-
Notifications
You must be signed in to change notification settings - Fork 52
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unhandled exception when user is not assigned to the client application #120
Comments
Hi @liiri , We apologize for the inconvenience. Would you mind answering a few questions? This info will help us to understand your use case better 😄 .
Thanks! |
Using Okta. AspNetCore 3.1.1, MVC var oktaMvcOptions = new OktaMvcOptions
{
OktaDomain = configuration.GetValueWithEnv("App:Okta:Domain", string.Empty),
ClientId = configuration.GetValueWithEnv("App:Okta:ClientId", string.Empty),
ClientSecret = configuration.GetValueWithEnv("App:Okta:ClientSecret", string.Empty),
Scope = new List<string> {"openid", "profile", "email", "groups"}
};
// ...
services.AddAuthentication(...).AddCookie(...).AddOktaMvc(_oktaMvcOptions);
// ...
[AllowAnonymous]
[Route("signin")]
[HttpPost]
public async Task<IActionResult> SignInAsync([FromQuery] string returnUrl)
{
return Challenge(
new AuthenticationProperties
{
RedirectUri = returnUrl.OrIfEmpty("/")
},
OktaDefaults.MvcAuthenticationScheme
);
}
[AllowAnonymous]
[Route("signout")]
[HttpPost]
public async Task<IActionResult> SignOutAsync()
{
await HttpContext.SignOutAsync();
return SignOut(
OpenIdConnectDefaults.AuthenticationScheme,
CookieAuthenticationDefaults.AuthenticationScheme
);
} You can also reproduce the 500 error also by adding random strings to the I'm not using any of the public examples, I'm using a production account. |
Thanks for the info @liiri ! So, if I understand correctly, you have some Okta users trying to sign in to your application, but since they were not assigned to the corresponding Okta application, you have an unhandled exception. You would like to be able to configure error handling when using this SDK, am I correct? |
That's correct. I fixed the problem by assigning the users to the app, but I would like to be able to handle future cases of misconfiguration. |
Thanks for your feedback ❤️ ! We will discuss this feature with the team and prioritize accordingly. |
I also have this issue. I'm using ASP.NET MVC. No samples, production account as well. Everything works fine if the user is assigned to the app, but not all users should be assigned to the app, so we need to be able to handle this case. |
Hi @misterflippy , Thank you for reporting this issue. It's expected that users are assigned to an application before signing in. In order to understand your use case better, can you give me more details of why do you need not assigned users to be able to login to your application? |
I'm working with a large organization that has a single sign-on system in place. Not all users are assigned to the application that I'm working on, but they are still able to log in via Okta, and would be assigned to other applications. We don't need the users to be able to log in to this application per se, but we do need to be able to handle this case, if nothing else to display an "unauthorized" error page. I am currently catching this exception in Global.asax.cs/Application_Error, and I think this will work for us, but it's not clear how we're expected to handle this case. The Okta server sends the error response back to the RedirectUri, but you apparently can't catch the exception at that point, which is confusing. The underlying OpenId library has an OnAuthenticationFailed event which appears to be the expected way to handle errors, but the events aren't exposed in this library. |
Thanks for providing more details. This is definitely something we want to take a look at. |
Fixed in #128. |
Good news, the latest release includes the ability to handle exceptions using your custom code:
|
I got an error because
User is not assigned to the client application
, which is legitimate. However, the error is thrown and unhandled. Moreover, I don't seem to be able to handle it on my own.Full exception and stack:
I think if I could register to
OpenIdConnectEvents.OnAuthenticationFailed
that might help, but am not sure its sufficient.I'd expect Okta to fail the login in the first place, and not redirect back to my app.
What is the expected scenario here and how can I handle this case?
The text was updated successfully, but these errors were encountered: