identityserver4 - ASP.NET Zero solution for both identityserver and client

Question

Before getting into the issue, let me tell you what I am trying to achieve. I need to implement sort of SSO in all of my applications. For which I want to use ASP.NET Zero solutions as SSO Provider as well as Clients. Is it possible or am I overthinking?

I am using ASP.NET Zero template: ASP.NET Core - MVC & jQuery

I am very new to IdentityServer and OpenId so please excuse for my silly mistakes if I have made.

In one of ABP project, I have added a static client to IdentityServer AppSettings like below.

First project's AppSettings - Hosted application

  {
    "ClientId": "localhost",
    "ClientName": "MVC Client Demo",
    "AllowedGrantTypes": [
      "implicit"
    ],
    "RequireConsent": "true",
    "ClientSecrets": [
      {
        "Value": "test"
      }
    ],
    "RedirectUris": [
      "https://localhost:44302/signin-oidc"
    ],
    "PostLogoutRedirectUris": [
      "https://localhost:44302/Account/Login"
    ],
    "AllowedScopes": [
      "openid",
      "profile",
      "email",
      "phone",
      "default-api"
    ],
    "AllowOfflineAccess": "true"
  }

Now from my second ABP project (localhost), I am trying to enable OpenId to authenticated through above server.

Second project's AppSettings - Running on localhost

"OpenId": {
  "IsEnabled": "true",
  "Authority": "https://[applicationname].azurewebsites.net/",
  "ClientId": "localhost",
  "ClientSecret": "test",
  "ValidateIssuer": "true",
  "ClaimsMapping": [
    {
      "claim": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
      "key": "http://schemas.microsoft.com/identity/claims/objectidentifier"
    }
  ]
}

However I am not getting any error, in logs I can see there is a message that says:

AuthenticationScheme: Identity.External signed in.

And a cookie is being created with key "Identity.External" but login-is not happening successfully. Inside AccountController below line returns null and that resulting into unsuccessful login.

    **var externalLoginInfo = await _signInManager.GetExternalLoginInfoAsync();**
    if (externalLoginInfo == null)
    {
        Logger.Warn("Could not get information from external login.");
        return RedirectToAction(nameof(Login));
    }

question from:https://stackoverflow.com/questions/65890109/asp-net-zero-solution-for-both-identityserver-and-client

Answer 1

Try adding

JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Add("sub", ClaimTypes.NameIdentifier);

before services.AddAuthentication()

This will map sub claim to NameIdentifier claim so GetExternalLoginInfoAsync will not return null.