Get original client on federated error using ASP.NET Core Identity and Duende

[damienbod]

I’m implementing an OIDC federation in a Duende server using ASP.NET Core Identity. When the federation fails, I get an OIDC remote error. I would like to redirect back to the original client application (multiple clients) that started the authentication flow. I can handle the event with the OnMessageReceived handler, but I have no info about the original client which started the request.

Anyone got an idea if this is possible or do I need to persist something in a session with the client_id? I cannot get/find the info using the IIdentityServerInteractionService interface because I don’t have the original redirect URI in the error response. Any ideas?

[maartenba]

Hi @damienbod ! In this case, OnRemoteFailure is going to be more convenient as that will typically contain the IdentityServer's return URL (which has the client ID info in the query string):

options.Events = new OpenIdConnectEvents
{
    OnRemoteFailure = async context =>
    {
        var returnUrl = context.Properties?.Items["returnUrl"];
        if (!string.IsNullOrEmpty(returnUrl))
        {
            var interactionService = context.HttpContext.RequestServices.GetRequiredService<IIdentityServerInteractionService>();
            var authorizationRequest = await interactionService.GetAuthorizationContextAsync(returnUrl);
            
            var redirectUrl = authorizationRequest?.Client.RedirectUris.FirstOrDefault();
            
            if (!string.IsNullOrEmpty(redirectUrl))
            {
                // note: may want to add logging
                
                // note: redirect URL will typically be the /signin-oidc callback path of the app,
                // stripping that off here to redirect to app root without further detail
                
                context.HandleResponse();
                context.Response.Redirect(redirectUrl.Replace("/signin-oidc", ""));
            }
        }
    }
};