stackoom
  简体   繁体   中英

AWS cognito ASP.NET Core MVC throws 'invalid_client'

 原文  2022-04-07 06:11:31       c#/ asp.net-mvc/ amazon-web-services/ .net-core/ amazon-cognito

Question

I'm working on implementing user authentication on an ASP.NET Core 6 MVC website. The site will be hosted on AWS lambda so I've decided to use AWS cognito.

I'm following the aws sample here word for word (in testing, I've cloned their repository and applied my own appsettings.json and created the cognito pool and app client exactly as described. The only difference being (to the best of my knowledge) the callback url is incorrect in the sample, so I'm using https://localhost:5001/signin-oidc rather than https://localhost:5001/externalauthentication/callback (I have also tried this obviously it doesn't work).

A description of the error is:

  • Start the application locally (http://localhost:5001) and click "products"
  • I'm then taken to the default cognito login page, I enter my username/password
  • Redirection back to localhost occurs but I'm shown an exception page with the following exception:

System.Exception: An error was encountered while handling the remote login.
Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolException: Message contains error: 'invalid_client', error_description: 'error_description is null', error_uri: 'error_uri is null'.

at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.RedeemAuthorizationCodeAsync(OpenIdConnectMessage tokenEndpointRequest)
at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync()
--- End of inner exception stack trace ---
at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

My appsettings is 1:1 as per their example, I've manually recreated the pool and app client numerous times in case I missed something or made a mistake copying id's etc and have hit the same problem every time.

I'm assuming 'invalid_client' isn't referring to the 'client_id' as mentioned, I've recreated this many times and triple checked it's correct in my appsettings.json .

All help is much appreciated

1 answers

solution1
 4  2022-04-07 10:29:38

For anyone following the same guide from aws, there's a very important peice of the puzzel missing from their page:

Under app integrations for your pool, click show client secret and copy this to your appsettings.json like so:

"ClientSecret": "#####",

Then add the clientsecret option to openIdConnect like so:

options.ClientSecret = Configuration["Authentication:Cognito:ClientSecret"];

Make sure the user you have created is inside the admin group and the callback url is correct:

/signout-callback-oidc

And all should be good in the world of cognito and as.net core

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Error logging out from Cognito in ASP.NET Core MVC invalid_client when requesting Amazon Cognito token with code from java spring back end Login in AWS Lambda .Net Core with Cognito How to create AWS code pipleline for EBS to deploy on ASP.NET Core 5.0 with Angular using aws secret manager with .net core mvc Is there a way to authenticate an ASP.NET Core MVC controller action using an Azure AD token? Is the current user Id accessible in an ASP.NET Core 5 MVC controller if the project uses Azure AD? How to host an ASP.NET Core Blazor WebAssembly Hosted App on AWS? ASP.NET Core Application not Running in AWS Linux EC2 instance instead showing Apache Test Page How does AWS Fargate handle the health status of ASP.NET Core app hosted in it?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM