I have an app that is written on the top of an old ASP.NET MVC 5 framework using C#. I want to enable OpenIdConnect authentication to allow my users to authenticate using a private OpenId server.
I was able to add the OpenId external provider using Microsoft.Owin.Security.OpenIdConnect project. Currently, I am using Code Flow to authentication users. Here is how configured the OpenId authentication provider
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions()
{
Authority = "openid-server-domain.com",
RedeemCode = true,
SaveTokens = true,
ResponseType = "code",
ClientId = "***",
ClientSecret = "***",
RedirectUri = "https://localhost:55555/connect/redirect",
Scope = "profile",
PostLogoutRedirectUri = "/disconnect/sign-out"
});
When I add Scope = "profile", the app throws an exception after the user logs in. The exception states
Unable to validate the 'id_token', no suitable ISecurityTokenValidator was found for: ''."
Removing the Scope = "profile", works without exceptions, but I need to add the scope so that the server returns user's profile info.
How can I fix this exception?
It turned out that I needed to include openid as part of the profile to work.
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions()
{
Authority = "openid-server-domain.com",
RedeemCode = true,
SaveTokens = true,
ResponseType = "code",
ClientId = "***",
ClientSecret = "***",
RedirectUri = "https://localhost:55555/connect/redirect",
Scope = "openid profile",
PostLogoutRedirectUri = "/disconnect/sign-out"
});