Hi guys I am trying to add oAuth 2.0 oidc to .net Webforms app running .net 48 and am getting this error 'IDX21307: The 'c_hash' claim was not found in the id_token, but a 'code' was in the OpenIdConnectMessage' if I don't use MessageReceived notification then it goes to 404 resource not found after going through AuthorizationCodeReceived I used MessageRecieved notification after going through comments on this answer
not sure what to do or how to debug here is the startup.cs
using IdentityModel.Client;
using Microsoft.AspNet.Identity;
using Microsoft.IdentityModel.Logging;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
using Microsoft.IdentityModel.Tokens;
using Microsoft.Owin;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.Notifications;
using Microsoft.Owin.Security.OpenIdConnect;
using Owin;
using System;
using System.Collections.Generic;
using System.Configuration;
using System.Net.Http;
using System.Security.Claims;
using System.Threading.Tasks;
using System.Web;
[assembly: OwinStartup(typeof(http_SpectraWeb.Startup))]
namespace http_SpectraWeb
{
public class Startup
{
// These values are stored in Web.config. Make sure you update them!
private readonly string _clientId = ConfigurationManager.AppSettings["okta:ClientId"];
private readonly string _redirectUri = ConfigurationManager.AppSettings["okta:RedirectUri"];
private readonly string _authority = ConfigurationManager.AppSettings["okta:OrgUri"];
private readonly string _clientSecret = ConfigurationManager.AppSettings["okta:ClientSecret"];
private readonly string _groupPrefix = ConfigurationManager.AppSettings["okta:GroupPrefix"];
public void Configuration(IAppBuilder app)
{
ConfigureAuth(app);
}
List<Claim> claims = new List<Claim>();
private async Task ProcessMessageReceivedNotification(MessageReceivedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> args)
{
if (!string.IsNullOrWhiteSpace(args.ProtocolMessage.Code))
{
// Exchange code for access and ID tokens
TokenClient tokenClient = new TokenClient(new HttpClient() { BaseAddress = new Uri($"{_authority}/v1/token") }, new TokenClientOptions { ClientId = _clientId, ClientSecret = _clientSecret });
var tokenResponse = await tokenClient.RequestAuthorizationCodeTokenAsync(args.ProtocolMessage.Code, _redirectUri);
if (tokenResponse.IsError)
{
throw new Exception(tokenResponse.Error);
}
var client = new HttpClient();
var userInfoResponse = await client.GetUserInfoAsync(new UserInfoRequest
{
Address = $"{_authority}/v1/userinfo",
Token = tokenResponse.AccessToken
});
args.ProtocolMessage.IdToken = tokenResponse.IdentityToken;
claims.AddRange(userInfoResponse.Claims);
claims.AddRange(userInfoResponse.Claims);
claims.Add(new Claim("id_token", tokenResponse.IdentityToken));
claims.Add(new Claim("access_token", tokenResponse.AccessToken));
if (!string.IsNullOrEmpty(tokenResponse.RefreshToken))
{
claims.Add(new Claim("refresh_token", tokenResponse.RefreshToken));
}
}
}
public void ConfigureAuth(IAppBuilder app)
{
IdentityModelEventSource.ShowPII = true;
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ClientId = _clientId,
ClientSecret = _clientSecret,
Authority = _authority,
RedirectUri = _redirectUri,
ResponseType = OpenIdConnectResponseType.Code,
Scope = OpenIdConnectScope.OpenIdProfile,
UsePkce = false,
TokenValidationParameters = new TokenValidationParameters { NameClaimType = "name" },
Notifications = new OpenIdConnectAuthenticationNotifications
{
MessageReceived = ProcessMessageReceivedNotification,
RedirectToIdentityProvider = n =>
{
return Task.FromResult(0);
},
AuthorizationCodeReceived = async n =>
{
if (n.AuthenticationTicket != null)
{
n.AuthenticationTicket.Identity.AddClaims(claims);
}
},
},
});
}
}
}
any help would be great Thanks
