URL Blocked: This redirect failed because the redirect URI is not whitelisted in the app’s Client OAuth Settings?

0
votes

I followed the link https://docs.microsoft.com/en-us/azure/app-service-mobile/app-service-mobile-how-to-configure-facebook-authentication to set up Facebook login.

In the https://developers.facebook.com/apps, the "Valid OAuth redirect URIs" has the following URI 

https://myapp.azurewebsites.net/.auth/login/facebook/callback

However, it still gets the error?

URL Blocked: This redirect failed because the redirect URI is not whitelisted in the app’s Client OAuth Settings. Make sure Client and Web OAuth Login are on and add all your app domains as Valid OAuth Redirect URIs.

Update: Added both https://myapp.azurewebsites.net/signin-facebook and https://myapp.azurewebsites.net/.auth/login/facebook/callback. And now the website got error of

A claim of type 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier' or 'http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider' was not present on the provided ClaimsIdentity. To enable anti-forgery token support with claims-based authentication, please verify that the configured claims provider is providing both of these claims on the ClaimsIdentity instances it generates. If the configured claims provider instead uses a different claim type as a unique identifier, it can be configured by setting the static property AntiForgeryConfig.UniqueClaimTypeIdentifier..

On the line of @Html.AntiForgeryToken() in d:\home\site\wwwroot\Views\Account\_ExternalLoginsListPartial.cshtm

Update: Added the followign line in global.asax and the error above is gone. 

AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.NameIdentifier;

However, it just shows the following message box with url of https://myapp.azurewebsites.net/.auth/login/done#_=_.

You have successfully signed in
-> RETURN TO THE WEBSITE

Clicking the link will return to the login screen. https://myapp.azurewebsites.net/ (which doesn't need to be authorized) stead of https://myapp.azurewebsites.net/event. Typing https://myapp.azurewebsites.net/event will show the login page again. (redirected to https://myapp.azurewebsites.net/Account/Login?ReturnUrl=%2Fevent)

1
facebookazureazure-web-app-servicefacebook-apps

1 Answers

2
votes

As this official tutorial about Authentication and authorization in Azure App Service:

App Service Authentication / Authorization is a feature that provides a way for your application to sign in users so that you don't have to change code on the app backend. It provides an easy way to protect your application and work with per-user data.

You could browser at https://myapp.azurewebsites.net/.auth/login/facebook for logon.

URL Blocked: This redirect failed because the redirect URI is not whitelisted in the app’s Client OAuth Settings. Make sure Client and Web OAuth Login are on and add all your app domains as Valid OAuth Redirect URIs.

You could leverage fiddler to capture the network package to check your facebook logon processing as follows:

enter image description here

Note: Make sure the above redirect_uri has been added to Valid OAuth redirect URIs. HTTP or HTTPS could be a possible cause.

Additionally, if you use the Middleware UseFacebookAuthentication for authenticating users using Facebook, I assumed that you need to add http(s)://myapp.azurewebsites.net/signin-facebook to Valid OAuth redirect URIs or you could try to use the following code:

app.UseFacebookAuthentication(new FacebookAuthenticationOptions()
{
    AppId = "{your-app-id}",
    AppSecret = "{your-app-secret}",
    CallbackPath = new PathString("/.auth/login/facebook/callback")
});

UPDATE:

I followed this tutorial about handling Facebook authentication by using OWIN in ASP.NET MVC5, I found that I could not retrieve the logged facebook user info and the returnUrl is not working. After some trials, I found that Facebook did a force upgrade of the graph API from v2.2 to v2.3 as follows:

Facebook Graph API, Changes from v2.2 to v2.3:

[Oauth Access Token] Format - The response format of https://www.facebook.com/v2.3/oauth/access_token returned when you exchange a code for an access_token now return valid JSON instead of being URL encoded. The new format of this response is {"access_token": {TOKEN}, "token_type":{TYPE}, "expires_in":{TIME}}. We made this update to be compliant with section 5.1 of RFC 6749.

You need to upgrade Microsoft.Owin.Security.Facebook to 3.1.0, or you need to implement the BackchannelHttpHandler mentioned in this issue.