Comments (4)
Discounting a bug on their side (e.g. presenting an HTML “whoops” page), I would suggest turning up logging and trying to trace what exact URL/headers/payload scenario makes them give you an HTML response instead of JSON.
You could also try intercepting the response before the handler reads it and consuming it to try and log out exactly what’s in the HTML you’re getting back.
If it is a bug on our end, I’m not sure what we could do to track it down without a reliable repro.
from aspnet.security.oauth.providers.
Thank you for the suggestions @martincostello they are appreciated. I am deploying debug logging now to see if that surfaces anything.
Do you have an example/resource of response interception by chance? I would be interested in trying this out.
Another interesting wrinkle that I have discovered: I have 3 environments on 2 AppService machines. 1 AppService machine is for testing and the other AppService machine is for staging/production (between slots). I tried just now to configure both staging and testing to enable DeviantArt and the testing works without problem, just like my local development. Both staging/production are on the same machine and are experiencing this issue. 🤔
from aspnet.security.oauth.providers.
Alright I have Verbose
enabled here in staging and I see the call to https://www.deviantart.com/oauth2/authorize
and this looks OK and performing a curl
on the resource returns a 302. The error then seems this occurs on the callback/return in /signin-deviantart
but I am not seeing any calls for a JsonDocument
or anything in the logs regarding a call for a resource.
Interesting to note that the call stack has the following frame:
at OAuthTokenResponse Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<TOptions>.PrepareFailedOAuthTokenReponse(HttpResponseMessage response, string body)
That seems to imply the token response is failed but I am not seeing a request for one.
from aspnet.security.oauth.providers.
FWIW I believe I was able to make the "intercept" as suggested:
The problem is that indeed the content being returned from an HTTP call is HTML and not Json which is what is expected. v6.0 gracefully handled this and displayed the Html content. .NET7 does not appear to do this. Perhaps this is an issue to file with aspnetcore repository?
Here is the HTML returned by DeviantArt on the error:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>403 ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
Request blocked.
We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
<BR clear="all">
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
<BR clear="all">
<HR noshade size="1px">
<PRE>
Generated by cloudfront (CloudFront)
Request ID: zYAlgqB1vrICGK6dIvvgEAqIPcVc_dPdH29edN9pu1i9mxPJ8FZMYA==
</PRE>
<ADDRESS>
</ADDRESS>
</BODY></HTML>
This is not an AspNetContrib issue so I am closing it for now. It would be nice to have the above tracked in aspnetcore, but if not that's OK too (now that I know how to intercept for any future issues).
In any case Happy Holidays to everyone out there 🎅🎄☃
from aspnet.security.oauth.providers.
Related Issues (20)
- EpicGames Provider HOT 1
- KeyNotFoundException: The given key was not present in the dictionary. HOT 8
- Vkontakte Provider - KeyNotFoundException: The given key was not present in the dictionary. HOT 2
- Apple Sign in redirects to blank page HOT 6
- ASP.NET Core 8 Support HOT 1
- Add support of the new LinkedIn API version format HOT 8
- Discord Provider StackOverflowException HOT 2
- Determine whether the Kloudless provider is still working HOT 2
- add wechat official account providers. HOT 1
- Shopify provider AuthenticationProperties must contain ShopNameAuthenticationProperty HOT 3
- MyGet.org is down HOT 6
- Update AspNet.Security.OAuth.LinkedIn to work with Sign In with LinkedIn using OpenID Connect HOT 2
- Weixin use qrcode login HOT 2
- Unable to retrieve OpenID configuration for Apple HOT 11
- how to implement external login provders(linkedin) login using .net core with openidconnect? HOT 1
- Twitter v2: The oauth state was missing or invalid. HOT 6
- X/Twitter v2 iPhone Browser Interception Issue: Correlation failed. HOT 7
- Cannot register all BattleNet Provider Regions at the same time. HOT 5
- Okta Provider not respecting Options settings HOT 3
- Multiple tenants for Okta at runtime HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aspnet.security.oauth.providers.