I wish to extend a bit Squidex by adding my own Identity Server. I am able to reach my server, login but cannot seem to get the redirection right. Can you assist, please?
This is how I am setting up Squidex (rudimentary code for testing purposes):
Signup Page using an external resource (My identity server will be used only for username and password purposes, I do not want to re-invent the wheel and create all the user management inside Squidex).
Login page (here we are on my Identity server, just as if it a Google or MS Login page).
Unsuccessful redirection (This part I need help with).
“exception”: {
“type”: “System.Exception”,
“message”: “An error was encountered while handling the remote login.”,
“stackTrace”: " at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler1.HandleRequestAsync()\r\n at IdentityServer4.Hosting.FederatedSignOut.AuthenticationRequestHandlerWrapper.HandleRequestAsync() in C:\\local\\identity\\server4\\IdentityServer4\\src\\IdentityServer4\\Hosting\\FederatedSignOut\\AuthenticationRequestHandlerWrapper.cs:line 38\r\n at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)\r\n at Microsoft.AspNetCore.Cors.Infrastructure.CorsMiddleware.Invoke(HttpContext context)\r\n at IdentityServer4.Hosting.BaseUrlMiddleware.Invoke(HttpContext context) in C:\\local\\identity\\server4\\IdentityServer4\\src\\IdentityServer4\\Hosting\\BaseUrlMiddleware.cs:line 36\r\n at Microsoft.AspNetCore.Builder.Extensions.MapMiddleware.Invoke(HttpContext context)\r\n at Microsoft.AspNetCore.Builder.Extensions.MapMiddleware.Invoke(HttpContext context)\r\n at Microsoft.AspNetCore.Builder.Extensions.MapMiddleware.Invoke(HttpContext context)\r\n at Microsoft.AspNetCore.Builder.Extensions.MapMiddleware.Invoke(HttpContext context)\r\n at Squidex.Pipeline.RequestLogPerformanceMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) in C:\\Git Repositories\\cmsdemofork\\src\\Squidex\\Pipeline\\RequestLogPerformanceMiddleware.cs:line 33\r\n at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass5_1.<<UseMiddlewareInterface>b__1>d.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at Squidex.Pipeline.EnforceHttpsMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) in C:\\Git Repositories\\cmsdemofork\\src\\Squidex\\Pipeline\\EnforceHttpsMiddleware.cs:line 29\r\n at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass5_1.<<UseMiddlewareInterface>b__1>d.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at Microsoft.AspNetCore.Cors.Infrastructure.CorsMiddleware.Invoke(HttpContext context)\r\n at Squidex.Pipeline.LocalCacheMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) in C:\\Git Repositories\\cmsdemofork\\src\\Squidex\\Pipeline\\LocalCacheMiddleware.cs:line 30\r\n at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass5_1.<<UseMiddlewareInterface>b__1>d.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication1 application)"
},
“app”: {
“name”: “Squidex”,
“version”: “1.0.0.0”,
“sessionId”: “a7e3f098-eb31-420d-a462-7adb048018b6”
},
“web”: {
“requestId”: “be0028e4-1938-48e9-9919-2c6cfbd36f5c”,
“requestPath”: “/identity-server/signin-oidc”,
“requestMethod”: “POST”
},
“timestamp”: “2018-08-18T14:20:09.7493435Z”,
“category”: “Microsoft.AspNetCore.Server.Kestrel”
}
Some progress has been made, I was able to register a user with my Open Id Connect implementation. Yet, for some reason when I try to login with said user, even though I can see it is successful (I can even login as an admin and see the users), I am being redirected again to the login page.
In overall my branch of squidex is acting as a “resource” within the oauth2 terminology, instead of providing identity.
So basically your authentication and http request flow should look like this:
Client software -> authenticates with external identity server -> gets token -> sends request with token to squidex -> squidex validates token -> gets role information from external identity server -> authorizes the requests -> send response
Somehow I am able to log in but the behavior is very haphazard. For example, in order to login with my external login I logged, got redirected to the login page, restarted npm and the application, debugged the solution again and it worked! I am suspecting it might have to do something with caching in the angular app. If that is the case is there a way to disable caching completely (from the app not Chrome) to try it
@pushrbx Thank you but I do not feel the need to unplug the current implementation of identity server from the Squidex solution. If you do not agree I am open to your suggestions. What I want is another method to Authenticate, like Google. I did manage to achieve this and was able to register a user But sometimes the login is working haphazardly, I log in and get redirected to the login screen again, this happened with Google authentication too and my colleague reported that even with admin login.