Trying to get Thinktecture IdentityServer sample CodeFlowClient to work

Question

I am looking at the Thinktecture IdentityServer CodeFlowClient sample in the OIDC solution. I am having trouble getting it to run. It uses OpenIdConnectAuthenticationModule defined in the Thinktecture.IdentityModel.Oidc project. Within this class I am having problems reading oidcstate from the cookie. Please see the following code.

// read and parse state cookie
var cookie = new ProtectedCookie(ProtectionMode.MachineKey);
var storedState = cookie.Read("oidcstate");
ProtectedCookie.Delete("oidcstate");

var separator = storedState.IndexOf('_');

The value of variable storedState is null. What I am confused about is that oidcstate is written in OnEndRequest which is called after AuthenticateAsync. AuthenticateAsync has the cookie read code. Please see the code in OnEndRequest below.

var cookie = new ProtectedCookie(ProtectionMode.MachineKey);
cookie.Write("oidcstate", state + "_" + returnUrl, DateTime.UtcNow.AddHours(1));

There is no where else where oidcstate is written, so I don't know what I have done wrong. How can oidcstate be written before it is read?

Also what is the appRelativeCallbackUrl field on the iodcClient config? It has a default value of "~/oidccallback". In AuthenticateAsync it is compared with the request AppRelativeCurrentExecutionFilePath. Please see the code below.

var appRelativeCallbackUrl = config.AppRelativeCallbackUrl;
if (context.Request.AppRelativeCurrentExecutionFilePath.Equals(appRelativeCallbackUrl, StringComparison.OrdinalIgnoreCase))
{

Should it have a value of "~/Home"?

Any help with this would be greatly appreciated,

Regards Ben

Answer 1

EndRequest is called first - it initiates the roundtrip to the OIDC provider - while doing that it persists the state cookie.

The OIDC provider must be configured to call back on the callback URL (by default /oidccallback relative to app root).

Then AuthenticateRequest is invoked and the cookie is read back.