I’m banging my head trying to finish up a Xamarin app connecting to IdentityServer4. I have three methods of authentication: Google, Facebook, and direct login on the ASP.NET app/API. The first two are currently working. The last one works for Android. iOS will not work. The redirect_uri is "com.myapp.mobile" (no colon or slashes, unlike Android, because the iOS browser won’t allow it. This was added to the AllowedRedirectUris. When the browser loads the IS4 login page, I get a malformed redirect_uri. Please see the raw data. How do these not match?
malformed redirect_uri: "com.myapp.mobile"
AuthorizeRequestValidationLog { ClientId: "tcpmobileclient", ClientName: "Top Chrome Pro Mobile Client", RedirectUri: null, AllowedRedirectUris: ["com.myapp.mobile", "com.myapp.mobile://callback"], SubjectId: "anonymous", ResponseType: null, ResponseMode: null, GrantType: null, RequestedScopes: "", State: null, UiLocales: null, Nonce: null, AuthenticationContextReferenceClasses: null, DisplayMode: null, PromptMode: "", MaxAge: null, LoginHint: null, SessionId: null, Raw: [("response_type": "code id_token"), ("nonce": "YjbXSWGHC3lCsUrRJQAiJw"), ("state": "IbYJo3pqC76LExrAdw-Udw"), ("code_challenge": "oemC7UzZO7lyDv63iDnuVHQQZCmN4bsDAOsNmEr50pI"), ("code_challenge_method": "S256"), ("client_id": "tcpmobileclient"), ("scope": "openid profile email offline_access IdentityServerApi"), ("redirect_uri": "com.myapp.mobile")] }
Edit: just confirmed this is now happening on Android as well.
2
Answers
I was able to resolve this by changing the redirect URI to
com.myapp.mobile://
Sorry for the confusion on my part.It’s complaining because it’s not actually a valid URI and the validation logic checks that:
See line 323 here: https://github.com/IdentityServer/IdentityServer4/blob/3ff3b46698f48f164ab1b54d124125d63439f9d0/src/IdentityServer4/src/Validation/Default/AuthorizeRequestValidator.cs