Cannot redirect back to angular client after login in identity server

Question

I've got an issue with redirecting after loggin in with identity server.

I have the following angular-auth-oidc-client config:

    export function configureAuth(oidcConfigService: OidcConfigService) {
  return () =>
    oidcConfigService.withConfig({
      stsServer: 'http://localhost:5002',
      redirectUrl: window.location.origin,
      postLogoutRedirectUri: window.location.origin,
      clientId: 'applications-portal',
      scope: 'openid profile',
      responseType: 'id_token token',
      logLevel: LogLevel.Debug,
    });
}

And app.component.ts:

  ngOnInit() {
    this.oidcSecurityService.checkAuth().subscribe((auth) => {
      console.log('is authenticated', auth);
      if (!auth) {
        this.login();
      }
    });
  }

  login() {
    this.oidcSecurityService.authorize();
  }

This is the client configuration in the identity server app:

new Client
                {
                    ClientId = "applications-portal",
                    ClientName = "Applications Portal",
                    AllowedGrantTypes = GrantTypes.Implicit,
                    AllowedScopes =
                    {
                        "service",
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile
                    },
                    AccessTokenType = AccessTokenType.Jwt,
                    AllowAccessTokensViaBrowser = true,
                    RequireConsent = false,
                    RequireClientSecret = false,
                    RequirePkce = true,
                    RedirectUris = {
                        "http://localhost:4200",
                    },
                    PostLogoutRedirectUris =
                    {
                        "http://localhost:4200"
                    },
                    AllowedCorsOrigins =
                    {
                        "http://localhost:4200"
                    },
                }

And StartUp.cs:

    services.ConfigureApplicationCookie(config =>
    {
        config.Cookie.Name = "Identity.Cookie";
        config.LoginPath = "/Auth/Login";
    });

The problem is that when I get redirected to AuthController in Login (GET) method I get returnUrl that looks like this: returnUrl Value

And after the login it does not redirect me back to the client app, but stays on the login page. I belive that there's something wrong with the returnUrl itself. I'm using IdentityServer for the first time, so I don't really know what to dig for.

UPDATED:

The problem is in Chrome browser. SameSite thing prevents it to redirect. I've tried the solution here https://www.thinktecture.com/en/identity/samesite/prepare-your-identityserver/ but it didn't work. In other browsers, it works as expected. Could you give me a hint what to do in this case with Chrome?

I've also tried setting it to Lax but nothing changes.

            services.ConfigureApplicationCookie(config =>
        {
            config.Cookie.Name = "Identity.Cookie";
            config.LoginPath = "/Auth/Login";
            config.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Lax;
        });

Your url seems correct .I would suggest enable logs and check log file, i guess there is some exception . They have provided default logging with serilog in text file .https://identityserver4.readthedocs.io/en/latest/topics/logging.html?highlight=logging — DSP, Aug 18 '20 at 10:47
@DSP what about this returnUrl value? It seems to be incorrect since it contains extra data that, I belive, must not be there. — AlienTedCoder, Aug 19 '20 at 03:36

score 1 · Answer 1 · answered Aug 17 '20 at 11:33

One idea is if the redirect URL Should be:

RedirectUris = {"http://localhost:4200/auth-callback"}.

The link should be to the URL that Angular wants the token to be sent to.

See these links:

IdentityServer External auth provider - auth-callback - Redirection - 400 Bad request
User Authentication and Identity with Angular, Asp.Net Core and IdentityServer

score 1 · Accepted Answer · answered Aug 19 '20 at 08:02

Solved it by changing the Cookie configuration to:

        services.ConfigureApplicationCookie(config =>
        {
            config.Cookie.Name = "Identity.Cookie";
            config.LoginPath = "/Auth/Login";
            config.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Lax;
        });

And in Configure method:

app.UseCookiePolicy(new CookiePolicyOptions
            {
                MinimumSameSitePolicy = Microsoft.AspNetCore.Http.SameSiteMode.Lax,
            });

Cannot redirect back to angular client after login in identity server

2 Answers2

Linked