Login/Register
Identity Server 4/nativescript Hangs
Asked Answered
Solved c#asp.net-core-mvcnativescriptidentityserver4
G

3

9

I have the following client:

new Client
{
    ClientId = "nativeapptest",
    ClientName = "Native App Test",
    Enabled = true,
    RequireClientSecret = false,
    AllowedGrantTypes = GrantTypes.Code,
    RedirectUris = { "com.mysite.nativeapp.12365789785256-buv2dwer7jjjjv5fckasdftn367psbrlb:/home" },
    AllowedScopes =
    {
        IdentityServerConstants.StandardScopes.OpenId,
        IdentityServerConstants.StandardScopes.Profile,
        "MyScope"
    },
    RequirePkce = false,
    AllowOfflineAccess = true,
    RequireConsent = false
}

I am using native-script to build an android app that can log in with Identity Server 4. What currently happens is that I make a request to IS4 by opening a browser and using all the correct OpenID configuration and I end up on the login screen which then I choose to login with Google. Once on google, I enter my email and password and its all good and then Google tries to send me back to my site but it just hangs... Its a white page with nothing loaded and its just sits there forever, there are no error messages logged by is4 as far as I can tell.

The login part above for nativescript is from OAutho2 library https://www.npmjs.com/package/nativescript-oauth2

I'm trying to understand would this be a problem on the IS4 or the native Android application. Is the page hanging because it is waiting on the android application to take over having the login have worked? Mabye the problem is with the RedirectURI Scheme?

The URL it hangs on is as follows:

http://login.mysite.com/connect/authorize?client_id=nativeapptest&response_type=code&redirect_uri=com.mysite.nativeapp.12365789785256-buv2dwer7jjjjv5fckasdftn367psbrlb%3A%2Fhome&scope=openid%20profile%20MySite&response_mode=query&st

EDIT:

Since I'm running this on the actual server, I can't debug it directly, however, I did add logs to see how far the code goes. My logs tell me that the user was logged in by google and my system and my logs also show that ExternalCallback has redirected the page to

/connect/authorize/callback?client_id=nativeapptest&response_type=code&redirect_uri=com.mysite.nativeapp%3A%2F%2Fhome&scope=openid%20profile%20MyScope&response_mode=query&state=abcd

At this point, the page hangs.

Please note that we changed RedirectUri to com.mysite.nativeapp to help with testing.

Lastly, I'm not sure if it matters, but we are not using https as this is still development phase.

Geothermal answered 30/12, 2018 at 19:38 Comment(7)
redirect URI needs to be a web URL. You can't redirect to a application like that. you are using the wrong grant type for authentication.Farrison
@DaImTo Should I be using Hybrid then? Also, if it is a web URL then how am i suppose to redirect back to the mobile application? What should the URL look like as anything we put in will not exist, or should it exist? Could you maybe give an example?Geothermal
@Bojan have you looked at this with Chrome DevTools Network tab yet and / or with Fiddler on Windows or Charles Proxy on Mac with https decryption enabled? If not, you need to do one or both of those things to definitively establish the exact URL it is calling and what headers it is passing as well as what response, if any, it is getting. Once that is established you can open your service code with a debugger or logging and see why it’s not returning a response from that method. It is unlikely anyone can solve this problem unless you have done the above, which will enable you to solve it.Daybreak
what is the google registered callback is it localhost:5000/signin-googleNetty
@MohamedElrashid I have updated the answer. Also its not localhost, its mysite.com (excluding the actual name for security reasons)Geothermal
the registered callback on google console , and are hostin the identity server in the same project as the mvc api or you are using stand alone identity server project and othe project for the apiNetty
@MohamedElrashid currently there is no api involved in this process. We are just trying to get login to work. Identity Server is a standalone project. As for the google registered callback, that is all configured correctly because this same code works fine with Implicit Grant type and a SPA application, we have already tested this and works without issues.Geothermal
N
6

just finsed the sample app

Step 01

We will open a Run window

On the keybord press

Windoes Key + R

wait

Step 02

We will open a cmd Window

On the Run window text-Input write 

cmd

on the Keybord press

Enter

Step 03

We will make a directory and make it the working directory for our cmd

On the CMD Window write

mkdir D:\Experiments\E.IDser.NativeScript

cd /d D:\Experiments\E.IDser.NativeScript

Step 04

We will make a clone the sample project

On the CMD Window write

git clone https://github.com/Elrashid/nativescript-client-and-identity-server-sample.git

cd nativescript-client-and-identity-server-sample

Step 05

Now will run the apps

On the CMD Window write

Start.bat

Step 06

how to use

enter image description here enter image description here enter image description here

enter image description here enter image description here enter image description here

why

1    app
              +---+
                  |
     identity     |
2    server       |
                  |
                  |
                  |
3    google       +-+   user
                  |     intractiom
                  |
                  |       your
     identity     |       app
4    server       | <---+ stop
              +---+       here

5     app     +---+
                  |
                  |
                  |
     identity     +--+  background
6    server       |
                  |
                  |
7     app         |
               +--+

see register a custom URL scheme for Android

<data 
android:path="/home"
android:scheme="com.mysite.nativeapp
            .12365789785256-buv2dwer7
            jjjjv5fckasdftn367psbrlb"
/>

also you can try 

 tns debug android

Erorr This site cannot be reached

communication between Identity Server and Native-Script

  • run

    nativescript-client-and-identity-server-sample/Start.bat

  • do not run run 

    "nativescript-client-and-identity-server-sample/identity-server/Start.bat"
"nativescript-client-and-identity-server-sample/nativescript-client/Start.bat"

  • native script app should run in in android emulator

    enter image description here

  • identity server should be run in local machine at port 5010

  • check in your windows browser you can open

    http://localhost:5010

  • if yes

  • check in your **android emulator ** browser you can open

    http://10.0.2.2:5010

  • what is 10.0.2.2 ?

    special alias to your android emulator host loopback interface

  • can i change where my host 10.0.2.2 ?

    open nativescript-client\app\my-oauth-provider.ts

        public authority = "http://10.0.2.2:5010";
    public tokenEndpointBase = "http://10.0.2.2:5010";
    public cookieDomains = ["10.0.2.2:5010"];

  • change http://10.0.2.2:5010 to your web address

Netty answered 4/1, 2019 at 6:47 Comment(4)
I will take a look at this tonight and give it a try. Thanks for posting it, I'll let you know how it goes.Geothermal
Hello Mohammed, I tried running your sample and when I tap 'Login' it tries to lood and then says 'This site cannot be reached'. http://10.0.2.2:5010/connect/authorize?client_id=js&response_type=code&redirect_uri=com.googleusercontent.apps.932931520457-buv2dnhgo7jjjjv5fckqltn367psbrlb%3A%2Fauth&scope=openid%20app2api%20offline_access&response_mode=query&state=abcd is unreachable. Search Google for 5010 connect authorizeThrombosis
We are still in process of testing and trying to get your app to work with our server to see where we've gone wrong. Don't worry I won't let the bounty expire. Just wanted to get it to work first in case we had more questions.Geothermal
We've unfortunately run into hardware problems and will take us longer to figure all this out. As the bounty was about to expire I've awarded it to you because your example has gotten us at the least a step further from where we were. Before the pc failed we were able to connect to our server and get redirected back to the app,so we got past the white screen that we had before, however, we were not able to retrieve the JTW token which is the end result, so we're going to fix up the pc and then keep trying.Geothermal
K
0

I had the same issue, I realised that the custom url scheme was not registered correctly. I had to reinstall the app in the emulator. After updating the AndroidManifest.xml correctly and wiping the data of the emulator it worked.

Kelbee answered 14/12, 2019 at 2:1 Comment(0)
W
0

When I started my project, I decided to put uppercase in my custom url scheme.

<intent-filter>
            <action android:name="android.intent.action.VIEW"/>
            <category android:name="android.intent.category.DEFAULT" />
            <category android:name="android.intent.category.BROWSABLE" />
            <!-- Custom URL Schemes -->
            <data android:scheme="com.mydomain.MyApp"/>
</intent-filter>

I changed it to lowercase in the ApplicationManifest.xml and in the IdentityServer4 client config and everything started working.

<intent-filter>
            <action android:name="android.intent.action.VIEW"/>
            <category android:name="android.intent.category.DEFAULT" />
            <category android:name="android.intent.category.BROWSABLE" />
            <!-- Custom URL Schemes -->
            <data android:scheme="com.mydomain.myapp"/>
</intent-filter>

IdentityServer4

RedirectUris = { $"com.mydomain.myapp://auth" },
Westing answered 13/3, 2021 at 3:53 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.