I'm trying to setup a very simple OpenIddict project, but I'm having a lot of problems and questions to make it run.
My project have included just OpenIddict.AspNetCore library and is using Net6. The code is just:
using Microsoft.AspNetCore;
using OpenIddict.Abstractions;
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddOpenIddict()
.AddServer(options =>
{
options
.AllowAuthorizationCodeFlow()
.RequireProofKeyForCodeExchange();
options
.SetAuthorizationEndpointUris("/authorize")
.SetTokenEndpointUris("/token");
options
.UseAspNetCore()
.EnableTokenEndpointPassthrough()
.EnableAuthorizationEndpointPassthrough();
options.EnableDegradedMode(); //To suppress calls to the DB
});
var app = builder.Build();
if (!app.Environment.IsDevelopment())
{
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.MapGet("/authorize", async (HttpContext context) =>
{
var request = context.GetOpenIddictServerRequest();
if (request != null && request.IsAuthorizationCodeFlow())
{
await context.Response.WriteAsync("Call to /authorize received");
}
throw new Exception("Invalid request");
});
app.UseRouting();
app.Run();
When I run this, the request variable in my /authorize delegate is always null.
Also, I expect to have the endpoint .well-known/openid-configuration, but it returns 404.
I don't want to include EF yet, because I prefer to see the working flow first (And could be another Db implementation than EF). And, this is a recurrent problem in the basic examples: they have too much implementation details that make very hard to find the bare flows for a IdentityServer.
My objective is just to have the Auth Code flow.
To fix the null request variable and the 404 error for the OpenID configuration endpoint: