Error : System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://securetoken.google.com

Question

I'm developing a .Net api (netcoreapp3.1) and I'm using IONOS for hosting (.net Framework 4.x) .

Users connect to my frontend app based on firebase authentication mecanism and I send the JWT token to my api to validate the token in order to access ressources (routes) .
Token validation is working perfectly localy . But after I publish my api on IONOS, I'am getting this exception.

System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://securetoken.google.com/XXXXXXXX/.well-known/openid-configuration'.
 ---> System.IO.IOException: IDX20804: Unable to retrieve document from: 'https://securetoken.google.com/XXXXXXXX/.well-known/openid-configuration'.
 ---> System.Net.Http.HttpRequestException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
 ---> System.Net.Sockets.SocketException (10060): A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
   at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean allowHttp2, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.DiagnosticsHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
   at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
   at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
   at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
   at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
   at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync()
   at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext)
   at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)
   at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

More informations :

1. I activated IdentityModelEventSource.ShowPII = true; in my api to get more information about the exception

2. I verified that all my config is with 'https' for token validation

3. API startup code :

       string firebaseCredentialPath = $"firebaseCredential.{Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT")}.json";
       FirebaseApp.Create(new AppOptions()
       {
           Credential = GoogleCredential.FromFile(firebaseCredentialPath)
       });
       string firebaseAppId = Configuration["Firebase:FirebaseAppId"];
       string firebaseAuthorityUrl = string.Format(Configuration["Firebase:FirebaseAuthorityUrl"], firebaseAppId);          
       services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(options =>
       {
           options.Authority = firebaseAuthorityUrl;
           options.TokenValidationParameters = new TokenValidationParameters
           {
               ValidIssuer = firebaseAuthorityUrl,
               ValidAudience = firebaseAppId,
               ValidateIssuer = true,
               ValidateAudience = true,
               ValidateLifetime = true,
           };
       });
   

4. My appsetings config

   "Firebase": { "FirebaseAuthorityUrl": "https://securetoken.google.com/{0}", "FirebaseAppId": "XXXXXXXX" }

Thank you in advanced.

Answer 1

I had the same problem, I need to implement this configuration in Ocelot Microservice.

Is possible you have used this guide: https://dominique-k.medium.com/using-firebase-jwt-tokens-in-asp-net-core-net-5-834c43d4aa00

But I noticed my problem was in the https://securetoken.google.com/FIREBASE-APP-ID section, I figure out that I need to take the projectId instead the appId you can find in the Project Configuration and works fine:

I have realized thanks to this guide

Answer 2

It was a redirection issue on startup class method configure => app.UseHttpsRedirection(); . I change this line with this solution : Cannot redirect Ionos microsoft hosted website to https automatically

It was a specific configuration for IONOS hosting to redirect http requests to https .