2

I was trying to get the ITfoxtec.Identity.BlazorWebAssembly.OpenidConnect module to work. The sample compiles but does not work because the metadata request is resected due to a CORS violation. I was using the samples provided. the server metadata seems good but the client gets rejected.

Anders Revsgaard
  • 3,636
  • 1
  • 9
  • 25
Robert Ginsburg
  • 149
  • 1
  • 4
  • try to add the proper CORS configuration? – Tore Nestenius Feb 05 '21 at 08:00
  • All the discovery operations appear to be internal to the OidcDiscoveryHandlerBase, so how would I accomplish that ? – Robert Ginsburg Feb 05 '21 at 10:38
  • You configure CORS on the API that your client tries to contact. – Tore Nestenius Feb 05 '21 at 11:06
  • That part I have handled, what is failing is the download of the OIDC metadata, in the sample app , as published with no changes. – Robert Ginsburg Feb 05 '21 at 12:53
  • what OIDC server do you use? if you use a tool like Fiddler, what does the request to the metadata look like? and exactly what error do you get? – Tore Nestenius Feb 05 '21 at 13:07
  • I downloaded the project from github, set the blazor sample as the start project , ran it. No changes to the system. App started, I click login and this is the chrome error console of chrome.Access to fetch at 'https://foxids.com/test-corp/-/blazorweba_oidcpkce_sample(login)/.well-known/openid-configuration' from origin 'https://localhost:5001' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled. – Robert Ginsburg Feb 05 '21 at 13:25
  • I guess you need to add proper CORS headers on the server side. see https://github.com/ITfoxtec/FoxIDs/blob/acee53e0af76ced54f75dac0213347bb3584d778/src/FoxIDs.Control/Startup.cs – Tore Nestenius Feb 05 '21 at 13:31
  • Its the sample IDP included in your default configuration, can anyone update that IDP ? – Robert Ginsburg Feb 05 '21 at 13:44
  • I decided to give it a try against the system I want to, instead of the test. I got a similar error but it turns out the error was misleading. The actual problem with it is the calculation of the configuration url. I am using AWS Cognito and the configuration end point is not off the uri authority, it has a tenant in the query path. I marked that up and that seems to be working. If I get it all plumbed together I will send any notes i have. – Robert Ginsburg Feb 06 '21 at 16:15

1 Answers1

1

The OIDC/Identity Server you are using need to accept calls from the domain on which the Blazor client application is hosted. The OIDC code insight the Blazor client calls both the OIDC Discovery endpoint and Token endpoint on the OIDC/Identity Server. These calls need to be enabled by the CORS configuration.

You should be able to run the sample locally and login using a FoxIDs test user. Thereby, you should be able to see the authentication flow.

Anders Revsgaard
  • 3,636
  • 1
  • 9
  • 25