Search code examples
asp.netowinopenididentityserver3

Get redirect link from client in IdentityServer3 login page

I would like to get redirectUrl from a client in Identity in IdentityServer3 in the login page. for EX: I have a "localhost:54483/payments/5466cdaa-2005-4947-b4dc-cc6a49b83dfd/checkout" link when I hit it , I will be redirected to a login page in IndentityServer and I need to get redirect link above (http://localhost:54483/payments/5466cdaa-2005-4947-b4dc-cc6a49b83dfd/checkout) in

public class CustomViewService: DefaultViewService
{
    private gtoken _gtoken;
    public CustomViewService(DefaultViewServiceOptions config, IViewLoader viewLoader, gtoken gtoken) : base(config, viewLoader)
    {
        _gtoken = gtoken;
    }

    public override Task<Stream> Login(LoginViewModel model, SignInMessage message)
    {
        //TODO need to get redirect link here
        return base.Login(model, message);
    }
}

here is my client configuration:

public void Configuration(IAppBuilder app)
    {

        // turn off any default mapping on the JWT handler
        AntiForgeryConfig.UniqueClaimTypeIdentifier = "sub";
        JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();

        app.Map("/api", idsrvApp =>
        {
            idsrvApp.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
            {
                Authority = "http://localhost:5001",
                ValidationMode = ValidationMode.Local, //set to validation endpoint if we want to support JWT revocation

                RequiredScopes = new[] { "payment" }
            });
        });


        Func<IOwinContext, bool> notApiRequest = (ctx) =>
        {
            return !ctx.Request.Path.StartsWithSegments(new PathString("/api"));
        };

        app.MapWhen(notApiRequest, idsrvApp =>
        {
            idsrvApp.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = "Cookies",
                CookieName = Constants.AUTH_COOKIE_NAME
            });


            idsrvApp.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
            {
                Authority = "http://localhost:5001",
                ClientId = "06de763b-ad15-4225-a147-9f7b5da61cdf",
                RedirectUri = "mylocal",
                ResponseType = "id_token",
                Scope = "openid",
                SignInAsAuthenticationType = "Cookies",
            });
        });
    }
Solution

  • I don't understand why would you want the redirect to happen there. I don't see the logic.

    Have you read the documentation for identityServer3? You'll see there:

    GET /connect/authorize?client_id=client1&scope=openid email api1&response_type=id_token token&redirect_uri=http://localhost:54483/payments/5466cdaa-2005-4947-b4dc-cc6a49b83dfd/checkout

    *link: https://identityserver.github.io/Documentation/docsv2/endpoints/authorization.html

    It means, when you see that the user is not logged in you send him to the login page of your identity server (even though the HTTP GET method above links to an endpoint, the identity server will show a login page), and in the request to the login page you would send an redirect url. Just make sure the redirect url is allowed for that client (check the documentation).

    p.s. It is not recommended to keep the API and the identity server in the same project!