Search code examples
mauiopenid-connectunauthorizedidentitymodel

Unauthorized error when logging in with IdentityModel.OidcClient

I am responsible for the development of a cross-platform application that must log in with OpenID. This application is developed in Xamarin.Forms, but I have to migrate it to MAUI. To log into the application I use the IdentityModel.OidcClient library. The authentication server is fully functional. I am not the one who develops and maintains the server.

The Xamarin.Forms application is able to log in without problems and obtain the full credentials: access token, refresh token, expiration, claims... The version I use of the library is IdentityModel.OidcClient 5.2.1. The authentication process follows the steps described in this link: Authentication in Xamarin Forms using Open Identity Connect and OAuth.

I am now trying to migrate this process to MAUI using the latest version of the library (6.0.0). For this, the first thing I have done is to download the sample code for MAUI and change only the following this:

  • MauiProgram.cs: OIDC options (Authority, ClientId, Scope, RedirectUri)

     // setup OidcClient
 builder.Services.AddSingleton(new OidcClient(new()
 {
     Authority = "https://www.realdomain.es/openid/more/path/",
     ClientId = "myclientid",
     Scope = "openid",
     RedirectUri = "myscheme://localhost",
     Browser = new MauiAuthenticationBrowser()
 }));

  • MauiAuthenticationBrowser.cs: RequestUrl (same as RedirectUri)

     var url = new RequestUrl("myscheme://localhost")
     .Create(new Parameters(result.Properties));

  • WebAuthenticationCallbackActivity.cs: CALLBACK_SCHEME.

     const string CALLBACK_SCHEME = "myscheme";

When running the app on an Android device and logging in, the browser doesn't open and I get this error:

Unathorized: Failed to push authorization parameters

I am not able to find anything related to this error. Does anyone know what could be happening?

Solution

  • I looked for the error message in the source code of the library and found the following log:

    _logger.LogDebug("The IdentityProvider contains a pushed authorization request endpoint. Automatically pushing authorization parameters. Use DisablePushedAuthorization to opt out.");

    So the solution is to add the DisablePushedAuthorization = true in the OidcClient options:

    // setup OidcClient
builder.Services.AddSingleton(new OidcClient(new()
{
    Authority = "https://www.realdomain.es/openid/more/path/",
    ClientId = "myclientid",
    Scope = "openid",
    RedirectUri = "myscheme://localhost",
    Browser = new MauiAuthenticationBrowser(),
    DisablePushedAuthorization = true // To avoid error > Failed to push authorization parameters
}));