Search code examples
asp.net-coreopenididentityserver4

Redirect from Identity Server 4 not working on .net core 2.2

I am following a Pluralsight.com tutorial from Brian Noyes called openid and oauth2 securing angular apps.

The exercise files work fine. When I updgrade the Identity Server (STS) to the newest asp.net core 2.2 framework, the redirect after logout gets stuck on the Start key discovery request from the DiscoveryKeyEndpoint

ASP.NET Core Identity Server Console Application

The error message on the console in chrome is the following

Error message on Chrome

When we look at fiddler it becomes obvious that there is something wrong with the content type that is being returned.

Here the working example with the correct content type of application/json and the old ASP.NET Core 1.0 Application

Working fiddler Redirect Header

And here the broken example with the incorrect content type of application/jwk-set+json and the new ASP.NET Core 2.2 Application

Broken fiddler Redirect Header

How do I fix this weird content type that is being returned.

Solution

  • There's a GitHub issue that describes what's going on here. Essentially, a bug was introduced into oidc-client-js that caused the Content-Type header returned from the jwks endpoint to be valid only if it was application/json.

    The issue was fixed in 1.5.2, so upgrading to that will resolve the issue you're seeing. The project is called oidc-client-js but the NPM package is oidc-client.