IdentityServer External auth provider - auth-callback - Redirection - 400 Bad request

11
votes

I am following https://www.scottbrady91.com/Angular/SPA-Authentiction-using-OpenID-Connect-Angular-CLI-and-oidc-client and https://www.scottbrady91.com/Angular/Migrating-oidc-client-js-to-use-the-OpenID-Connect-Authorization-Code-Flow-and-PKCE to implement OIDC in SPA(Angular)

I am using aspboilerplate integrated IdentityServer

I've set up everything as per the above articles and I was able to navigate to external auth provider and was also able to enter the required credentials.

While redirecting to angular I am getting 400 - Bad request. Here are the details

Call back URL :

http://localhost:4200/auth-callback?code=b74f38054d4becadaa3c45ce58a83c892e0d25e7fc4bfcc1ef29ce369b477596&scope=openid%20profile%20api1&state=18af0415b22b4614882d3e31113e2717&session_state=yP4rCdCetarKTsX6X0JXYTeV_1Xo8dud9V2FnT-14QE.db913b7a39e26220d8ac07de5a523eb2

Cookies : Request sent 9095 bytes of Cookie data:

    .AspNetCore.Antiforgery.xkdte50z5pg=CfDJ8FAKJpEizERFtUzdjBClgctpGC-BWtg81DZ33kUapCDBb84U7ILfbqhExQzI3oVOWReKh72cV8hdROZcCh6wK7tbwl14PnWzNIECZGxyYx-K3MINQnZEp3cp-Ury1Z4KaRHs7mqvmf6oc30h6Q-oFxI
    idsrv.external=chunks-2
    idsrv.externalC1=CfDJ8FAKJpEizERFtUzdjBClgcum3jNb_Pj5sm5cfWLtKGcBqkU1VIUHlMdupOgnYwqTNw3bjxOoeVbCR1YR9y6Y2Q6zZvxX2juNv1iiUTwVIcTAG99R0QU8Ki1EJ8uOvaVN-BgUFNXYzcrct69nxfTGj5Ay2wL18-ziLczxnqurAbgTVkgyZs6IWHgtbOwyoyJb3klbQUkt4nmNZbwNSzeYknhDq7ohwEqeva51TIw73lciD2bJpJZnxUFx9eRI7FiJcf6qM3iYzvQ9R1-IRAmTleGEul_KY0eEcf8srxjPDgCRvj_Chy14N0rJdvWvrgio2yfdKTiCam2y-xPporU1oBOupt4zuaKsnPlHzzY9NksO_Gp7TTXJi91d3P2rl9FtBbQVQQDgpuNlwKO_WWIbd_nvcns647_0Cm0-mXiPecFrCC_plifOJ3ZRQHDYd-_ykOR_8WtGVYNigh0LPn4WxHoWJujUneRVaF_ootP4I1-uzcP6oDtTdxzCBgQpsujS_gRsHzZQ4S_EUX90R_BNEfWpg9Z5je0sT4Rma_tBeDBTCtqaZEKng_n4ybbn8xZc0dwuuGsVjYDSLXXoHLhQ55MalqJmRITH2mBNl89on3l2Y_e3_N-T_ScBJOS6HUHhTbKgiA2-R3XP5T_Gd0Fbmhpyrb4uqRJDybQb3muaKwYAJg51PSoiicA927KTcfiVPUzHY7YoENJ8MqBHkonvpjw9QtrWCgn0t4wTgrj_jIkIg9VmIZFReWGDiIw1cQnvA8u0lnPdxXl0D0ywm1eKCcvliHuFiT4KM2nKhUtlg75X5w5AYBFRb8ocx6Gx4zNEuV6cXzsx0-PVkbm7DllcMu3gMchpk47rDrIUjTDqlSjnlM1JaRWbrxXAui5tvZwOdAlI3e3__RIu-hdSJNO_ZgvPkLRUBiv0weNmsUWPjLzSjP8RVj-fWWCj1DuXSeUKcWTeEiXu019Klco48i1eUKB-vqLsUZHWAc8E02A8xF3kyz8OXOIam4tOlBD03-CgUK8zf0ahdtFegsXspJ75Z7Swml8CHpPkHrdZvGrryd-UbRipNpejtde1B9-WnLhpLQjXYCZdCOFndeg9CG1L9uBpaAU9pOB-AzmLqNIa1zi5qS0h9YqlL4wHGnK0iDlSmmK9kpZuTUS2nSEqs9hDwew1asxl7LPF1sMJyhjfDBAOmcHV4kZA_E6w0Y8_JQC4vu8Oda7vVoApvolhhHPqXpmmwbHxwxv1HjmC1UBdGUOJyn1rX6ASFJnEu1mmgqD1mgXizbmPzJd_KzRUkd5F7M0DcTBX3U3_p337g3QG5WJlBE5v_2JBlh6s-G5Lxs7UNXwcEigg6amJEgcIejNKXRbynJ-IKE41kd9PvXeG29d9B27Y37LPQu0xVaH7C7Z46pkASHZVrcPGLOoN0gHBTNwGaDUfca8Sb2bq3umhNjzK5uNxLaEZErCmjQQzUidKHcbWyuHC0ht0X1phOJv6hMTiUroYVaTP-ma_B350Z0euJq4atEPu59-Redz56aYtuKBW13axJs8qtsvXolwkGGboHzB-gj8PjDrT-iHGVMnoXVLkkOM_nYzfY5PwnaSWUdPtXnI6hxTlJomU5Bvhm-7TKLfB4bl3Fel4MM0QdrTQJz28FBTVFizzdksoPB4N_3jfSZsR373mN0wdtqpEjmKNUvGnVNX5wTc_3oMTO0cprxSVXwUK23phkomKHUYMZ8i11Z7T1mZHx5Yci1CMp-mHqTD-fBbmSK7YYvwtsSLeeI7u4cH-IYRl_3YQtxrFLwqTOzWllcz_JgbvwNXPYirLj0EVqGwttipg8QIuNyJIaPAnovTpJVI15ioJKfS9F9xlx-JVETbgxK3Py259pbTu8r-jHEZT0YdlItIZO-t5FM6hlTHAtQ2SuY8kdFQyBlUNZQPpw3ft6cz6mUt-2CcTdZ-xibkEdr7dEAZflSIrhL3Kt4lrdNalI5j68zG_0g9qfcXKTaqyMN0bawAzBfmaWAIp-u1KZb5vi6Kwf9ZEcNYF4fzHjHIOSNmySgiaYt2zH8EvbcJbTQmfBhuLOG6zBDU1-fDTK4-eBPkRJWEh4OTHm0jC8GV_N-80CrbUxjJUzoBWJXReu-sE00d4zBVHTHNJDlShXlyUPb_vqaGCJDFIlEEZUjyvAdwP0eOOeuhSz6jYicK9WwaZgsoLLsyeNZwLEOLftEBAax5ddoUdwe2kwxJ9eMZd_TE4YYzI9ZI37QAjzfhf573n8l2V--UEr-Kt6asTxzNvg1gK7doRns66W7KC6qnL_9ApLeoZ-hOX2QZ2J32D78mk5h4Dtv06lsNm4pBs8855PeZ7ygBu-p1edi1UjEWLzIxHxQ8YNNErP-U75HDgStXVRBY7CuXqz8RVc62Pjrj6z3Z98nV3KfcYJloq-Qejg1oSmFLgHrs5tTecL3caIopMy_MV0XRg6ly7cZtWq_8GQclQP_-6nTGy2ucN9ncj6sSjbFXxtKPV3bLAUm_JFtMfzzjR4TxP8s95zOiBwF5XXlLPu5QzBOoprI4Qf_XhmlTe8_1Z7X_HzCZSfWtgSDMEmcyOXxp4sPeKnh4U7o6ZlKukGz14F7gB94l0ZEHpbtOScRWb88o0fisHQv_G2Erslx3O5sGDMQG8G_W7d6IMBs1FFU1wcy8gmAznDbgFxtEPmXwdcoMY5MxliQQ8SrmREP_fU32jfGox5BiebA10BtQKjctJdnF_KPu3UzFuPGjFncCrpT74J3bR8O7BTUY175pOR2Vw4dtPCubHDeLHzFT8QWsPOO0CUS1kbtlooYbPS292E8lawWmYcFMcYsDq5x40NeX4-NVLuL0DvaqC_tgBLqvjDsrv6hQy6xQBoJt0PtfB-X0n38TCl9jwmpA3IiLR77FEAbpf0RRs4NB1_fIs9nSgK76JFPunxZ8jsgOW1ERNBTjgCaO72tct0l6rtrZAD35fu6KPBCFsofdoRpw5e5hxiq_Py2nYniCv6BkDLezt5wyYW83Zh8RJ1MQgZxNg3mJj0yvs0b3shdmxcjYZruCswCpcYHUCmqsTIjj4yQOHY15c8R50Asq4-eBuf3FhrIY7UWftvY3f3yL4IRQyX93oD0o1SCgpULpzR3dUAJD-QId3fHHbq-fC80Jqs09LP-HA9r7SutOSDpbcH-qD6ZDIVMddxGNOSyEVEN21fNPMUmVD-7u3-B9hmTrmb48HJLAQn9JjN7SdYjlNOoiyzwqZchnmWE3Twuro0S-GBryAqKdF7eQKpPqgtOks03JcXFERS0iRIJLZe3syjY39SZbhYMahkAc0D2TnJdUSxc-g85H_e0GobgE6R74fAwKeFDNrThwaULJBQTq0EWFikOMpZFzylfluw1M9U4ad-f53bYHPcvKFw8giZN6N-VM6qLrg3D3oU5169cXpmbRDeawreIOHvlVoIfhRZu7cSkARO0AGmL9XUrGivRNgMyDXRBIgIn_tbIPFvIrWkhgcZZZZP2t4YFzhn2MvKoHEFAfQHFFQ4jvCv-Waof19dRzbMSjS_Vz9qPzslbUjYATnIykQCeylOybDQKl5b6QVwmz9ioSl9OrJNFbzy9TDXSqjgCnefoHdZyVubpHSCADKJMB4FnLK5IdCFwcn2MSz_FuZzuCzDzR1B_WNTMuLQBR7Ks70uizUOJ8BKI7tuMO9nU9N6AQ7Preb_XRLVFJ31ISl5DvrQxyh__1Uet1IuT1vYrH4owFgaTnwOPRMPNxmnUTJRsbyEFdP6p6kQjV8zrId3qhBDIRMTfuOgT2n4awFqGbIM5DUnag003rbzpqD5zuL1RAlCfwyf2Yx0u0qY3es-zJV9CtlzU7X7YR-GBDSVJCKSqRRNg7YY-B2Y2E53Wudp6DDzVFuGs5G-XGJKzq3mru5h1CWaplCNgpDkdaRId-mfp1p2EP0vmoVkQnlkXqT0oJTsOBSTLKDrCfkniMbmKP_afqWS5jn6BmRDuFjEhdhl6Wa2GkMznTps_g9My
    idsrv.externalC2=TudWp3eg3iUDnXn_uBCELCcSM1M6cxDlaF2RtsIFq74WusG6xZaIXZi033_2psAUpYZ-rKCn-fR-0p9RsHfw4Tot6oTODOcVUeF61Q3Zw6yoXZp497mMT3u-RMB58Yai5pUSMJk1Ex_2H1ekLjks9_ngpns76ARB3dWi_gzblCLQ-zSujcPw7ksoBLlt2X_h4B3w6Y91lCyHkn77NcAKdTiVgRs4-nX33NEr7Rogr3p365AV9vrJqWIl-eP7I0Di4mQn-EUZAd6C1iqBA-Af0wp3Nm2OmJJr-dEoPpppha7wW0_3IGk4_O_0cZjv5e0-63ER0X3cB5ZoKzRarKkdNEm3uBgcexGLOWJyTL8ntrXfytxxC0iP4DiO-wSnydrD0r-k6F9iLd_-pSuz30MnHDAAXn0141EC7gLr-J1EFS3ou2b8ocjIjJUF9jZ_V9IfibMrI_K7o4e-Yk5uhvjIzOq_usu2LgDhLjLIYXYwX_lQPX-D_z9Apn5IfE6iaGpc2ziqocj2uDFEA_j2dKtJBiyRylBcv89BJfWcsNHLybiB1dVBSFeRmQx_Bi24Hv0fkjw-7FLIFnGHv0UM2t09zp6QL4T9K7ggxOZMWp1-l4yIfnJRBDOVzSUcJZLEmAzv-lFcppUOtvrUmERDHItWFI2IF56flIGH5bLv7FJBFCW8Ke4HcI70EiWwBSHvO6JionGOrXpsAmVGW3WbfVH-iTrepjmYeJpzsKJbjBWvtTOy4BjcxjUe7S0UZvrMIpulv-bH8EJhT-ZnSublufZBtnUa5AB8Eo746zPmoEBhFETx_kGMKtwG11Cj_awV2xlY4P7Teb1UsNYvncPHn7B0gPRq-e3MHeqo0O8GgKcnZb9rR96NpBsLqZ64D--9kbYengtKR25guD1lRRb2ijqkC4aCp7hD7ohE5RjggPoxo5wr8ZQA4-c2HT_uwlpe-QpyY_GdFErAW-eT0sSA0JljDVTsgFFt45CP2Hid2gqRX89-vgBVXjmV9rTZHocGEBg-PgQP0TGeGQMg6RWL9ryzsb0auFRBhiAPkyoPonTNKM_Uh2tSVXKZB27T-dAJRXF4qZ6sFzAgQsrJxphmucPUuFw1RnaFGSM3swf4A8JR6egRegMIHq2qci2uEUyQnfSTYLciNvur5OXXkfYCEb73KaYwzI1I32FUnJ3RsrQPSgS-RhNHSlrfHgf6DjAqa5VNk3u7c4RIreVTxI-ZiGjLJgxHxHUuSIyiKnClH1WrZBZ0yVupkmjcNd08jMbAEIUeP43tMg_Mwl9zjN6kGQdbDbRMNqGw6cIv7_6cCPcT0Uc5e8biHEYdLO6MPsCbH9bOEjVluRY76g8-CNQx188rxm_C1-qmxqbjGlHmebmtA9Gm4WR9RJ4ZBZkuMjMNn-rZv6fuVBtOUxzFUj0RZu4p5yhURxLRDh8OAAYj3gMd1TJ4qXrITd6Qa3VCnaCe9WHJgAEmfHjUiFulqTsv6NIFZiZfr4JysHSSk6qDAwdLDHEfb-XjM7EbS6h-2ehU1wLM6HvXv2PMpq05leZ30XYHpM0m-JGT4iOE-23jcEYba8kx8FpPAEvMaxllEMx-U6cXpaSY7gICbk08mrZJoRwqm1x14JsfWnS40NxypgaEm4Ofz32YP0gzg_96wwS5dPgEU56gS6iQLfdLwyuME7KLcVNGRs0fGDH7hsfBZk1FwBpOQO2o60dsxZTtIHqKnftVrn2fhoc2Q6Cpe3GKPHD3fIzga4_umSTZL_uQg_XTi_01IYRr5dSKQ1GwQVM6ELf1o5Un4YiCZ3qOpjioKWLapQwckdUrKjg95Lxlnq7TkkTlB2C33tjgo_UQ-CLxSYEGR78m0USywEfXi6N0LS2MaDmu0rNY_UweMs9EV0r_y2KqqLy_afFrn3IWn5XcmAaDhI59a_yRtkNYXMnKP3rexMYSdHSY10AVgPO88U-_5nelN5CX4zwNnJsyjD8sno59zEPq1UPvW5q72USgnt3wY4YWSPfkkhNBWr16pKSmTUkuaWtbcP9MQg0uwrHhlQAXcM
    idsrv.session=3a7192efc6a9690cb33226c0241d91be
    .AspNetCore.Identity.Application=CfDJ8FAKJpEizERFtUzdjBClgcva9BrL5NevHGMOeN3Y4e-BtNupVoy3JNq-gAf0-xVS97cU9-h7xQXpsv2zJP6nx5leh2DsRxN4uwXPrxiAoJgdfXyTFvhtATpLLRmWPEFnLSH1hD8BTV0U2b2kbBAFl_ny-27_-xoZdV72SVkJcrwAuWCZkNpMcBdGfmNMWXwyL1c8cz684o0oWicEyHvquOdHW_bBpkUrXSQK9b42pln40tPVBlYFLMEgMDKCwWGwYcR8_gx5P0dyobN1R0RHYXFXiwkFNWzz9ZsEpKk9wxWF_Hn7XDNuVV4IiLRwQiVm60njvg15gKUlxPpYQY-8C7oTRPsgZGvSqisVbSlF1EyoLsarDak_Yns21HEQY2AVGs2VxuPidNe6cRdjb5sIRuHUX8kDawttIu8MnrHyLRjaF94Zz-qrCpZfYiHOtfpu7VVg_7HBNusMBOy9xJQLXBftgPamYkCFhnXepQ34RJiM3-1yfQNibj-TaVvSHtt7_lyQdwcnX2MqjxyX3XI7uYqyYT6ela_qBg1C-bTYoiFbiqcv8C_dME9RsBdB_V7q0BtSPvgcHrG5lUJlvksAGyUzo0fQn9dzdEjKU86CaQ_XD349PPznjRe8Tk1E67XqI0CzPhB3RzV_sHdy4Ghfq7MP_WXvOy3hc0mH4TNN03AbB7_aHcIojeHVNh7cyfmcJ-9A6n0jCrSXHxEdf66jjc_VMgxk3nytS_g749s84jAajtxBGnXmqvAnqEYuZZgTAJFMaajq5rrxBU_X_W0DQbErZu3fQU6e_LYrJxAIcXfy4Qh-iynY1flPZBihr0S3qfOxUhrvpB64zq1b3fa9r5edByt9tgBm8KK-wC0b9JjF6kms3rn3YrJIJF00lUG8vZ_MfRr_fU3-e6rG7eQn6YTiQK2ZFfnEo_dzTegfDTJ2fez984jJzJFSC0s47rrb4N2ofoHpAqqqybEWW2UQtURvOU2d5CLRvo32RTI4EBD6bKbv4k92TBpOsZe09ipHmAO9cIBTNfCEkm7AYjv_ZvRrasb6kU7GcrNwRUx1k4fcmDnEeBZZgMbMjWzE6ieJ2miqxOiA3z2vuYcPTMB43vjKjqeAsn5juCx7l4Qo_zdE9UEqLlBSmEOA-UQsdg6m9Dz48QmW0XIxZ1WGVPz2Dbot4zVrgRNg5FzLpUwsvyd3IoLmjSCnvUxNDAXYN2zlUr2ToGVU6O2fYhjmJHRqTVepTebaZ-qjAzex07SR0Oo-LZq0780WKdKIiq5wNNFTVxN30tZuPcfPqd7CBIfZzlkMlyko_RUs18ZiZ8bQaiDLWSbLV-d6nNCO_TSDbLLWkr0gc6BW0ZM8G6BdCVCS6Pb5WlkVGuwejZ5QXSHjPEfqbr06_6FqnrcRts7irjDWnw1GpnT8jkSlwPnLFkcCndm90nWbQ-EKns1qEXQi-m31jdP7m3i83Fyc3pxpcgkTFi0cLfFc1hswdacpBCHPwyDikQ5mszondBiqCHDzZMy635jq8HHREfnJgDNUxkj1WOKnpwCFa6GLWsN1w_U8KpvTEpXM87PRTqIhZW6EfnLzZHuWGpuWCiEATDyyVvgJFIOxQeEHqfXDPPTxl0EuDYCC-9eaw6q0AcgNYbAqlXHWCgqcXshpI1qVu0aQRP_81UT9vk3orUZNZqD-WSA_GHRUTVMedpp-piqDEZ-q35V_NIzhrUwyflpCcTItrhy57-IJbHujRVosl8x6s2A9J_JytTK9y4lqfBe38h6dQtPNOdjhkA_ioWdvWn2KFVLtULnapFScWLm4ew-Gbrxfrmj68JzmsKUOKmm6i0o2Y0JMEg9gsExTh1K3Z_e_DCnfJl3XGgB6Q5rX_qzcvqwyldPn1xJyXealA5KCi38hqsI0wy5-LZhiIUt6PEQX_WNF5wiL9jkT_6-qVfUhlRB87tcqx6YHwdwlYUErsNkrRwZJQrtXxDJoZwEWYy31Ehpi2XVoKTksNGdvHbJcPtFBt7BactgMy6MRu0LVTI8XFhVaG-9LaiHAq9U3c2vblpNjdlBW0nrujZo5MaV5xroyrL3PxZ3j9oj3FzbtgcN_ys5J8FMdhTBAaN5V_YtAWpBH1kP527q_raw1wWdnIvLKQk9hsQJqdldZoKM6mZgyE5_lAWzLs1KN4xwD7Gbz3uQVoaIdIGGsW1iXhB6wJ7WeN9vD6kAJBiI9aHn_iJLmh-QPEWPdMntVipec4UXAACVXPX_QmOvFYxdVhSQp9tdmzpvAfVpQpsbrF29ro0olru0Aimv73wMp4UtIacGSu2T7rHfwkXJ05o9IDuUnjOC9oXMhxLvz_dBwjHeHt_B3BvBQ-XNSEQra0fD0MzJ3GBRqK1vUWRJQzaUmfZF5aE39az8qoRZBAYKFrAzqE8Y2IsEK6UhrJj4QuJ03l_skguhXuraLyH-IO6fnRqF5lZQgO81RIZKDvRlhNrcGJsM6yOotUXXTpVz9xjOtn1rMO1woO0up8kr16vlcRKp_TUh_VqDvV-AbY93ZYBUuvVUiLonGaOK7V3X7uqJGFsh0f27hy7CKYyjviPLo9eEs_oMsjh34cLEzDEPSZtgdqbv6_82ruVRA6S5wKWr6v3HluBVjJP7Q8iBJbLzFfl85ihIjj04hYZQmBUx0E0a646NVETdibYC7zcmdtGOUb045Nifb3A

IdentityServer Config : 

public static class IdentityServerConfig
{
    public static IEnumerable<ApiResource> GetApiResources()
    {
        return new List<ApiResource>
        {
                  new ApiResource("api1", "My API")
        };
    }

    public static IEnumerable<IdentityResource> GetIdentityResources()
    {
        return new List<IdentityResource>
    {
        new IdentityResources.OpenId(),
        new IdentityResources.Profile()
    };
    }

    public static IEnumerable<Client> GetClients()
    {
        return new List<Client>
        {
             new Client
            {
                   ClientId = "angular_spa",
                    ClientName = "Angular 4 Client",
                    AllowedGrantTypes = GrantTypes.Code,
                    RequirePkce = true,
                    RequireClientSecret = false,
                    AllowedScopes = new List<string> {"openid", "profile", "api1"},
                    RedirectUris = new List<string> {"http://localhost:4200/auth-callback", "http://localhost:4200/silent-refresh.html"},
                    PostLogoutRedirectUris = new List<string> {"http://localhost:4200/"},
                    AllowedCorsOrigins = new List<string> {"http://localhost:4200"},
                    AllowAccessTokensViaBrowser = true
            }
        };
    }
}

Angular Configurations : 

export function getClientSettings(): UserManagerSettings {
  return {
    authority: 'http://localhost:44380/',
    client_id: 'angular_spa',
    redirect_uri: 'http://localhost:4200/auth-callback',
    post_logout_redirect_uri: 'http://localhost:4200/',
    response_type: "code",
    scope: "openid profile api1",
    filterProtocolClaims: true,
    loadUserInfo: true
  };
}

Kindly let me know what could have gone wrong

Edit: What I've found so far is

  1. Even with another Angular oidc client angular-auth-oidc-client, I am stuck in the same error
  2. With JS client, (https://github.com/IdentityServer/IdentityServer4/tree/master/samples/Quickstarts/6_JavaScriptClient), it is working as expected. but since we have Angular as front end, I implemented the JS sample in Angular by including the required JS library and to my surprise, I am facing the same issue

  3. When I copied the URL and pasted in another browser, the call-back component is invoked. So it seems like there is something wrong in Header & Cookie. Here is the complete data of the request I took from Fiddler

    GET http://localhost:4200/call-back?code=7bc6c3d343067f2ede3ed86268e3622bb909cb8df5d75d2f223b335bd75b730c&scope=openid%20profile%20api1&state=86215491d41a4c3c83d52007edf372cd&session_state=ibjjr0YMpGp_UZ1ezmUMusoAIpht25ySKfq8hoCKHXQ.e7f8f959a82f09b830a9635911c0b9f3 HTTP/1.1

    Host: localhost:4200 Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36 Sec-Fetch-Mode: navigate Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Sec-Fetch-Site: none Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

    Cookie: .AspNetCore.Antiforgery.xkdte50z5pg=CfDJ8FAKJpEizERFtUzdjBClgcvmHhFjLJ4WDhku77bzpIxGI20-YRukepOXg6hGG4AUWzSGKXSWmy0Ie9tQFsXnWx0sUUlh0EAOij8y18d_96_-FVyCrPhtQ0JRtEXvhPXLxqum0sIJmwFD1116QRU-E5A; idsrv.external=chunks-2; idsrv.externalC1=CfDJ8FAKJpEizERFtUzdjBClgcvkhesBnoxqHY0OJtpFJrBLaBijCb1T5yLKQ6APxR0eu5fyn_vfdh5Xp9ttxF4vCwd0PFSJnuEMrqBjnECr2QVYHBFkGC67M6uo238PbjEP9Yo6HiCxRYuj6TbA9LjPQFikWTrz9dmo-8W2jWwbOoCInliwIrrvqrvtnpJ89JGlBv38DroF-EQYlf-Ut34JonFZ9MdSPibkMSx5jk-pVIND0iQziBAZF0uM8VYXBkZnRoCXX1QLiAac122PfxvfdTBlDbGob8fZ3LxTSeMLDxUtWsqjXbZkEt6yF_iQBWlaMhdFapnEsT-PZel1UblaLUKBl6iB9ruz3vIGoKtGTvA0gm0k2RWBqBD6aMsOjCrK_8Js_mW3G864tPidZ3cK3h5pAwlgz7spThU6u_dDr9O90T0xqSi1MIM1oJI4IZ4H9_FR2QPU5wqvLaTyWdM-Gdmlpkt4HdQYfzvnRufOQYkBU7jeumj0j9lLBS-mSw0P3-st8EHnDHdoR0e-JBSIZ_YkOb1BTcdzWoffC83umSsDfq3iHGQeeUyl5C3xYVsjb9ZWh_zVnisUQD7UPcO4lBWhyhgkhUorLBXUxft306BdZeIommcLGmB22u5x5uqVqoocFEQX73fFj22fYqbJXcOeJFMl9NUyUMS-BFA6F-n-5NxDGGyjtGsjdT7hOwVgAXd9wek-LElpEmWltIHFHf9C92qvuli0GqyCYM3UOFiHVUVcsKtTagr5SWwofTP8A-TNlAVFJYEduw1--eI0EPeCfveI2SpZn1U07yNtVP4Bjnltz_DhqJJFCFQvsnwgy7aiIFjHfBczWDiPWOE9hPZZQ4lluuI2hS435qn6uVrSXtyZF16S_hv3w2U0SawU6Mc8Qm7aaH8OpzA8a_U0jhrrtYuvvYnmPvmqrMw78GRMnrgqqCC3DQK1ghV56qUUHtU2HQPme2DyUztFYBjLLOO2VB1dMmbfFJVpJUbkj8EsXiXzsQ43fKO_JNmdcsyGjkVprwAvHVaMnaVWpXUUt3rS2feH5ZthiMCozYitq4W6dZkFeC6ZAbnzxwig6IUISraeGiV-02XbYyjz7nwMBFZionzmoz0z7MxJ72C49z_Rn0kBtOQKe0vQyIOqFizihJhqDdrnpxgCvrESo6EXefiS6D8zfNUnOT5w-vhQ7iMpRJ6f5rgVpg7T1IWljBA-wjUDB9Z5ihaUpsGrlQMZsrCSfUEpynNbEFZVUmr4dMpMSD3itPC4k2S4viB2lij7s6IHdJi96KNfe_lFm5VAP_URpKb12URyn0ozJZs4tVPnL-jvhXimDGxpd2W4VY9zdB-OiIoec4tjaTw4APJd-QdUykukW_W-lJ8nAW-8kDTDbzMMsFIFQ9MOGLF5ipMu1qlYwV5DRdfe6ClF1eiFfvFcffFon95v8KePeptjFzhXURrmN3orY0EX-0LTBpxtocqAT0ABT3aCcCHV0U9pziwCMY1mtlda62rVctIWpjBsKCRhb7Y8V2cwUDGILTmZQ2cUfJAOShATGsjVnmhFThyiFm6SQAB2dCFol2drISAkZBjPL3rE0Quv-yGeNVcz5-Hp6AtV3KQkdfntIVzjBbZxaAanz4iP-bVHmmnml7fLMWyvundtTuVm75wv_OXtzDGpWWkSAvAddUpYnuPdtqSoGZTgCtEbmBpf0Yx-JdOaB3yEi9zD-_BjdfdS7IFOjbDv55ti5AKs2GIwsW6mWO-5ScxBOebccC5ICxhoegyDdVtwQTdS2nHfA1FU8qdsWaFd2Waou9muvf9IqdnMcn7-bKECkcESaf6y0kvW3_OwyRamAu4fHbRVSgeU1F6nJDbh_9Wt1fWnDxN6hnhveEk_W2ggSWxy0hFxruIo5-Bg8cGSKtX419y1zeM2UlMZ83xrEbAbcuuTfkv_UFe_xjTreOLGUXyw5tKCxHI824hdAKXmbdBdO7rnw1GqrXttz2_6qnnxk3rHNOcwBRAypAq3ZfLYNqflcIFHbI6B48uXu772Xy1xAyTeXJ6Xc9riAs9O82dRKj9wn1dMeeF6UKwpKwZaEaHiEzBgwMeWmoPasX9Dvg0drLajEgxg1qL7PLCwz0hHK9m4t7j8vC_w-Wnumq5VUuhEKz-DcoquVZ_bC5o-yE70gOdxyU_Nx3W3Xz44Ni5WzkgO0ELEj8Gnw9WUuby55kNN5cGEcLX8-SCwWM21ooL_WS53wE2suEZDRmpb7K8DtVo7TbaD2zBnmiM8hoC-DIeVCb_qWlfdYVo9o35IogY7HFYYfKdsz4SPGKlIz-ptHdaCnSBTpTdtWrZomCwYq8iVT2dLWLeg10Ly7odj_SZmv9Hzral6WVATATi-FBSKs40wf64IY1QhjyC0xn1mfUZeGUQLAVlOT2AJ8gg7G5OG75do3jsklnhcvArIdwvuGWhrEHLJEHoypGfqNewU1rZixuxxqbFuoIro9DabF88HGXZMAHm4hOfNGBhNhuzKZ0dvxzHCLI-ysEutGgziIJzefizo6RxEam-mMEEuWaE9dfrMirL2-jeiWqWHhsfu57VPoSC4gdZH-BM700nbdW2cRCa0JpzUmk6tbJYoKWaP9M_EgZA-GaWk7DRM5-HA7TgTEeWOJid6EHUr4_ib9aMRGCul0MnTamb8DChq_2mPLv1FRIDTwe4dJT53lJXvJNIJgQDQAQ66ovMFLoyKvuBAKa3ApLmadojoA--USVFURPegzbtFkw8G3yjTutzEju0ln6rVNXyGxg3UHZ8fMJrIyfXcYaMeLG0PuhX_j5yC3QNH9vGFpkQj4JnkQP8npsq_AruH0btyIqo9DS25eF_hpaKKXgUcZoGGgHG-jtjmf-DPuHiYRgo28V_u3omeD3rGsRPskczbSrwYkHMP5ajAVze3-Zt9XOw46xi_mCxhLzc6-7dUWk8gviCZ-f2XmapJpuii4ZPrI_3vEoMDwdZ_BSuDRpuLIcvQfJ8mUlQWJ5l-f20_B8nRm2olzIKVIwPkMdf0L91Z2cNhYwYsvOFO87QaGrqCvW0EmKto69RFHHTNqOQv-gcvNHlxyj_JD3TLya5BYJj6e4ZnLTEiakVWXjfwwfS41naQ70HPlMgbv4LhMtlJekC50uUse16Nqd7EqHWaLvMUhXz0Twy1tp8UZOgbXiJlY3SnfNZXlADU40ACNX9ZM632WMLp_mGD9dpfXAOzqS1kJEYBWDrphsnFhz-3VImvXTowq5xl3cgTjavjaht19x88ACNQqu5QDtmeEYYYZu7aI7F__Ne6DP6cJ_mICZLTOB2tEhJCUPcWaM-yBS3k1hqqfbD-s3OFofPSO1nqwEdm49k_tBmP67DzsAv00Vh8cch_qY6BPRRQ_W-KPhz0HPnq6Z_PAGDvY2BJsLb7ZE3uT1NFAZ6igkBrWMKJYCXZt6vpbZtRl9Qp5K2x2N5V3ChOe1Qpwb40FjU4_UhbkBbiqr5N2R_RfGS8JH5hDDn09LEZojC6YHq_YCc0B8QwlFfiThYCE1QvHpAUJ-Yk1HDVJ2tNW_y04CXwMheBCMB90c2SmyLY6w59G8vKOLk-CHrn7dfL6uaECsNcdieFB_pb3N66tjGd38-dS3DCULT7xZMAxhdZoBgrmehUX2F3dvP6t9snKXc8QrUUkeogFzOpVOCdJKUMwsZLgJjXMfq_psFc3gtbQEGi_n7nH-kHkigntSgaieblXuVzqV0UGCJr3pcEsCt5I2kWGZmUiUhEOLLBApK2vvDl8WgOkGmyIQmVEUa-UDp5XoJeZ8n-8ZVlPbFUg4CFuvCBserjD1b-WTOYgam1ufRRImo0OlsAVDNkZBsc-3SJ-jMhwhukhnE4AycHlB3o5inVRUWvjWckrTetL3d5ivj6rwI6sLQEZXnpBIwDZDTbMnCNFuaMaPT3q1l1MxSRncvF4xolSQraCjjAdpLVtfNM1bBC_1c_3a0z97OlhDFOM9sppnCqWIXdwcNKdj1B4dVdMUescRrVgy; idsrv.externalC2=itwDrb9gl1M-n3C7g2jDsd14QExwuobv7FJ8mLc6vQnIOKN1p8E33i6TG-Q86TURuAZoZFddajjj55UpDN6Nw0gGHaSYfFMc6OGT5gpLw7ifukx-SAnO-iethScz1RHRZARj-B0yXI492eeATJk12pIeY4_8NLD-8W2Xu9Pr60USBY21IANvV5mBdsYjiwciVNnyMADN2fI01dR3y7ukwHhQwfAdtly1PhZenbJ6AY0XpHkz3F5_5hIXZhpMX-0B-PPTpYFk38BO1R74HeQEV1L7K2q2tNGnSGoffYCPDNroOyYiyoELUHkcmaClg6sjXtKmqELaGyc2egXkeQQWX7uzpcLUw41DoidS2UnMVrJNUje4BFuOPOhQZdN9j3rxaD6ByZfMdhEotK1uvaa8F4e4rfGqTU5v-s9LB9u74Q8rLqZMGI0aKME3z4ocQ6xq8k3RLYHQ6jWoZRs_qDtl0TTY8odi83S5qNrW9j2BIV0418jJYNr1GHYT1FTKxuoYk-nib9Lw6-JuOybddLQXd5bvZQwVkoT5SM071yRIsFZ8W2cqiBCCRGUIGVDuVCw96cQ_07y2WsE2rew2i24fkXSv0Kf1VGSyT3Fhbbewa9sLL6uomo5v6QGn86nSTdP7m9pr3XTUrGWzgYMLBHjDu2vvpJBCuScK2uJqmo47rffaXLPcDAfnos_NY0QdfqQnBoC90I1K2FH0WC9xKmN-u9WjJrbxi9UCjBIljJNCgOW_RqdJo-M4_Q3CA3w6h6AQD0mRO_6D4Ih8hR62PJWBkcoYv9eSOpmNucNy8qUy_L0F_0js0szihJUZRlOyDzoAToS9KoR2xbPh9cZ1esU0A2ZELE0WchwxhqayilmRxwf-YW5iJCwvkXZPjp6W9FcSclYjODsQLaeK91Q3c8iQadoxxpaChmBFZlrQQvwuxdfq_M169ll96wR948rE4hhz3qu4CblYtaXMjY24PStOX0YIxElH2x1w2FOYfGEUaBX-NG9bPqj7eJCTXilExPoYuZea1E42w12zHGech6AXNGWDZ5Uc8IexlMQbxvueq3rJBCd0pG8IsxyOg_ZMDmeI3CjJ9zhQCU1uWnTYKPpW7urxpx84oQIBgnbbIQpHUrFmWHwwXMXxJGG1dVdUmg1cSCuFKoVJb0uufsgm5M76NpkUUOS9nENV-1SrXeL-sQ8YlIn7KgFOtMIRpAQzG9BK3IgFEAehRoIL52A_CsYUcEEi6a7Q5SpLFVxxGCu9bt3VarAgQi61CuoQq5s2B77A30zGKf7eCFDbX4h2oak_B9LWCISL04MOyptLthiyDwSDymBNCWHLkBKbGjAUcsfnI_u_9-K-O-T-qU9Rc8WixJMtj3rjA81hedFS9cxMaQ3yqN2RMqXxvxcnnLbWhd-8kgQI5EgL5Pd4evNHg99dJpiNb-HdaICRR_sL-HMTDwuLNxkpCIXlt2iKh5f0AYvyO7-ACzXAmOs-Xj9GVCzszubsk4rZLvVI6epq2sW95UvMtLlXBc6GKYVmwc0RQ1D5yDcUaB7ktmExSQJCC0HyrQZlPD15sjysuaIjgoQ2eyiirYu9uLJEt609N-Aqeuz9ZThGL080viiBF0FoiqL7twNAIAue7rEnCf1sTxkT5aL7O17V71pLzd6s_DJe-JjC7zKa5ePGmubnPoiRUq1WUNbe25BLQJvN_TXx5_2OWfzX7yC8nnCe_icrNO1W_boKRaJJ9EOVa8iHJIRo1QxSGsbYMHV-Fghng-7klfIZWcsuMgx_YJEmTS7clsFKG4kjVEjxQ9VOcVzjjtx4sfuelkEuqdr7cMwbJneRwoiLsIGVPMxSZphdgHb_mn3Hm6Nbb07EibbRIl-Y96fPZCqDGhq1R6DONprDwXJ305kvEspHeQayWiwXOoGg6XQJNtMf9aBrPc3ocQWvTjoRQj6GmpqyEXODhVYuePHiEmqh8XAVdLuIEFra6INZYmev4h8eWMKX3cle2WivccXEe3e5X175Vg1Yi23uw7lOu5o0_-G68; idsrv.session=5d538478b846f725df5730950f1b193e; .AspNetCore.Identity.Application=CfDJ8FAKJpEizERFtUzdjBClgcuzBhZapY0SD1xUXzkYKZkMtNPoKqAHaazwGG1emedx9wANpFRdcXHJZP1p0U16AtdNF1znCOUH5klPydD7Z3Vj0XCcP5mhEu-2wSORtyoXwrHqJ7Wc_Ev_YlRxZ9dJnfhv_6riIa0Zcpgh7tkRCPGHQH4uSu_1ry7rD5ap94dhITHG8l2BGNSr8WjvafnkKbjsYXtW3Aksz1KT9pK8lkqwCDS9anbBckbhnpm9aWsnxm21uDdTAB1f7gOM6HUA3DCSBbNng0STe46j4A107hbKAvyColOMu4I8GJp4wQFBMTaWzwSrPnDSzFxJD4ORR7H-8GuqGkx3hT4cfu-InVlYIWHNHeSardTZU-z0LyGSBJvmRA0pLyy2Ejr1lbAdxSfMrwCjcwkXThUfi_YHycw1mL8NKlVieUKbQ5hXuG-oB9cRCO-5Hu-m4mXQ64EXIrbC5hxfHkk0QY9Gfxf2uELCvXqs8HOGna_ENR6aZF7XVdfl-xeRW3CXd_szV7K-ezgdv-3JeOo0x43iJ_voHQt-INoXjkP_5Vy1PJLjxzdiqwrX6xjn7fifbXotMe8Y-EyFdeyu8DWAm6zqYKvq3jy9wM7sLclqRV9KUN7T8H2YsiFLhrERi_16MM_i_rLpJja2ElVPcbWRAUUWEuwion8HSlrwenmiQ8L3FwMKz5ikEcnsY80O8rFYnSa3CV3cs3zQbABzSWkEKqOWAuDLCK2qdg_BaLWoiTg9XB7TjKhq1JtZJpx6oX-QuK_YGwuGQuMISELOMWNNO3mTJvvgkmFOZlkJ2O5F7HO0Dwm8XBjcAy3OdFLWia4nhOJRDcVpBESO1tSuff_BHhP1TIWKvNPEU-tOOWi6NTjLUNSKxStvjxe57oJO6qKJEfjNdePypL4uOx-Oak6jgPtbGKqLAyfarF0pflvQzXWViHs_u9U3F-rHEnTK26BgLl-MusTEyVakEvBU7kvEmPUknsxVVpimQSPg-HtpCmJTNX7KhsWQC6VLYbyEW82Z7DSPmQ9v6vP0D3E-t5SeoLC4-6l_bMSGYucRKukC07cy1BxwUlwvOWOg49Dp3AaCOnJGPZkw-LAW9-SEp7FSaeWyw8IYEJV1itTnPpJF7RAj6xbo_hQPmUWqBErWrN4oZbQ4sGxr6vs5fR-5vnKnW7x2eTSalY5u74fc3VSmOO-Bm5fYueSZ2aJvw6GLXCiPoj_Qqx6zO92mbsaAwq2BBWbQH5ASJ-QkLfHYlTYGjze1Hqy-0uaX5RY7xD93C4n064lbLLcVZXfyB_P1Op6GDE1azeIX6Zwg8L9MfBlcDiSGzMniDjGWqkFCWu-Jt5qYQApuNVrqLTXHRRc8zOroxaCj9egy2zoHbBNo2-8cMvIKx_hfNhdm1kbB_lee8HCRibID3wIpdnO3YHHstznx9qVTcwLqZo1tIXMxlyFxdpHnwMhPsbLn42gcFrc2YiISu99How2P0sCH3HQ3owjbLffvV1UtB7fouwryZUHIo_QkhjucGvf22DKkb-oakiO22BIIgpJntGmi9eRn2vm2MgJo5LgZ9NX4L687XqQt_iayXmhikzr3qSyZ7BfTMF3US5oUYeDfP1yz76eVX5nelXa4NFaf2FX_5LW5GkADOYMuRbcWwkhqnCMSiHUp39AGQC9PGFRaClQUISQKwfWGlByNrRXfudXEf6LXfT_qTDouHNu1qWcGe4yQ0tVV6uBOr77b78_xs3mcjmcNPN6-4cES_rYhDiaSdwKRUbBu_eUJTL90aYUdLaDWrPGjoD67lVKdnas3Nxf-4bi1JeT0XfYdNHPhkxNlIsQvu9ovtlggaKxKUup9PQ0CH-krXbct4C6NXxnA5Ytd9rIbCHxu9ztdob6yhBRmo9qy4h7qRIxfxfMeY_nUB0HGf9lCtet1CFS8mxbkMC6h_lqLBHbtcxmliYlNBbDIS7YjDUXEFJt0axEHTfToxqOqtJth_mqPrbJGru-LUmsNn7A3n7GaVDQ0fEB7r92Wqjt1DqwNlKsgBiWzFxHPOif5DABGnOZ6EyNjDbVF_CO7HnpfRt57qGc2262LMKjSJB05kwPlufHXYHBmO1hIlTikYJ_jsqc4QYppffclkK2U2fWgv9xnnmTVlmjNNxJSIw565MXf8lnCeZuMyZTVbyndpnaSiQ-4zTTv1jb-3rcC5BEE1M6J4c4n4lO1R7XivZvHifZagMGa3T-EEVapMY7rDSGGU7fUeqdzHSe0nhc7QNBrZ8C3LfGlz5eYVYvm1oRLASXdhUOPGgU9shk_iEqYlzdTVo5ely5_O5cUBJ3JiLhxDJOWdWPsoLsVjmRo6PCqqXwm32XVI7DS_MbpJBZyrKOm2YXwpMnC8WFRC26VttbpNHVXIJ28AZyVvXD2t7js8EMN0GXQrtCD05hRKrDXQtquyer_Xrw9j_FkLqb9-X78bLQ7pjRx2SHGns3LiiRoPVd7TUiPgCJ46LgeDcHiRwMlyfTyzobtGXJa6qofQerRRoiKz_29jnStY9wDmZjpTVi63fB23TBJYvfFO6RPOs0b8CCJIyTMqja6ZFLVBXx0ZY0xd8b4W-szLt4n_j2MxqwzpljN8Xc5N2FZlNyFAdXWk6T31a_sI6_I-enWIeO3BjlExvuDQC-Tt9wR8PJlLThRvT_qxJbQpe3xsQ

    HTTP/1.1 400 Bad Request Connection: close

This is what I see in the browser

enter image description here

4
angularsingle-page-applicationidentityserver4aspnetboilerplateoidc-client
Check the error in Logs.txt.aaron
@aaron The logs(src/Logs/Logs.txt) found in aspboilerplate does not give any clue on why this error occursGopi
The most common causes with this error are either 'Request Too Long' or redirect_uri_mismatch. Could you please mention more details regarding error you are getting. Also are you using any Kubernetes setup for deployment?Aparna Gadgil
If you exactly followed those articles, try to contact them via twitter or provided contact methods. Most of the authors will respond to questions.Sagar V
can you put your code sample on github and provide repo link where it can be reproducedjitender

4 Answers

6
votes

As you already find out the exact problem is of header limit and solve it by limiting cookie size but limiting cookie size may not be a solution everytime.Main reason behind why angular doesn't accept large header data is bcs angular use node serve webpack-dev-server and there is limit on header size in node js you can find related issue bellow

ng serve fails to serve pages when large cookies are present

400 Bad request due to Node limiting header size to 8kB

Update npm run to fix hpe_header_overflow in recent nodejs versions

Make HTTP_MAX_HEADER_SIZE configurable

So instead of using ng serve using command

node --max-http-header-size=16385 ./node_modules/@angular/cli/bin/ng serve

should be the solution to your problem

3
votes

For some reason Angular do not accept that much data(Cookie) as part of Header. Though this works with JS client, I am not sure why this happens with Angular.

During initial phase of development, for some reason, I have commented out the following lines in Account/ExternalController.cs of IdentityServer

// delete temporary cookie used during external authentication
await HttpContext.SignOutAsync(IdentityServer4.IdentityServerConstants.ExternalCookieAuthenticationScheme);

When this line is commented out, there will be additional Cookie that will be posted to Angular during the call back.

Uncommented the above line will delete the temporary Cookie and there will be less header data during the call back and it invokes the respective Angular call back component and sets the bearer token.

Clarifications Required

  1. If someone can share why Angular isn't accepting large header data while it works perfectly with JS client.
  2. Though Angular says Bad request, I was not able to find from where(which layer in Angular) this error occur is thrown. I did not even see a single line of error from which I could get some hint on reason for the error(large header data)

If some expert could share their experience on the above couple of points, it will be really helpful to understand how Angular works.

If for any reason, you cannot limit the header size, then increase the node's --max-http-header-size. Kindly refer https://stackoverflow.com/a/57667786/2922388 on how to do it.

1
votes

Just try with few fixes. First - RedirectUris seems suspicious, since it contains more than one value, - according to the http://docs.identityserver.io/en/latest/topics/clients.html - declaring this as a List<string> could be the source of the issues.

Next, following the example of server side config https://github.com/IdentityServer/IdentityServer4.Demo/blob/master/src/IdentityServer4Demo/Config.cs 

    new Client
    {
       ...
        RequireClientSecret = false,
        RequireConsent = false,

        AllowedGrantTypes = GrantTypes.Code,
        AllowedScopes = { "openid", "profile", "email", "api" },

        AllowOfflineAccess = true,
        RefreshTokenUsage = TokenUsage.ReUse

    }

Let's assume that AllowedScopes should include mandatory email scope, then GetIdentityResources() needs last fix: 

    public static IEnumerable<IdentityResource> GetIdentityResources()
    {
        return new List<IdentityResource>
        {
            new IdentityResources.OpenId(),
            new IdentityResources.Profile(),
            new IdentityResources.Email(),
        };
    }

Since SPA code is out of scope here, for proper flow implementation please follow the examples:

https://github.com/IdentityServer/IdentityServer4.Demo/,

1
votes

Perhaps you mixed something up in routes or redirect_url configuration?

Based on configuration of the client and server you posted, redirect_url should be:

http://localhost:4200/auth-callback`

Yet, in the screenshot path is /call-back, not /auth-callback.

I would check if configurations (client and server) and Angular router all have same path /auth-callback configured.