I'm using Duende Identity Server 6 and trying to get Access Token from my Identity Server
in my API Controller using http client base on duende documentation.
But I get this Invalid redirect uri in my Identity Server console logs.
As you can see the redirectUri is null in information log,
and there is my code in Client API.Controller
You are trying to make a client credentials flow. The endpoint you need to invoke is /connect/token. Is not necessary redirect uri in this flow.
Related
I'm trying to develop a drive solution (Onedrive) in a windev program.
I created an application in Microsoft Azure and created a secret key.
When doing the first request https://login.live.com/oauth20_authorize.srf?client_id={client_id}&scope={scope} &response_type=code&redirect_uri={redirect_uri} I'm redirected on the connection page.
Once I'm connected I get a code back as https://login.live.com/oauth20_authorize.srf?code={code}.
But when I ask for a token posting this request : POST https://login.live.com/oauth20_token.srf Content-Type: application/x-www-form-urlencoded client_id={client_id}&redirect_uri={redirect_uri}&client_secret={client_secret} &code={code}&grant_type=authorization_code
I get this back
{ "error":"invalid_client", "error_description":"The client does not exist or is not enabled for consumers. If you are the application developer, configure a new application through the App Registrations in the Azure Portal at https:\/\/go.microsoft.com\/fwlink\/?linkid=2083908.", "correlation_id":"471e800c-69b4-43c6-a03f-a1f7e9512e6b" }
Thank you for your help.
This error means you are using a Microsoft Account to login your client app, but it is not enabled for that.
To change the setting for an existing AD App, navigate to the Manifest blade of it in the portal, find the signInAudience attribute, set it with AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount.
I want to implement SSO SAML2 with wso2 ei in React where
I go to check if I am authenticated or not
If not authenticated I should redirect to sso URL
When I sign in successfully on sso identity provider, I redirect to my react app with token
Then save token to localstorage and go ahead
I have tried it with Passport and Express where rendering is happening on server side. But I want it on the client side with React, steps:
I go to my home page and click on login page
It take me to wso2 identity provider and then I login
Then I redirect to my express app
The short answer: you can't do that.
You cannot use SAML without a backend. SAML requires you to register a Sercice Provider (SP), which must be identifiable with an SSL cerificate. Therefore the SP must have a private key, which you cannot distribute to a browser client for obvious reasons. On top of that, the assertion endpoint should accept a POST HTTP request, which traditionally only a server can do.
You can skip the IdP discovery if you know which IdP you wish to use, but the assertion phase cannot be circumvented. You must have an assertion endpoint for the SSO. This endpoint must be able to decrypt messages encrypted with the public key of the SP, so it must be implemented on a server.
To get as close to what you want as possible, you can implement the SP as a separate microservice that only has one (or two if you're utilizing the DS) endpoint(s). The assertion endpoint of your login service can create a token for the user and redirect them to the frontend carrying the token in a query variable.
I am developing the integration for Microsoft One Note with third party application using OAuth 2.0
And I have successfully authorised my Microsoft O365 account and provided my consent, but unable to get access token after the successful authorisation.
Error Message looks like : Invalid client secret is provided.
Timestamp: 2019-03-19 07:52:28Z
One Note Documentation : enterprise notebooks on Office 365 integration
As the document states format should be like below
POST https://login.live.com/oauth20_token.srf
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code
&client_id={client-id} // Your Azure portal register application ID
&client_secret={client-secret} // Key Of same registered application
&code={code}
&redirect_uri={redirect-uri}
You are providing invalid client secret key while you are requesting API
See the screen shot below and make sure you are providing right one
Note:
Check your EXPIRES of key as never expires
Update:
In your case you have to follow two step to get your access token
First need to get authorization code
Request for token with that authorization code
Authorization code request sample
Token Request sample with authorization code
I have setup an Application that's is using OKTA as IDP. The app is SAML Based.This part is working fine.
But I am unable to log out. For this we have
1. Enabled Single Logout
2. Set the Single Log out URL (I received this from Metadata of IDP under header Identity Provider Single Logout URL)
3.Sp Issues (I received this from Metadata of IDP under header Identity Provider Issuer )
4. Signature Certificate (This is the certificate of IDP)
Now when I call the Logout URL I am receiving 403. On checking the Logs of OKTA I see the (User Single Sign out from App Failure:- Malformed Request)
Can any one please help me how to fix it.
I am assuming that I just need to call the logout URL and the session will kill off. Is my understanding correct?
Reviving a very old thread, check that you have a ?ReturnTo=<path> at the end of the logout URL.
Okta requires strictly post binding requests for logout. Please make sure you are making POST requests for logout and you are using correct entity Id in request.
I think the setting values below need to be set for sp side.
Set the Single Log out URL
Sp Issues
Signature Certificate
It is not on idp side.
I have a backend using Java which produces JSON for the services, which client will need to login/be authenticated using cookies based (JSESSIONID in Java).
I manage to receive JSESSIONID from server, however concecutive $http.get from client does not include previous generated JSESSIONID which I supposed to be automated handle by $http ?
The case:
Step 1
When I tested my login page using $http.post using valid user id and password, I can get an expected result from my server, I can get a generated JSESSIONID from the server, i.e.:
set-cookie:JSESSIONID=0a624257d0f704840bf6d8c8cc31; Path=/tmh-web; HttpOnly
(pls refer to screenshot in Response Header)
after call Login & been auhthenticated screenshot
Step 2
After been authenticated, when tried to call another URL service which requires authentication, I got an error: "403 Forbidden"
And I suspected this is because $http does not send the JSessionID it has received on Step 1.
(pls refer to screenshot in Request Header, there is no JSessionID has been sent back to server)
call next service which requires authentication
Has anyone experienced this problem with Java as the backend server ?
Use / for path attribute of the cookie.