0

When I setup an ASP.Net Core MVC application, and add in the AspNetCore Authentication libraries, it handles the handshakes for OAuth 2 and OIDC's Code Authentication Flow.

However, I need to configure my Identity Provider with the callback URL to send the code to my application.

Assuming my Application is hosted at https://example.com/myapp/home what would be the callback URL that I should say my application is expecting the IDP to call?

Vaccano
  • 78,325
  • 149
  • 468
  • 850
  • After a user successfully authorizes an application, the authorization server will redirect the user back to the application. Because the redirect URL will contain sensitive information, it is critical that the service doesn’t redirect the user to arbitrary locations. The best way to ensure the user will only be redirected to appropriate locations is to require the developer to register one or more redirect URLs when they create the application. In these sections we will cover how to handle redirect URLs for mobile applications, how to validate redirect URLs, and how to handle errors. – Brando Zhang Jan 19 '22 at 02:44

1 Answers1

2

The default callback URL for AddOpenIdConnect in ASP.NET core is

/signin-oidc

In your case (Depending on your configuration) it could be:

https://example.com/signing-oidc

You can if necessary, customize the URL that the handler is looking for using the CallbackPath property.

What happens when it is called is the following:

enter image description here

Tore Nestenius
  • 16,431
  • 5
  • 30
  • 40