[maliming] said:
Hi
we changed the wildcard domain check logic to make it more secure.
different port mean different domains.
Thanks.
... so why does login allow the redirect. Why is the logout redirect validation stricter than the login's, when the login in fact passes back the token?
This did work. However, we still would like to understand what caused this breaking change. Especially since login allows the redirect, while logout doesn't. This doesn't feel right. Note that the wildcard domain was obviously already defined:
PreConfigure<AbpOpenIddictWildcardDomainOptions>(options =>
{
options.EnableWildcardDomainSupport = true;
options.WildcardDomainsFormat.Add("http://127.0.0.1:{0}");
});
[maliming] said: hi
The 400 error :
The end session request was rejected because the specified post_logout_redirect_uri was invalid: http://127.0.0.1:26908/Can you add
http://127.0.0.1:26908/to your application's post_logout_redirect_uri?
Like I mentioned earlier, the desktop app picks the port at random. Therefore, it is not feasible to add them manually to post logout redirect uris. Our inquiry is: what caused this breaking change, as this was working fine before the upgrade? How do make sure our existing, deployed, desktop apps continue to work as expected with the new backend.
[maliming] said: hi
Can you share the debug logs of your AuthServer website?
liming.ma@volosoft.com
https://abp.io/support/questions/8622/How-to-enable-Debug-logs-for-troubleshoot-problems
Thanks.
I sent you the logout logs.
We have a desktop application which resolves a random port, and uses it each time it calls login, to extract the token, and on logout to confirm successful browser logout. We have configured an open id application for this client app, with redirect uri, and post logout redirect uri (http//:127.0.0.1).
After upgrading from abp 8.2.2 to 9.1.1, login still works fine, howeover, logouts started coming back with 400 response code. Logs show the post logout redirect uri was rejected. Logging in/out using the portal still works fine.
OpenId Application Post LogOut Redirect Uri: http://127.0.0.1 Http Request post_logout_redirect_uri: http://127.0.0.1:31270/ Response Code: 400 Issue From Logs: The end session request was rejected because the specified post_logout_redirect_uri was invalid: http://127.0.0.1:31270/.
