1

I understand that .net provides default value for the callback url which is /signin-oidc.
I also understand we could override that value upon adding the authentication service to the DI, say I give it the value of /my-webapp-home-page.
What I don't know is, what would happen in case I override that value:

  • should I create an endpoint for it? and if I do, what is expected from it?
  • or, .net would still handle things the same way it would have done for the default value /signin-oidc
  • and what if i'm not in a .net environment, should I create en endpoint for that callback and do some logic? or is it just some kind of text value that would serve to check whether i'm talking to the right client and not someone who tries to steal information (from an authorization server perspective)

If someone could clarify this point, that would be awesome, thank you

MoBe
  • 61
  • 5
  • 1
    Check [link1](https://github.com/dotnet/aspnetcore/issues/22125),[link2](https://stackoverflow.com/questions/57164127/the-oauth-state-was-missing-or-invalid-an-error-was-encountered-while-handling), If you specify `CallbackPath` to a controller/action endpoint, you will get an error `Exception: The oauth state was missing or invalid. Unknown location` – Xinran Shen Jun 08 '23 at 06:56
  • Yep, those are pretty good links. To sum things up, wether we change the callback or not does't change anything as long as we're using the same value in the identity provider (authorization server). Also, that callback endpoint is handled internally by the authentication middleware. Thank you @XinranShen – MoBe Jun 08 '23 at 07:55
  • I'm just gonna add one more statement that gets me, and maybe other people, confused. I've read in wso2, and perhaps other famous references, the following statement: "*The Callback Url is the exact location in the service provider's application to which an access token will be sent. **This URL should be the URL of the page that the user is redirected to after successful authentication.***" – MoBe Jun 08 '23 at 09:01

0 Answers0