Unauthorized error when logging in with IdentityModel.OidcClient in MAUI

Jalza 756 Reputation points
2024-05-09T07:10:13.6466667+00:00

I am responsible for the development of a cross-platform application that must log in with OpenID. This application is developed in Xamarin.Forms, but I have to migrate it to MAUI. To log into the application I use the IdentityModel.OidcClient library. The authentication server is fully functional. I am not the one who develops and maintains the server.

The Xamarin.Forms application is able to log in without problems and obtain the full credentials: access token, refresh token, expiration, claims... The version I use of the library is IdentityModel.OidcClient 5.2.1. The authentication process follows the steps described in this link: Authentication in Xamarin Forms using Open Identity Connect and OAuth.

I am now trying to migrate this process to MAUI using the latest version of the library (6.0.0). For this, the first thing I have done is to download the sample code for MAUI and change only the following this:

  • MauiProgram.cs: OIDC options (Authority, ClientId, Scope, RedirectUri)
// setup OidcClient
builder.Services.AddSingleton(new OidcClient(new()
{
    Authority = "https://www.realdomain.es/openid/more/path/",
    ClientId = "myclientid",
    Scope = "openid",
    RedirectUri = "myscheme://localhost",
    Browser = new MauiAuthenticationBrowser()
}));
var url = new RequestUrl("myscheme://localhost")
    .Create(new Parameters(result.Properties));
const string CALLBACK_SCHEME = "myscheme";

When running the app on an Android device and logging in, the browser doesn't open and I get this error:

Unathorized: Failed to push authorization parameters

I am not able to find anything related to this error. Does anyone know what could be happening?

.NET
.NET
Microsoft Technologies based on the .NET software framework.
3,462 questions
.NET MAUI
.NET MAUI
A Microsoft open-source framework for building native device applications spanning mobile, tablet, and desktop.
2,985 questions
C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
10,390 questions
{count} votes

Accepted answer
  1. Leon Lu (Shanghai Wicresoft Co,.Ltd.) 69,466 Reputation points Microsoft Vendor
    2024-05-13T01:31:46.43+00:00

    Using the OIDC options from the demo to make a test, it is working.

    Answer from Jalza.

    Jalza looked for the error message in the source code of the library and found the following log

    _logger.LogDebug("The IdentityProvider contains a pushed authorization request endpoint. Automatically pushing authorization parameters. Use DisablePushedAuthorization to opt out.");
    

    After adding the DisablePushedAuthorization = true in the OidcClient option like following code, it is working.

    // setup OidcClient
    builder.Services.AddSingleton(new OidcClient(new()
    {
        Authority = "https://www.realdomain.es/openid/more/path/",
        ClientId = "myclientid",
        Scope = "openid",
        RedirectUri = "myscheme://localhost",
        Browser = new MauiAuthenticationBrowser(),
        DisablePushedAuthorization = true // To avoid error > Failed to push authorization parameters
    }));
    
    1 person found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Jalza 756 Reputation points
    2024-05-10T14:52:40.7966667+00:00

    I looked for the error message in the source code of the library and found the following log:

    _logger.LogDebug("The IdentityProvider contains a pushed authorization request endpoint. Automatically pushing authorization parameters. Use DisablePushedAuthorization to opt out.");
    

    So the solution is to add the DisablePushedAuthorization = true in the OidcClient options:

    // setup OidcClient
    builder.Services.AddSingleton(new OidcClient(new()
    {
        Authority = "https://www.realdomain.es/openid/more/path/",
        ClientId = "myclientid",
        Scope = "openid",
        RedirectUri = "myscheme://localhost",
        Browser = new MauiAuthenticationBrowser(),
        DisablePushedAuthorization = true // To avoid error > Failed to push authorization parameters
    }));