Xamarin Forms authentication with Xamarin.Auth

Lenny · November 3, 2020, 6:36pm

I am trying to authenticate using Okta in my xamarin forms project with the Xamarin.Auth library.
I have setup an Okta account as follows:

ClientID:
Client authentication: Use PKCE
Okta_domain: dev-xxxxxx.okta.com
Allowed_grant_types: Authorization Code
Login_redirect_URIs: com.okta.dev-xxxxxx:/callback
Logout_redirect_URIs: com.okta.dev-xxxxxx:/
Initiate_login_URI: com.okta.dev-xxxxxx:/callback

From my xamarin app loginViewModel.cs page I am using the above as follows;
Scopes = “openid, email”

var authenticator = new OAuth2Authenticator(ClientID,
Scopes,
new Uri(Okta_domain),
new Uri(Login_redirect_URIs),
null,
false);

var Presenter = new Xamarin.Auth.Presenters.OAuthLoginPresenter();
Presenter.Login(authenticator);
authenticator.Completed += OktaAuthenticator_Completed;

The above seems to work, it allows me
[image] - (Okta authentication page)

The problem is after I get
[image] -
Authentication Error e.Message=Invalid state from server. Possible forgery!

I’m guessing that is something wrong in my input or that I am missing something. Please advise.

Thanks

gpadma · November 3, 2020, 7:09pm

I saw these two relevant discussions with work arounds for the error with Xamarin.auth:

gist.github.com

https://gist.github.com/aimore/9869e8fba1442b44a9cf348468a57bad

OAuth2AuthenticatorEx.cs

public class OAuth2AuthenticatorEx : OAuth2Authenticator
{     
  protected override void OnPageEncountered(Uri url, IDictionary<string, string> query, IDictionary<string, string> fragment)
  {
      // Remove state from dictionaries. 
      // We are ignoring request state forgery status 
      // as we're hitting an ASP.NET service which forwards 
      // to a third-party OAuth service itself
      if (query.ContainsKey("state"))
      {

This file has been truncated. show original

Does it work for you ?

Lenny · November 3, 2020, 8:07pm

Thank you very much. The solution worked. It raises another issue, I will post on a separate thread

system · January 25, 2024, 1:20am

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Post		Replies	Views
Okta not returning to the Xamarin Forms app Questions	3	4334	February 10, 2024
Incorrect callback? Questions	1	3115	January 25, 2024
Xamarin - OAuth2Authenticator - redirect not working OAuth/OIDC	1	3149	February 12, 2024
Pkce with asp.net core 2 web api and xamarin android app OAuth/OIDC	6	7565	December 4, 2019
Xamarin.Forms UWP authentication with OpenID Connect + Okta Questions	4	4073	January 19, 2024

Xamarin Forms authentication with Xamarin.Auth

Related topics