I'm trying to build a spike that uses Log In with PayPal in the sandbox. I'm using Microsoft.Owin.Security.OpenIdConnect based on this http://www.cloudidentity.com/blog/2014/07/24/protecting-an-asp-net-webforms-app-with-openid-connect-and-azure-ad/ for want of a better example.
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = "my test clientid",
RedirectUri = "http://localhost:50625",
Scope = "openid profile email address phone",
Authority = "https://www.sandbox.paypal.com/signin/authorize",
MetadataAddress = "https://www.paypalobjects.com/.well-known/openid-configuration"
});
The problem is the MetadataAddress.
If I set the MetadataAddress to https://www.paypalobjects.com/.well-known/openid-configuration then the configuration is for live, and the authorisation URL I get sent to is
https://www.paypal.com/webapps/auth/protocol/openidconnect/v1/authorize?client_id=etc
which is not the sandbox and has never heard of my client id & throws an error. If I then press the back button, change the url to
https://www.sandbox.paypal.com/webapps/auth/protocol/openidconnect/v1/authorize?client_id=etc
then it works.
But if I set the MetadataAddress to
http://www.sandbox.paypal.com/.well-known/openid-configuration
in the first place then
What is the correct url for the .well-known/openid-configuration for the Log In with PayPal sandbox?
I found the answer I needed by using Owin.Security.Providers.PayPal from
https://github.com/TerribleDev/OwinOAuthProviders
It doesn't seem to use the .well-known/openid-configuration, but has the following end-points in it.
private const string AuthorizationEndPoint = "https://www.paypal.com/webapps/auth/protocol/openidconnect/v1/authorize";
private const string TokenEndpoint = "https://api.paypal.com/v1/identity/openidconnect/tokenservice";
private const string UserInfoEndpoint = "https://api.paypal.com/v1/identity/openidconnect/userinfo/?schema=openid";
private const string SandboxAuthorizationEndPoint = "https://www.sandbox.paypal.com/webapps/auth/protocol/openidconnect/v1/authorize";
private const string SandboxTokenEndpoint = "https://api.sandbox.paypal.com/v1/identity/openidconnect/tokenservice";
private const string SandboxUserInfoEndpoint = "https://api.sandbox.paypal.com/v1/identity/openidconnect/userinfo/?schema=openid";
I eventually manged to get login working with my sandbox account.
Notes for anyone else attempting the same thing:
Firstly, it's necessary to set
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;
at some point because of The request was aborted: Could not create SSL/TLS secure channel sandbox account
Secondly, the Return URL you configure in the App Settings in PayPal needs to be the WHOLE callback URL (not just the domain name) that's generated, and it doesn't actually tell you anywhere what that's going to be... the default is
http://localhost[:$port]/signin-paypal
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.