Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 
h4ck3r8ug5
Contributor

.Net/C# AspNetCore MVC SSO with OpenIdConnect - returning IDX10000

Hi there,

I have AspNetcore MVC web app doing SSO using the nuget package OpenIdConnect. I using an web client type (from Qlik Cloud).

I'm very new to Qlik but very familar with OAuth and C#.

What I'm trying to do is create a login page that performs sso against Qlik and when the call returns, print out Claims from the ClaimsPrincipal. I've done this on multiple occasions with KeyCloak, Azure AD but when it comes to Qlik, I'm getting the error:

"ArgumentNullException: IDX10000: The parameter 'token' cannot be a 'null' or an empty object. (Parameter 'token')"

My client is configured to Web and I've added https://localhost:5001/signin-oidc to the Return URL and https://localhost:5001 to the Origins.

This is the URL in the browser after the call comes back from Qlik (Thiis is an old auth code)
https://localhost:5001/signin-oidc?code=1Na9rXYSwYtUQ50a5z29VjNYktiBKWRYx7S8j_cjbSk&state

Snippet of my C# program.cs code:

builder.Services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie("Cookies")
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, config =>
{
config.Authority = builder.Configuration["OAuth:Authority"];
config.ClientId = builder.Configuration["OAuth:ClientId"];
config.ClientSecret = builder.Configuration["OAuth:ClientSecret"];
config.ResponseType = OpenIdConnectResponseType.Code;
config.SaveTokens = true;

config.Scope.Clear();
foreach (var scope in builder.Configuration.GetSection("OAuth:Scopes").GetChildren())
{
config.Scope.Add(scope.Value);
}

config.CallbackPath = builder.Configuration["OAuth:CallbackUri"];
config.GetClaimsFromUserInfoEndpoint = true;

Can anyone assist with some guidance?

Thanks,

Charles

Labels (2)
1 Reply
h4ck3r8ug5
Contributor
Author

After doing some testing and creating a CustomOpenIdConnectHandler (not recommended), I see that in the OpenIdConnect event  "OnTokenResponseReceived", TokenResponseReceivedContext.ProtocolMessage.IdToken is null. 

Yet when I update my appsettings.json to use my Azure AD App Registration settings, IdToken is not null. I think I'm missing something on Qlik's configuration side ?