Search code examples
.netangularidentityserver4openid-connect

Cannot redirect back to angular client after login in identity server

I've got an issue with redirecting after loggin in with identity server.

I have the following angular-auth-oidc-client config:

    export function configureAuth(oidcConfigService: OidcConfigService) {
  return () =>
    oidcConfigService.withConfig({
      stsServer: 'http://localhost:5002',
      redirectUrl: window.location.origin,
      postLogoutRedirectUri: window.location.origin,
      clientId: 'applications-portal',
      scope: 'openid profile',
      responseType: 'id_token token',
      logLevel: LogLevel.Debug,
    });
}

And app.component.ts:

  ngOnInit() {
    this.oidcSecurityService.checkAuth().subscribe((auth) => {
      console.log('is authenticated', auth);
      if (!auth) {
        this.login();
      }
    });
  }

  login() {
    this.oidcSecurityService.authorize();
  }

This is the client configuration in the identity server app:

new Client
                {
                    ClientId = "applications-portal",
                    ClientName = "Applications Portal",
                    AllowedGrantTypes = GrantTypes.Implicit,
                    AllowedScopes =
                    {
                        "service",
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile
                    },
                    AccessTokenType = AccessTokenType.Jwt,
                    AllowAccessTokensViaBrowser = true,
                    RequireConsent = false,
                    RequireClientSecret = false,
                    RequirePkce = true,
                    RedirectUris = {
                        "http://localhost:4200",
                    },
                    PostLogoutRedirectUris =
                    {
                        "http://localhost:4200"
                    },
                    AllowedCorsOrigins =
                    {
                        "http://localhost:4200"
                    },
                }

And StartUp.cs:

    services.ConfigureApplicationCookie(config =>
    {
        config.Cookie.Name = "Identity.Cookie";
        config.LoginPath = "/Auth/Login";
    });

The problem is that when I get redirected to AuthController in Login (GET) method I get returnUrl that looks like this: returnUrl Value

And after the login it does not redirect me back to the client app, but stays on the login page. I belive that there's something wrong with the returnUrl itself. I'm using IdentityServer for the first time, so I don't really know what to dig for.

UPDATED:

The problem is in Chrome browser. SameSite thing prevents it to redirect. I've tried the solution here https://www.thinktecture.com/en/identity/samesite/prepare-your-identityserver/ but it didn't work. In other browsers, it works as expected. Could you give me a hint what to do in this case with Chrome?

I've also tried setting it to Lax but nothing changes.

            services.ConfigureApplicationCookie(config =>
        {
            config.Cookie.Name = "Identity.Cookie";
            config.LoginPath = "/Auth/Login";
            config.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Lax;
        });
Solution

  • Solved it by changing the Cookie configuration to:

            services.ConfigureApplicationCookie(config =>
        {
            config.Cookie.Name = "Identity.Cookie";
            config.LoginPath = "/Auth/Login";
            config.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Lax;
        });

    And in Configure method:

    app.UseCookiePolicy(new CookiePolicyOptions
            {
                MinimumSameSitePolicy = Microsoft.AspNetCore.Http.SameSiteMode.Lax,
            });