<div dir="ltr"><div><div>Hi!<br><br></div><div>After a while I managed to get this .NET sample project working (Log in/out) with Keycloak!<br></div>I changed the .NET client code to use 'id_token' as the OIDC ResponseType. See the <a href="https://github.com/rafaeltuelho/IdentityServer4.Samples/blob/dev/MVC%20and%20API/src/AspNetCoreAuthentication/Startup.cs#L42">line #42.</a> <br><br></div>o/<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jul 26, 2016 at 2:00 AM, Rafael Soares <span dir="ltr"><<a href="mailto:rsoares@redhat.com" target="_blank">rsoares@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><br><div><div><div><div>I'm trying to integrate an ASP .NET Core client web app with Keycloak using the .NET Core native OIDC Support.<br><br></div>For this I'm using a sample project available in the IdentityServer Github repo [1]. IdentityServer is an OIDC Auth Server/Framework implementation for .NET platform.<br><br></div>I forked that sample repo and changed the configuration to use the Keycloak OIDC endpoints. <br></div>The code snippet changed to use keycloak endpoint is <a href="https://github.com/rafaeltuelho/IdentityServer4.Samples/blob/dev/MVC%20and%20API/src/AspNetCoreAuthentication/Startup.cs#L37" target="_blank">this one</a>. <br><br></div>I was able to run this code on my RHEL 7 box using .NET Core for Linux [2]. In the KC side I just created a new realm and a client (see the dotnetcore.json realm config attached). The web app starts and the secured pages/resources redirects the user to the Keycloak endpoint, but after the user authenticates and KC responds the request the following error occurs on .NET client side:<br><br><div style="margin-left:40px">"<span style="font-family:monospace,monospace">OpenIdConnectProtocolInvalidCHashException: IDX10307: <b>The 'c_hash' claim
was not found in the id_token</b>, but a 'code' was in the
OpenIdConnectMessage, id_token:
'{"alg":"RS256","typ":"JWT"}.{"jti":"cae47265-327e-4961-aeb2-6615713cc6f8","exp":1469508079,"nbf":0,"iat":1469507779,"iss":"<a href="http://localhost:8080/auth/realms/dotnetdemo" target="_blank">http://localhost:8080/auth/realms/dotnetdemo</a>","aud":"dotnetcore","sub":"b8a10870-3abd-487b-802e-e57307eafc14","typ":"ID","azp":"dotnetcore","nonce":"636051045638599850.NTdmY2FhNWQtYzNmYi00Zjg1LWFlZjItYmViYzBmZTgwMjYzZDMwMDdlYzYtMGJiMS00OWY1LTlhZTQtY2VjNWYyMzM2Yzhl","session_state":"b3010cce-24ac-426b-969a-cccefe41711f","name":"dot
NET","preferred_username":"dotnetuser","given_name":"dot","family_name":"NET","email":"<a href="mailto:donetuser@localhost.com" target="_blank">donetuser@localhost.com</a>"}'</span>"<br></div><div><div><div><br></div><div>Searching for this message "<span style="font-family:monospace,monospace"><b>The 'c_hash' claim
was not found in the id_token</b></span>" I found the issue <b>KEYCLOAK-3286</b> [3]. Does this error have something to do with the <b>KEYCLOAK-3286?</b><br><br></div><div>Does some one tried to integrate a .NET app with Keycloak using OIDC protocol?<br></div><div><br>[1] <a href="https://github.com/IdentityServer/IdentityServer4.Samples" target="_blank">https://github.com/IdentityServer/IdentityServer4.Samples</a><br>[2] <a href="https://www.microsoft.com/net/core#redhat" target="_blank">https://www.microsoft.com/net/core#redhat</a><br>[3] <a href="https://issues.jboss.org/browse/KEYCLOAK-3286" target="_blank">https://issues.jboss.org/browse/KEYCLOAK-3286</a><span class="HOEnZb"><font color="#888888"><br clear="all"><div><div><br>-- <br><div data-smartmail="gmail_signature"><div dir="ltr"><pre cols="72">___
Rafael T. C. Soares</pre>
</div></div>
</div></div></font></span></div></div></div></div>
</blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><pre cols="72">___
Rafael T. C. Soares | Solution Architect
JBoss Enterprise Middleware | Red Hat Brazil
Mobile: +55 71 98181-3636
Phone: +55 11 3529-6096
</pre>
</div></div>
</div>