1

I'm developing a c# windows forms app that needs to authenticate using the Implicit Flow (The client does not accept another flow). As requirement, I need to open the default system browser to authenticate (so no embedded web view on the application)

I'm trying to use the OidcClient C# and the Samples but I can't get it to work.

The closest I got was using the ConsoleSystemBrowser. But using the code below I get always an UnknownError with empty response.

I can see in the browser the id_token: http://127.0.0.1:54423/auth/signin-oidc#id_token=XXX. How can I read it?

        var browser = new SystemBrowser();
        var redirectUri = string.Format($"http://127.0.0.1:{browser.Port}/auth/signin-oidc");

        var options = new OidcClientOptions
        {
            Authority = "https://demo.identityserver.io",
            ClientId = "implicit",
            Scope = "openid profile api",
            RedirectUri = redirectUri,
            Browser = browser
        };

        var client = new OidcClient(options);
        var state = await client.PrepareLoginAsync(new Dictionary<string, string>()
        {
            { OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.IdTokenToken}
        });

        var browserOption = new BrowserOptions(state.StartUrl, redirectUri)
        {
            Timeout = TimeSpan.FromSeconds(300),
            DisplayMode = DisplayMode.Hidden,
            ResponseMode = OidcClientOptions.AuthorizeResponseMode.Redirect
        };

        var result = await browser.InvokeAsync(browserOption, default);

        result.ResultType => BrowserResultType.UnknownError
António
  • 975
  • 1
  • 12
  • 31

1 Answers1

0

Your application should register a private URL scheme with the networking component of the OS. Then, URLs of the form "x-my-app://xxx" will be forwarded to your application. (And you register the URL with the OAuth IdP so it works as a redirect URL.)

For Windows, it appears that Microsoft calls this "Pluggable Protocols". See

A source of code examples for this pattern might be from the github desktop application--it is open source and registers its own scheme with Windows.

It registers the private scheme x-github-client You can see how it's done in the source also see here

Larry K
  • 47,808
  • 15
  • 87
  • 140