I'm using Duende IdentityServer with RestApi as back-end and I'm using Vercel to test the front-end but can't login to the IdentityServer with vercel because of the redirectUrl of vercel is not allowed.
I did see some information about it in other questions but it is from few years back and not really covering the issue, I wonder if someone manage to implement a solution for that in identityserver and can share the information and code.
I know wildcard redirect URLs are bad because of security reasons but this is just for develop environment and not going to be part of release.
I'm just starting to get into Asp .Net and any help will be appreciate!
CodePudding user response:
One option is to use the AddAppAuthRedirectUriValidator
extension method which:
Adds a an “AppAuth” (OAuth 2.0 for Native Apps) compliant redirect URI validator (does strict validation but also allows http://127.0.0.1 with random port).
builder.Services.AddIdentityServer()
.AddApiAuthorization<ApplicationUser, ApplicationDbContext>()
.AddAppAuthRedirectUriValidator();
If this is still not enough, you can register your own redirect URI validator using the AddRedirectUriValidator
extension method:
builder.Services.AddIdentityServer()
.AddApiAuthorization<ApplicationUser, ApplicationDbContext>()
.AddRedirectUriValidator<MyRedirectUriValidator>();
MyRedirectUriValidator.cs:
// allows arbitrary redirect URIs - only for demo purposes. NEVER USE IN PRODUCTION
public class MyRedirectUriValidator : IRedirectUriValidator
{
public Task<bool> IsPostLogoutRedirectUriValidAsync(string requestedUri, Duende.IdentityServer.Models.Client client)
{
return Task.FromResult(true);
}
public Task<bool> IsRedirectUriValidAsync(string requestedUri, Duende.IdentityServer.Models.Client client)
{
return Task.FromResult(true);
}
}