✅ Discord Authentication Redirection Issue
Hi.
I am new to C#/ASP.NET and just want this Discord OAuth "Challenge" to work properly.
Current Routes:
- "/auth/login"
- "auth/login-redirect"
The issue is: When I click "Authorize" on the Discord page and it's supposed to redirect me to my desired callback URL, it just hits the login route ("/auth/login") again. The redirect URL IS apparently hit, but nothing is executed like it should be.
EDIT: If I set the "RedirectUri" to "RedirectLogin", the code and state query parameters are not passed through.
Any help is greatly appreciated, thanks!
21 Replies
I feel I'm getting closer and closer to a fix, I think just an example on how this code should look would be really helpful, thanks!
bump
There seems to be some of your OAuth configurations that you may be missing on your authentication scheme. Could you show how your middleware is set up per chance? (Make sure to redact / blur any secrets if hardcoded)
I've set up a video of how I created a similar controller as in your screenshots
Hi. Sorry for the late reply!
I am currently not at my computer, but the middleware setup is close to the default setup Visual Studio provides.
I’ll send a screenshot when I can.
Sorry, I mispoke there. I meant OAuth Handler
Sorry, I’m really new to C#/asp.net, I don’t think I have an OAuth handler currently.
You can use a nuget package like Discord.OAuth2 but the code for it is rather simple, you could read through whats being done and implement it yourself if you want.
Then you can just do something like this in your service collection
Do note that if you use the nuget package, it does create a
/signin-discord
endpoint which needs to be whitelisted on the discord portal under redirects
eg.Thank you for this!
Out of curiosity, what is the difference between the package you sent and the package I am currently using (AspNet.Security.OAuth.Discord)?
I'm afraid that if I use the package you sent, it will possibly be the same issue.
This is what I currently have:
OK. From what I am maybe starting to understand: Do I not need a specific endpoint for the callback url (e.g, "/login-redirect")?
I thought I specifically needed to authorize the user (based on the code and state returned), but maybe the oauth package does that for you already?
This was my issue as far as I am aware. I shouldn't have made my own endpoint for the callback URL ("/login-redirect"), it should just be a function/task whatever tf it's considered in c# 😭 .
Thanks for the help
:ThumbsUp:
All the "Magic" happens within the DiscordHandler.cs CreateTicketAsync for the OAuth2
$close
If you have no further questions, please use /close to mark the forum thread as answered
This is some info the response in that method
The only thing thats sensitive info (or may be regarded as such) is email
"avatar" is https://cdn.discordapp.com/avatars/155396491853168640/ef602edb7a613a05c2293ab3fe1f2876.webp and other things are similar (banner)
Yeah
If all that happens within the handler, do I need to call this still?
I'd probably edit the implementation of the nuget package if I were you. People dislike seeing their usernames as logins. You can add the "global_name" to that and it will add it under claims
https://github.com/lukepfeiffer10/Discord.OAuth2/blob/master/src/Discord.OAuth2/DiscordOptions.cs#L23
Username as in "display name"?
The login redirect is the web page that discord will redirect the user to after they've authenticated
my username is
_arion
my display name is arion
gotcha
Yes, but that's what "LoginRedirect" was, just with an endpoint, but it was never firing as an endpoint, it works without the endpoint/route assigned to it
omg nvm
The redirect page is the page the user needs to goto after being "Signed in"
It's confusing coming from JavaScript I think
In javascript, I basically just made an endpoint called "login-redirect" which is what discord's redirect_uri was set to, and it would execute
in this scenerio, it doesn't, but calling it as a function (instead of making it an endpoint) which then redirects to a url path works
Try playing around with everything, the debugger is your friend, you can see the request headers, claims and everything during debugging
just stick a break point and it can tell you much about the current request
I believe the Authorization middleware is triggered first though, incase u wanna debug that too
Thank you!