locked
Unable to connect to live login via oauth. "We're unable to complete your request" return_uri error RRS feed

  • Question

  • Hello everyone,

    I've got a razor website that was dropped on my desk from a group of outside contractors and I'm trying to finish it up.  I'm not entirely familiar with coding oAuth, but I get the concept and it's all fairly basic c# so no real problems there.  The previous developer had oAuthsetup for Live, Facebook, Twitter, LinkedIn, and Google+, but with test accounts.  I've gotten all of them to work except for the Live login.

    Background:  I'm using VS2012 with IIS7.5 setup with my domain (https://priceestimator.scriptsave.com) and a SANcert installed and the host file pointed to my local IIS.  I'm easily able to debug while coding in the IDE with https and everything.  No problem setting up Facebook's oauth login (it too requires a return url).  I set up my live app as best it could and have double checked everything.  Googled this error and have got a few results but nothing that would fix this error.  They site isn't available to the public yet (is that a problem, if so why does it work with everyone esle?) but like i said, I have my host file set and am using the full IIS7.5.  I've read the proceedure on getting 'localhost' to work but i've gone beyond that using the real domain locally.  Here's the settings:

    Site uses DotNetOpenAuth libraries (.core, .openId, .consumer, etc)

    C# settings in app_start:

        OAuthWebSecurity.RegisterMicrosoftClient(
            clientId: "xxxxxxxxxxxxxxxxxx",
            clientSecret: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx");

    App settings at account.live.com/developer:

    Application name: MyFreeRxCard
    Default language: English (United States)
    Application logo: xx

    Terms of service URL:https://priceestimator.scriptsave.com/tos.cshtml
    Privacy URL: https://priceestimator.scriptsave.com/privacy.cshtml

    API Settings

    Mobile or desktop client app: No

    Restrict JWT issuing: No

    Enhanced redirection security: Enabled
    Root domain: priceestimator.scriptsave.com
    Redirect URLs:
    https://priceestimator.scriptsave.com/Account/Manage <- I've tried the root and a few other urls back to my site but none of that makes a difference. and this is the url where it should go.  This is the same url in my browser address on my dev machine.

    App Settings

    Client ID: xxxxxxxxxxxxxxxxxx (redacted for privacy)
    Client secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx  (redacted for privacy)

    Localization

    Language:

    English (United States)

    Application name:
    MyFreeRxCard

    No matter what I do, I keep getting:

    We're unable to complete your request

    Microsoft account is experiencing technical problems. Please try again later.

    Which of course isn't the real issue.  The error is located in the querystring:

    https://login.live.com/err.srf?lc=1033#error=invalid_request&error_description=The%20provided%20value%20for%20the%20input%20parameter%20%27redirect_uri%27%20is%20not%20valid.%20The%20expected%20value%20is%20%27https://login.live.com/oauth20_desktop.srf%27%20or%20a%20URL%20which%20matches%20the%20redirect%20URI%20registered%20for%20this%20client%20application.

    What gives?!?  Anyone have an answer to this?  The URI is correct on my machine and in the settings page.

    Thanks!!


    • Edited by MonkeyDev Friday, February 28, 2014 6:06 PM edited for readibility. html labels were copied into the post
    Thursday, February 27, 2014 11:38 PM

Answers

  • Just out of curiousity, have you tried disabling Enhanced redirection security?

    Carl Hirschman

    • Marked as answer by MonkeyDev Friday, February 28, 2014 3:53 PM
    Friday, February 28, 2014 1:08 AM

All replies

  • Just out of curiousity, have you tried disabling Enhanced redirection security?

    Carl Hirschman

    • Marked as answer by MonkeyDev Friday, February 28, 2014 3:53 PM
    Friday, February 28, 2014 1:08 AM
  • Also, could you provide a Fiddler trace? Thanks!

    Carl Hirschman

    Friday, February 28, 2014 1:09 AM
  • Hey Carl,

    Yeah.  That worked.  Of course, it gave me a warning that I should have it on:

    "We recommend enabling enhanced redirection security for your application."

    Also noticed that the off button has 'Deprecated' on it.  So I suppose at some time they'll MS will drop support entirely for it and require enhanced.

    This'll work for now as I have a feeling we're going to be rewriting the site in the near future.

    Thanks!

    Friday, February 28, 2014 3:53 PM
  • Fiddler!  Why didn't I look at fiddler?!?  Totally forgot about him!
    Friday, February 28, 2014 3:54 PM
  • What redirect URI are you using in your application, by the way?  Does it match what's configured for the application exactly, or does it differ in the path? 

    Carl Hirschman

    Friday, February 28, 2014 7:29 PM
  • I'm still playing around with it.  Working without the 'enhanced redirection' switch off, but still fails with it on. 

    Here's the current code:

        var returnUrl = Request.QueryString["ReturnUrl"];
        if (returnUrl.IsEmpty()) {
            // Some external login providers always require a return URL value
          returnUrl = Href("~/");
        }
    
        // Setup validation
        Validation.RequireField("email", "You must specify an email address.");
        Validation.RequireField("password", "You must specify a password.");
        Validation.Add("password",
            Validator.StringLength(
                maxLength: Int32.MaxValue,
                minLength: 6,
                errorMessage: "Password must be at least 6 characters"));
    
        // If this is a POST request, validate and process data
        if (IsPost) {
            AntiForgery.Validate();
            // is this an external login request?
            string provider = Request.Form["provider"];
            if (!provider.IsEmpty()) {
                OAuthWebSecurity.RequestAuthentication(provider, Href("~/Account/RegisterService", new { returnUrl }));
                return;
            } else if (Validation.IsValid()) {
                password = Request.Form["password"];
                rememberMe = Request.Form["rememberMe"].AsBool();
    
                if (WebSecurity.UserExists(email) && WebSecurity.GetPasswordFailuresSinceLastSuccess(email) > 4 && WebSecurity.GetLastPasswordFailureDate(email).AddSeconds(60) > DateTime.UtcNow) {
                    Response.Redirect("~/Account/AccountLockedOut");
                    return;
                }
    
                // Attempt to log in using provided credentials
                if (WebSecurity.Login(email, password, rememberMe)) {
                    Context.RedirectLocal(returnUrl);
                    return;
                } else {
                    ModelState.AddFormError("The user name or password provided is incorrect.");
                }
            }

    And the current settings in the API:

    Root domain: priceestimator.scriptsave.com

    Redirect URLs:  https://priceestimator.scriptsave.com/Account/RegisterService (switched this url to match the code.)

    I'm debugging trying to figure out how the contractors set this up and I'm realizing that this is all MS asp.net website (razor) preloaded code.  So it should work as is, but still doesn't after changing the path in the API settings.

    I've got other blocker bugs to work on in the time being.  QA's getting impatient :-)





    • Edited by MonkeyDev Friday, February 28, 2014 9:04 PM html labels showing up in post
    Friday, February 28, 2014 9:03 PM
  • HA! The project manager just made a decision to remove the social logins from the site. So.. I'm not going to worry about this now. Too bad, I want to learn oAuth :-(

    Thanks for the help Carl!  Cheers!

    Friday, February 28, 2014 11:02 PM