c# - Need help resolving redirect_uri_mismatch error -
i'm using google/facebook/linkedin authentication on asp.net mvc 5 website. reason, every once in while, users complain not being able login because redirect_uri_mismatch error.
as said, what's strange error seems happen intermittently , users. i'm including code down below can point out i'm doing wrong.
here's startup.cs file code
using system; using system.collections.generic; using system.linq; using system.security.claims; using system.web; using owin; using owin.security.providers.linkedin; using microsoft.owin.security.cookies; using microsoft.owin.security.facebook; using microsoft.owin.security.google; namespace mywebsite { public class startup { public void configuration(iappbuilder app) { // set app use cookies authentication var cookieoptions = new cookieauthenticationoptions { authenticationtype = "cookies", cookiesecure = cookiesecureoption.sameasrequest, expiretimespan = timespan.fromminutes(60), slidingexpiration = true, loginpath = new microsoft.owin.pathstring("/account/login") }; app.usecookieauthentication(cookieoptions); // set external authentication var externalcookieoptions = new cookieauthenticationoptions { authenticationtype = "externalcookie", cookiesecure = cookiesecureoption.sameasrequest, expiretimespan = timespan.fromminutes(10), authenticationmode = microsoft.owin.security.authenticationmode.passive, cookiemanager = new helpers.systemwebcookiemanager() }; app.usecookieauthentication(externalcookieoptions); #region facebook authentication var fboptions = new facebookauthenticationoptions { authenticationtype = "facebook", appid = "myfacebookappidgoeshere", appsecret = "myfacebookappsecretgoeshere", signinasauthenticationtype = "externalcookie", provider = new facebookauthenticationprovider { onauthenticated = async ctx => { var token = ctx.accesstoken; var id = ctx.id; var firstname = ctx.user["first_name"]; var middlename = ctx.user["middle_name"]; var lastname = ctx.user["last_name"]; var gender = ctx.user["gender"]; var birthday = ctx.user["birthday"]; var email = ctx.user["email"]; var username = ctx.user["username"]; ctx.identity.addclaim(new claim("urn:mywebsite:authorityid", "1", claimvaluetypes.string, "facebook")); if (id != null) { ctx.identity.addclaim(new claim(claimtypes.nameidentifier, id.tostring(), claimvaluetypes.string, "facebook")); } if (firstname != null) { ctx.identity.addclaim(new claim(claimtypes.givenname, firstname.tostring(), claimvaluetypes.string, "facebook")); } if (middlename != null) { ctx.identity.addclaim(new claim("urn:facebook:middle_name", middlename.tostring(), claimvaluetypes.string, "facebook")); } if (lastname != null) { ctx.identity.addclaim(new claim(claimtypes.surname, lastname.tostring(), claimvaluetypes.string, "facebook")); } if (gender != null) { ctx.identity.addclaim(new claim(claimtypes.gender, gender.tostring(), claimvaluetypes.string, "facebook")); } if (birthday != null) { ctx.identity.addclaim(new claim(claimtypes.dateofbirth, birthday.tostring(), claimvaluetypes.string, "facebook")); } if (email != null) { ctx.identity.addclaim(new claim(claimtypes.email, email.tostring(), claimvaluetypes.string, "facebook")); } ctx.identity.addclaim(new claim("fb.token", token)); }, onreturnendpoint = async ctx => { if (ctx.identity == null) { // user not authenticated throw new httpexception(403, "unable authenticate facebook..."); } else { if (ctx.properties.dictionary.containskey("returnurl")) { ctx.redirecturi += "?returnurl=" + ctx.properties.dictionary["returnurl"]; } } } } }; fboptions.scope.add("user_birthday"); fboptions.scope.add("email"); app.usefacebookauthentication(fboptions); #endregion #region google authentication var googleoptions = new googleoauth2authenticationoptions { authenticationtype = "google", clientid = "mygoogleclientidgoeshere", clientsecret = "mygoogleclientsecretgoeshere", signinasauthenticationtype = "externalcookie", provider = new googleoauth2authenticationprovider { onauthenticated = async ctx => { var token = ctx.accesstoken; var id = ctx.id; var firstname = ctx.givenname; var middlename = ctx.user["middle_name"]; var lastname = ctx.familyname; var gender = ctx.user["gender"]; var birthday = ctx.user["birthday"]; var email = ctx.email; var username = ctx.user["username"]; ctx.identity.addclaim(new claim("urn:mywebsite:authorityid", "3", claimvaluetypes.string, "google")); if (id != null) { ctx.identity.addclaim(new claim(claimtypes.nameidentifier, id.tostring(), claimvaluetypes.string, "google")); } if (firstname != null) { ctx.identity.addclaim(new claim(claimtypes.givenname, firstname.tostring(), claimvaluetypes.string, "google")); } if (middlename != null) { ctx.identity.addclaim(new claim("urn:google:middle_name", middlename.tostring(), claimvaluetypes.string, "google")); } if (lastname != null) { ctx.identity.addclaim(new claim(claimtypes.surname, lastname.tostring(), claimvaluetypes.string, "google")); } if (gender != null) { ctx.identity.addclaim(new claim(claimtypes.gender, gender.tostring(), claimvaluetypes.string, "google")); } if (birthday != null) { ctx.identity.addclaim(new claim(claimtypes.dateofbirth, birthday.tostring(), claimvaluetypes.string, "google")); } if (email != null) { ctx.identity.addclaim(new claim(claimtypes.email, email.tostring(), claimvaluetypes.string, "google")); } ctx.identity.addclaim(new claim("google.token", token)); }, onreturnendpoint = async ctx => { if (ctx.identity == null) { // user not authenticated throw new httpexception(403, "unable authenticate google..."); } else { if (ctx.properties.dictionary.containskey("returnurl")) { ctx.redirecturi += "?returnurl=" + ctx.properties.dictionary["returnurl"]; } } } } }; googleoptions.scope.add("openid"); googleoptions.scope.add("email"); googleoptions.scope.add("profile"); app.usegoogleauthentication(googleoptions); #endregion #region linkedin authentication var linkedinoptions = new linkedinauthenticationoptions { authenticationtype = "linkedin", clientid = "mylinkedinclientidgoeshere", clientsecret = "mylinkedinclientsecretgoeshere", signinasauthenticationtype = "externalcookie", provider = new linkedinauthenticationprovider { onauthenticated = async ctx => { var token = ctx.accesstoken; var id = ctx.id; var firstname = ctx.user["first_name"]; var middlename = ctx.user["middle_name"]; var lastname = ctx.user["last_name"]; var gender = ctx.user["gender"]; var birthday = ctx.user["birthday"]; var email = ctx.email; var username = ctx.user["username"]; ctx.identity.addclaim(new claim("urn:mywebsite:authorityid", "4", claimvaluetypes.string, "linkedin")); if (id != null) { ctx.identity.addclaim(new claim(claimtypes.nameidentifier, id.tostring(), claimvaluetypes.string, "linkedin")); } if (firstname != null) { ctx.identity.addclaim(new claim(claimtypes.givenname, firstname.tostring(), claimvaluetypes.string, "linkedin")); } if (middlename != null) { ctx.identity.addclaim(new claim("urn:linkedin:middle_name", middlename.tostring(), claimvaluetypes.string, "linkedin")); } if (lastname != null) { ctx.identity.addclaim(new claim(claimtypes.surname, lastname.tostring(), claimvaluetypes.string, "linkedin")); } if (gender != null) { ctx.identity.addclaim(new claim(claimtypes.gender, gender.tostring(), claimvaluetypes.string, "linkedin")); } if (birthday != null) { ctx.identity.addclaim(new claim(claimtypes.dateofbirth, birthday.tostring(), claimvaluetypes.string, "linkedin")); } if (email != null) { ctx.identity.addclaim(new claim(claimtypes.email, email.tostring(), claimvaluetypes.string, "linkedin")); } ctx.identity.addclaim(new claim("linkedin.token", token)); }, onreturnendpoint = async ctx => { if (ctx.identity == null) { // user not authenticated throw new httpexception(403, "unable authenticate linkedin..."); } else { if (ctx.properties.dictionary.containskey("returnurl")) { ctx.redirecturi += "?returnurl=" + ctx.properties.dictionary["returnurl"]; } } } } }; app.uselinkedinauthentication(linkedinoptions); #endregion } } }
in settings google, facebook , linkedin, had http://www.yourdomain.com/signin-{socialsite} redirect uri. when added http://yourdomain.com/signin-{socialsite}, fixed issue. if you're having issue, please make sure have return uri , without "www".
Comments
Post a Comment