Read-only error in SignInOIDC.ashx on redirect back from the IDP

Question

Read-only error in SignInOIDC.ashx on redirect back from the IDP

Closed this issue 3 years ago · 2 comments

@epiuo and I have been trying to integrate your library into our Kentico 12 SP instance with AWS Cognito, and we're further along now, and getting an error on the redirected call back to SignInOIDC.ashx:

Message: D:\home\site\wwwroot\SignInOidc.ashx(100): error CS0200: Property or indexer 'UserCreatedEventArgs.User' cannot be assigned to -- it is read only

Looking at the source file for UserCreatedEventArgs.cs, I noticed that the UserInfo object setter has the internal keyword set on it, and wasn't sure if that was the cause of the error.

public UserInfo User { get; internal set; }

Thanks in advance,
Garuda

Answer 1 · 2020-11-17T23:33:53.000Z

Oh, just to add, we had to set the id_token response type from the POST'ed request to AWS Cognito's IDP while we were testing, it wasn't accepting the response_type that was being sent, but with response_type=code, Cognito responds successfully.

our anonymized request from Kentico to Cognito:
https://.../oauth2/authorize?client_id=...&response_type=code%20id_token&scope=openid%20profile&redirect_uri=https%3A%2F%2Fxxx.com%2FSignInOidc.ashx&state=Ii9BZG1pbi9DTVNBZG1pbmlzdHJhdGlvbi5hc3B4Ig%3D%3D&nonce=307301ba-877f-4696-b872-3d2fa7eeeb88&response_mode=form_post 

I'm happy to throw this into a new issue as well, just wanted to add it here for context.

Thanks!
Garuda

Answer 2 · 2020-12-01T20:18:10.000Z

Hello @swiftgaruda and thank you for your question.

As for your first question, you are right that User property inside UserCreatedEventArgs class has a setter marked as internal. There does not seem to serve any purpose, it was probably left there by accident. This class is just a model that contains info for a caller that has subscribed to the UserCreated event handler. I have removed the internal keyword.

Regarding your second statement - this library was originally created for one of our customers that has a specific use case. So, right now the response_type used in the authorization request is of type code id_token which is the so called Hybrid flow. If your registered client in AWS Cognito is not configured that way, it will reject your request as dictated by the OpenID and OAuth 2.0 protocols. We will have to adjust our solution to adapt to more flows and make it configurable.

Thank you for your time,

Giorgos