I'm currently working on an Openiddict setup in an ASP.NET Core application and encountering an issue related to a self-signed certificate. After login and trying to redirect, I'm getting the following error:
This is the error I am getting in the next js application I am getting the following error after login and trying to redirect.
error: {
message: 'self-signed certificate',
stack: 'Error: self-signed certificate\n' +
' at TLSSocket.onConnectSecure (node:_tls_wrap:1659:34)\n' +
' at TLSSocket.emit (node:events:514:28)\n' +
' at TLSSocket._finishInit (node:_tls_wrap:1070:8)\n' +
' at ssl.onhandshakedone (node:_tls_wrap:856:12)\n' +
' at TLSWrap.callbackTrampoline (node:internal/async_hooks:130:17)',
name: 'Error'
},
providerId: 'spa-app',
message: 'self-signed certificate'
Next-Auth configuration:
import type { NextAuthOptions } from "next-auth";
export const options: NextAuthOptions = {
providers: [
{
id: "chirp-spa",
name: "Chirp SPA cient",
type: "oauth",
wellKnown:"https://localhost:7277/.well-known/openid-configuration",
async profile(profile, tokens) {
return {
id: profile.sub,
email: profile.email,
}
},
clientId: process.env.IDENTITY_ID,
clientSecret: process.env.IDENTITY_SECRET,
}
],
}
Openiddict configuration:
services.AddOpenIddict()
.AddCore(options =>
{
options.UseEntityFrameworkCore()
.UseDbContext<ApplicationDbContext>();
})
.AddServer(options =>
{
// Enable the authorization, logout, token and userinfo endpoints.
options.SetAuthorizationEndpointUris("connect/authorize")
.SetLogoutEndpointUris("connect/logout")
.SetTokenEndpointUris("connect/token")
.SetUserinfoEndpointUris("connect/userinfo");
// Mark the "email", "profile" and "roles" scopes as supported scopes.
options.RegisterScopes(Scopes.Email, Scopes.Profile, Scopes.Roles);
// Note: this sample only uses the authorization code flow but you can enable
// the other flows if you need to support implicit, password or client credentials.
// Enable the flows you want to support.
options.AllowAuthorizationCodeFlow()
.AllowImplicitFlow(); // Only enable the implicit flow if you need it.
options.AddDevelopmentEncryptionCertificate()
.AddDevelopmentSigningCertificate();
// Enable the redirection endpoint.
options.UseAspNetCore()
.EnableAuthorizationEndpointPassthrough()
.EnableTokenEndpointPassthrough()
.EnableUserinfoEndpointPassthrough();
})
.AddValidation(options =>
{
options.UseLocalServer();
// Register the ASP.NET Core host.
options.UseAspNetCore();
});
I am not sure what might be the solution to this problem. The problem seems it may be due to the developer sign the certificate. Can someone please help me understand what might be causing this issue and how to resolve it?
Your issue is unrelated to OpenIddict or its signing/encryption credentials configuration (that are only used for protecting tokens). It's a classical HTTPS/TLS issue: your client simply doesn't trust the self-signed certificate you used for your ASP.NET Core app.