I'm working on implementing user authentication on an ASP.NET Core 6 MVC website. The site will be hosted on AWS lambda so I've decided to use AWS cognito.
I'm following the aws sample here word for word (in testing, I've cloned their repository and applied my own appsettings.json
and created the cognito pool and app client exactly as described. The only difference being (to the best of my knowledge) the callback url is incorrect in the sample, so I'm using https://localhost:5001/signin-oidc
rather than https://localhost:5001/externalauthentication/callback
(I have also tried this obviously it doesn't work).
A description of the error is:
System.Exception: An error was encountered while handling the remote login.
Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolException: Message contains error: 'invalid_client', error_description: 'error_description is null', error_uri: 'error_uri is null'.at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.RedeemAuthorizationCodeAsync(OpenIdConnectMessage tokenEndpointRequest)
at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync()
--- End of inner exception stack trace ---
at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
My appsettings is 1:1 as per their example, I've manually recreated the pool and app client numerous times in case I missed something or made a mistake copying id's etc and have hit the same problem every time.
I'm assuming 'invalid_client' isn't referring to the 'client_id' as mentioned, I've recreated this many times and triple checked it's correct in my appsettings.json
.
All help is much appreciated
For anyone following the same guide from aws, there's a very important peice of the puzzel missing from their page:
Under app integrations for your pool, click show client secret and copy this to your appsettings.json like so:
"ClientSecret": "#####",
Then add the clientsecret option to openIdConnect like so:
options.ClientSecret = Configuration["Authentication:Cognito:ClientSecret"];
Make sure the user you have created is inside the admin group and the callback url is correct:
/signout-callback-oidc
And all should be good in the world of cognito and as.net core
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.