"ClientName": "TestBlazorAuth.Client",
"AllowedRedirectUris": [
"https://localhost/TestBlazorAuth/authentication/login-callback"
],
"SubjectId": "anonymous",
"RequestedScopes": "",
"Raw": {
"client_id": "TestBlazorAuth.Client",
"redirect_uri": "https://localhost/TestBlazorAuth/authentication/login-callback",
"response_type": "code",
"scope": "TestBlazorAuth.ServerAPI openid profile",
"state": "3b121b72d20640cb8c7b74f783b5d914",
"code_challenge": "WNev6kwUV7UjAhNTvvDH10vJwkEXPDev8jwNZYnsNDY",
"code_challenge_method": "S256",
"prompt": "none",
"response_mode": "query"
}
}
redirect_uri and AllowedRedirectUris[0] look exactly the same to me.
This is a trace using NLOG:
2020-06-24 14:56:05.3948||TRACE|IdentityServer4.Stores.ValidatingClientStore|Calling into client configuration validator: IdentityServer4.Validation.DefaultClientConfigurationValidator
2020-06-24 14:56:05.4080||DEBUG|IdentityServer4.Stores.ValidatingClientStore|client configuration validation for client Integra.PCSP.Print.WebUI.Client succeeded.
2020-06-24 14:56:05.4080||ERROR|IdentityServer4.Validation.AuthorizeRequestValidator|Invalid redirect_uri: "https://localhost/TestBlazorAuth/authentication/login-callback"
I looked at IdentityServer4 source code to check how is the comparison done, and it all seems perfectly fine:
public class StrictRedirectUriValidator : IRedirectUriValidator
{
/// <summary>
/// Checks if a given URI string is in a collection of strings (using ordinal ignore case comparison)
/// </summary>
/// <param name="uris">The uris.</param>
/// <param name="requestedUri">The requested URI.</param>
/// <returns></returns>
protected bool StringCollectionContainsString(IEnumerable<string> uris, string requestedUri)
{
if (uris.IsNullOrEmpty()) return false;
return uris.Contains(requestedUri, StringComparer.OrdinalIgnoreCase);
}
...
}
At this point I am ready to scratch the project and implement the app in MVC, it's only couple pages, so I thought it would be a great Blazor proof-of-concept. It turned out the development part is easy, the deployment is a nightmare.
Thanks for any ideas.
The issue turned out to be with case-sensitivity. I still don't understand why though.
Here's what I did.
Update Blazor wasm solution wwwroot/index.html (URI all lower-case!)
<base href="/testblazorauth/" />
Update the server project Startup.cs ( URI all lower-case!)
app.UsePathBase("/testblazorauth/");
Update appsettings.json (removed the explicit RedirectUri property). The framework will use the value from the second step and correctly build the callback URI.
"IdentityServer": {
"Clients": {
"TestBlazorAuth.Client": {
"Profile": "IdentityServerSPA"
}
},
"Key": {
"Type": "File",
"FilePath": "C:\\temp\\SOME_CERT.pfx",
"Password": "SOME_PASSWORD"
}
},
In IIS, i have created new sub-application of Default Web Site with a host name "testblazorauth" (all lower-case).
Published the app with VS and ran in Chrome and got expected results and no more errors.
I'm getting this error :
I get a successful access only when I remove the redirect
this is the Identity Server 4 side :
new Client {
RequireConsent = false,
ClientId = "ClientApp",
ClientName = "SPA Client App",
AccessTokenType = AccessTokenType.Jwt,
AllowedGrantTypes = GrantTypes.Implicit,
AllowedScopes = { "openid", "profile", "email", "api.read" },
RedirectUris = {"http://localhost:4200/auth-callback"},
PostLogoutRedirectUris = {"http://localhost:4200/"},
AllowedCorsOrigins = {"http://localhost:4200"},
AllowAccessTokensViaBrowser = true,
AccessTokenLifetime = 3600
},
and the Client side :
export function getClientSettings(): UserManagerSettings {
return {
authority: 'http://localhost:5000',
client_id: 'ClientApp',
redirect_uri: 'http://localhost:4200/auth-callback',
post_logout_redirect_uri: 'http://localhost:4200/',
response_type: 'id_token token',
// scope: 'openid profile BankOfDotNet.API',
scope: 'openid profile email api.read',
filterProtocolClaims: true,
loadUserInfo: true,
automaticSilentRenew: true,
silent_redirect_uri: 'http://localhost:4200/silent-refresh.html'
};
}
Another error is showing and I can't understand if it is the same as the one before.
logs as asked:
IdentityServer4.Validation.AuthorizeRequestValidator:Error: Unknown client or not enabled: SPAClient
{
"SubjectId": "anonymous",
"RequestedScopes": "",
"Raw": {
"client_id": "SPAClient",
"redirect_uri": "http://localhost:4200/fetch-data",
"response_type": "code",
"scope": "openid profile bankOfDotNetApi",
"state": "b1c4a9eebe704650a6301a4fa633d558",
"code_challenge": "OWv8xEW0iHKVQTDUTqxybVe4cQXAd2mdJIWZ8Budni8",
"code_challenge_method": "S256",
"response_mode": "query"
}
}
IdentityServer4.Endpoints.AuthorizeEndpoint:Error: Request validation failed
IdentityServer4.Endpoints.AuthorizeEndpoint:Information: {
"SubjectId": "anonymous",
"RequestedScopes": "",
"Raw": {
"client_id": "SPAClient",
"redirect_uri": "http://localhost:4200/fetch-data",
"response_type": "code",
"scope": "openid profile bankOfDotNetApi",
"state": "b1c4a9eebe704650a6301a4fa633d558",
"code_challenge": "OWv8xEW0iHKVQTDUTqxybVe4cQXAd2mdJIWZ8Budni8",
"code_challenge_method": "S256",
"response_mode": "query"
}
}
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 186.6231ms 302
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 GET http://localhost:5000/home/error?errorId=CfDJ8CQhqAOzyZ9FnWMOkakiUDM48vI_2dxE-C2BufLYKmWsaswgqMctLthhXKjSgwSdgWakjV1UpkzAwMl4aeQRoa_OK7NBBmGejbq8r8kZ8ZryGFMBXhFPTP_auWF6ZU0qSRpm6hRYKpaFsJkA9V0mbmpcHeHTok7levfWugV3Ysiu0xRCRYz7iSM590AlkEjiHCLjrFnGTaGTY7pFGywlcfeWbeOpfkbBVNqeqe0YgkJzFmBouS4k7XdOhAL6afG8j2Zh33Cw4yDMYFMEXIOLWswYoHy2Q0t4G5gpJ2VBBoIgtRV2LeVHrw45qpIUjNOFNnI1g-rD_eTgb0pCjXCLJfR_X6zIO1tJArXHrUTLyAMt
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Route matched with {action = "Error", controller = "Home"}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] Error(System.String) on controller IdentityServer4.Quickstart.UI.HomeController (BankOfDotNet.IdentitySvr).
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Executing action method IdentityServer4.Quickstart.UI.HomeController.Error (BankOfDotNet.IdentitySvr) - Validation state: Valid
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Executed action method IdentityServer4.Quickstart.UI.HomeController.Error (BankOfDotNet.IdentitySvr), returned result Microsoft.AspNetCore.Mvc.ViewResult in 7.5635ms.
Microsoft.AspNetCore.Mvc.ViewFeatures.ViewResultExecutor:Information: Executing ViewResult, running view Error.
Microsoft.AspNetCore.Mvc.ViewFeatures.ViewResultExecutor:Information: Executed ViewResult - view Error executed in 21.4364ms.
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Executed action IdentityServer4.Quickstart.UI.HomeController.Error (BankOfDotNet.IdentitySvr) in 50.3452ms
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 72.7919ms 200 text/html; charset=utf-8
The thread 0x2c44 has exited with code 0 (0x0).
The thread 0x46d0 has exited with code 0 (0x0).
im new thats why logs we added like this, i dont know how to add it in simplest view.
Your client definition says
ClientId = "ClientApp",
But in the logs, is says:
"client_id": "SPAClient",
Are you confused about the clientId?
I'm currently using firebase as my backend webserver , and I used the auth REST API to authenticate users in my app (login using email and password ). My question is I want to know if there is an http request that I can a response by it that includes if the email that logged in is verified or not , I have tried mixing the rest API with the firebase-Auth package but it didn't work .
I just found the "setAccountInfo" endpoint, but for it to work I need the " oobCode " from the confirmation email that was send to the user and I can't get that automatically, I guess.
Can anyone help me on this?
I think you can do that with the getAccountInfo endpoint, which returns the following payload (sample from the doc) that contains a emailVerified property:
{
"users": [
{
"localId": "ZY1rJK0...",
"email": "user#example.com",
"emailVerified": false,
"displayName": "John Doe",
"providerUserInfo": [
{
"providerId": "password",
"displayName": "John Doe",
"photoUrl": "http://localhost:8080/img1234567890/photo.png",
"federatedId": "user#example.com",
"email": "user#example.com",
"rawId": "user#example.com",
"screenName": "user#example.com"
}
],
"photoUrl": "https://lh5.googleusercontent.com/.../photo.jpg",
"passwordHash": "...",
"passwordUpdatedAt": 1.484124177E12,
"validSince": "1484124177",
"disabled": false,
"lastLoginAt": "1484628946000",
"createdAt": "1484124142000",
"customAuth": false
}
]
}
Sample Request (from the doc, pasted for reference):
curl
'https://identitytoolkit.googleapis.com/v1/accounts:lookup?key=[API_KEY]'
\
-H 'Content-Type: application/json' --data-binary '{"idToken":"[FIREBASE_ID_TOKEN]"}'
In the example above, you would replace [API_KEY] with the Web API Key
of your Firebase project and [FIREBASE_ID_TOKEN] with the user's
Firebase ID token.
PS: I've not tried the setAccountInfo endpoint you mention at the end of your question, but I think it is used for sending (POST) the verification code received by email (From the doc: -> "oobCode: The action code sent to user's email for email verification.")
import pyrebase
firebaseConfig = {
"apiKey": "",
"authDomain": "",
"projectId": "",
"storageBucket": "",
"messagingSenderId": "",
"appId": "",
"measurementId": "",
"databaseURL": ""
}
firebase = pyrebase.initialize_app(firebaseConfig)
auth = firebase.auth()
email= "your Email"
password = "your Password"
login = auth.sign_in_with_email_and_password(email, password)
acc_info=auth.get_account_info(login['idToken'])
if "users" in acc_info:
if acc_info["users"]:
for val in acc_info['users']:
if "emailVerified" in val:
print(val["emailVerified"])