I may not properly understand how to properly implement IdentityServer4 with Xamarin.Auth.
Basically I'm using Xamarin.Auth for multiple cases
- logging in with OAuth2 Vendors (MS/Google/FB)
- logging in with self implemented OAuth2 (not used yet)
Speaking of case 1, I after committing login from the mobile app to Google/MS/FB I decide what to do further : go to the app's main page or register the user, by register storing the email as username and userId (the one that comes from the vendor) as password.
I've implemented IdentityServer4 with AspNetIdentity
From what I've read I need to implement Hybrid Authentication, but the issue here is that it features the need to use a WebView, in case 1 it isn't required anymore. So basically I think I need to use Authorization Flow but trying to do any of them failed.
https://localhost:44348/connect/authorize?
client_id=XamClient&
client_secret=secret&response_type=code+id_token&
scope=openid&
redirect_uri=https%3A%2F%2Flocalhost%3A44348%2Fxamarincallback&
nonce=7a8ff1c107e345a8b055a8232ec15545&
code_challenge=8Kk9RQ8NX6w3YzL0eU7AWQurWnikb9NS9bVwa5lxhhE&
code_challenge_method=S256&state=d3a7b6a511da413395b2552fb194af2f
My issue here is that most of the examples feature an MVC view that gets this this url as redirectURL and then after the client commits a POST with his username and password then I'll get the AuthorizationCode, RefreshToken and IdentityToken.
I am really uncertain how to properly commit authentication in my case, what to use ?
I can only use - Implicit - Authorization Code - this is the only reasonable option for my first scenario ? - Hybrid mode - tried all day to implement this realizing It's not possible ..
Anyways, after looking at the logs I've seen a sudden dubious redirect to the Account controller (asp login controller)
{
"name": "Microsoft.ApplicationInsights.Dev.Request",
"time": "2017-09-12T11:26:56.5388249Z",
"tags": {
"ai.location.ip": "127.0.0.1",
"ai.internal.nodeName": "EDWARD",
"ai.operation.id": "152eb716-4ff8951dec6a1ed1",
"ai.internal.sdkVersion": "aspnet5c:2.1.1",
"ai.application.ver": "1.0.0.0",
"ai.operation.name": "GET /connect/authorize",
"ai.cloud.roleInstance": "EDWARD"
},
"data": {
"baseType": "RequestData",
"baseData": {
"ver": 2,
"id": "|152eb716-4ff8951dec6a1ed1.",
"name": "GET /connect/authorize",
"duration": "00:00:00.1530713",
"success": true,
"responseCode": "302",
"url": "https://localhost:44348/connect/authorize?client_id=AnonymousCheckerClient&client_secret=secret&response_type=code+id_token&scope=openid&redirect_uri=https:%2F%2Flocalhost:44348%2Fxamarincallback&nonce=af1427d39dc2463697047a834169fdcf&code_challenge=UUi0a9cfhrcGvzddV9eh0Lc8cdr5WE-ZwSzwbY7ReNQ&code_challenge_method=S256&state=aafde38b65044c35b83a1fcb8771de2e",
"properties": {
"httpMethod": "GET",
"AspNetCoreEnvironment": "Development",
"DeveloperMode": "true"
}
}
}
},
{
"name": "Microsoft.ApplicationInsights.Dev.Message",
"time": "2017-09-12T11:26:56.6993438Z",
"tags": {
"ai.location.ip": "127.0.0.1",
"ai.operation.parentId": "|152eb717-4ff8951dec6a1ed1.",
"ai.internal.nodeName": "EDWARD",
"ai.operation.id": "152eb717-4ff8951dec6a1ed1",
"ai.internal.sdkVersion": "aspnet5c:2.1.1",
"ai.application.ver": "1.0.0.0",
"ai.operation.name": "GET /account/login",
"ai.cloud.roleInstance": "EDWARD"
},
"data": {
"baseType": "MessageData",
"baseData": {
"ver": 2,
"message": "Request starting HTTP/1.1 GET http://localhost:44348/account/login?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3DAnonymousCheckerClient%26client_secret%3Dsecret%26response_type%3Dcode%2520id_token%26scope%3Dopenid%26redirect_uri%3Dhttps%253A%252F%252Flocalhost%253A44348%252Fxamarincallback%26nonce%3Daf1427d39dc2463697047a834169fdcf%26code_challenge%3DUUi0a9cfhrcGvzddV9eh0Lc8cdr5WE-ZwSzwbY7ReNQ%26code_challenge_method%3DS256%26state%3Daafde38b65044c35b83a1fcb8771de2e",
"severityLevel": "Information",
"properties": {
"AspNetCoreEnvironment": "Development",
"Protocol": "HTTP/1.1",
"Host": "localhost:44348",
"QueryString": "?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3DAnonymousCheckerClient%26client_secret%3Dsecret%26response_type%3Dcode%2520id_token%26scope%3Dopenid%26redirect_uri%3Dhttps%253A%252F%252Flocalhost%253A44348%252Fxamarincallback%26nonce%3Daf1427d39dc2463697047a834169fdcf%26code_challenge%3DUUi0a9cfhrcGvzddV9eh0Lc8cdr5WE-ZwSzwbY7ReNQ%26code_challenge_method%3DS256%26state%3Daafde38b65044c35b83a1fcb8771de2e",
"Scheme": "http",
"Path": "/account/login",
"DeveloperMode": "true",
"CategoryName": "Microsoft.AspNetCore.Hosting.Internal.WebHost",
"Method": "GET"
}
}
}
}
Having analyzing the IdentityServer4 from Git this /authorize endpoint only accepts GET's and no user/pw.
Edit 01: I've checked this resource and it confuses me with my scenario (1)...