I'm trying to integrate AWS cognito with Steam login. As cognito supports OpenID Connect and not OpenID 2.0, I tried using your library. But this is leading to some issues.

Issues with cognito

1. Cognito cannot discover issuer
   

This gives the following error

Discovery returned no results. Check the issuer and run discovery again or manually add the required fields below.

2. If discovery fails cognito provides choice to use Authorization endpoint, Token endpoint, Userinfo endpoint and Jwks uri instead. I can't find such endpoints in your code.
   

In short, can you provide some documentation on issuer, Authorization endpoint, Token endpoint, Userinfo endpoint and Jwks uri?

Environment

1. steam-openid-connect-provider docker image running on AWS elastic beanstalk. Environment variables have been set as given in instructions. Here I passed redirect URL given in AWS documentation.

https://<cognito_pool_url>.com/oauth2/idpresponse

2. Created cognito user pool and went to OpenID Connect integration option. Here I assigned a unique name to the server and added the client name and client secret which were added to the docker image. For issuer URL I tried different combinations endpoints of your auth server like /ExternalLogin and /ExternalLoginCallback but this failed. Also tried various combinations for Authorization endpoint, Token endpoint, Userinfo endpoint and Jwks uri but this too doesn't work.

The docker image name has changed.
Old name: imperialplugins/steam-openid-connect-proxy
New name: imperialplugins/steam-openid-connect-provider

At this moment logout url is hardcoded in appsettings.json, that causes docker clients that does not use default deployment images failed to logout.

Please fix that:
https://github.com/byo-software/steam-openid-connect-provider/blob/main/src/appsettings.json

Getting the following error when configuring the openid-connect-provider in Azure AD: "A claim with id 'UserId' was not found, which is required by ClaimsTransformation 'CreateAlternativeSecurityId' with id 'CreateAlternativeSecurityId'"

Azure AD Settings:

I'm using the docker container and there i get the message:
2021-05-30T00:23:33.071140683Z: [INFO] [00:23:33 Debug] IdentityServer4.Services.DefaultClaimsService
2021-05-30T00:23:33.071176985Z: [INFO] In addition to an id_token, an access_token was requested. No claims other than sub are included in the id_token. To obtain more user claims, either use the user info endpoint or set AlwaysIncludeUserClaimsInIdToken on the client configuration.

Maybe this is why Azure AD has no access to the required claims?

I can successfully link my steam account to keycloak and all claims, which are requested via the steam api, are present in the issued access token. However the steam_id claim is missing. Does one have to do something, like mapping, in order for keycloak to include the steam_id in the token? I was not successfull and since you mentioned keycloak in the readme I wanted to ask for help.

Thanks

Arm64 is becoming more and more popular, it would be great if a docker image supporting arm64 could be provided.

This repo has been merged with @neothor's fork of it.

Required actions:
If you use docker, replace Authentication_Steam__ApplicationKey with Steam__ApplicationKey.

Changelist:

• Added GitHub workflows integration for pushing images, closes #14
• Logout support
• Added logging
• Added example and dev docker-compose.yml's with nginx, keycloak and postgres (with https support)
• Fix for when username is not available (will use SteamID instead)
• Updated NuGet packages
• Replaced Netwonsoft.Json with System.Text.Json
• Code reformat
• Restructured folders

Huge thanks to @neothor for forking the repo and updating it.

Would love some help looking into this. Trying to setup the proxy on fly.io and using it with Auth0.com.

System.Exception: An error was encountered while handling the remote login.
 ---> System.Exception: The authentication response was rejected because the state parameter was invalid.
 --- End of inner exception stack trace ---
 at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()
 at IdentityServer4.Hosting.FederatedSignOut.AuthenticationRequestHandlerWrapper.HandleRequestAsync()
 at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
 at IdentityServer4.Hosting.BaseUrlMiddleware.Invoke(HttpContext context)
 at SteamOpenIdConnectProvider.Startup.<>c__DisplayClass5_0.<<Configure>b__0>d.MoveNext() in /src/Startup.cs:line 110
 --- End of stack trace from previous location ---
 at Serilog.AspNetCore.RequestLoggingMiddleware.Invoke(HttpContext httpContext)
 [17:15:26 ERR] Connection id "0HN2F99LUQ2UU", Request id "0HN2F99LUQ2UU:00000002": An unhandled exception was thrown by the application.
 System.Exception: An error was encountered while handling the remote login.
 ---> System.Exception: The authentication response was rejected because the state parameter was invalid.
 --- End of inner exception stack trace ---
 at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()
 at IdentityServer4.Hosting.FederatedSignOut.AuthenticationRequestHandlerWrapper.HandleRequestAsync()
 at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
 at IdentityServer4.Hosting.BaseUrlMiddleware.Invoke(HttpContext context)
 at SteamOpenIdConnectProvider.Startup.<>c__DisplayClass5_0.<<Configure>b__0>d.MoveNext() in /src/Startup.cs:line 110
 --- End of stack trace from previous location ---
 at Serilog.AspNetCore.RequestLoggingMiddleware.Invoke(HttpContext httpContext)
 at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)

DockerHub shut down autobuilds for free tier, so we need a new integration with GitHub actions

Issue

Docker container crashes on /ExternalLogin

Error

steamoidc    | [11:07:37 Information] AspNet.Security.OpenId.Steam.SteamAuthenticationHandler
steamoidc    | AuthenticationScheme: Steam was challenged.
steamoidc    | 
steamoidc    | [11:07:56 Warning] AspNet.Security.OpenId.Steam.SteamAuthenticationHandler
steamoidc    | '.AspNetCore.Correlation.Steam.<REMOVED>' cookie not found.
steamoidc    | 
steamoidc    | [11:07:56 Information] AspNet.Security.OpenId.Steam.SteamAuthenticationHandler
steamoidc    | Error from RemoteAuthentication: The authentication response was rejected because the anti-forgery token was invalid..
steamoidc    | 
steamoidc    | [11:07:56 Error] Microsoft.AspNetCore.Server.Kestrel
steamoidc    | Connection id "0HM9B6QEE0S99", Request id "0HM9B6QEE0S99:00000003": An unhandled exception was thrown by the application.
steamoidc    | System.Exception: An error was encountered while handling the remote login.
steamoidc    |  ---> System.Exception: The authentication response was rejected because the anti-forgery token was invalid.
steamoidc    |    --- End of inner exception stack trace ---
steamoidc    |    at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()
steamoidc    |    at IdentityServer4.Hosting.FederatedSignOut.AuthenticationRequestHandlerWrapper.HandleRequestAsync()
steamoidc    |    at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
steamoidc    |    at IdentityServer4.Hosting.BaseUrlMiddleware.Invoke(HttpContext context)
steamoidc    |    at SteamOpenIdConnectProvider.Startup.<Configure>b__5_0(HttpContext ctx, Func`1 next) in /src/SteamOpenIdConnectProvider/Startup.cs:line 98
steamoidc    |    at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)
steamoidc    | 

Reproduction

• Deploy on Amazon LInux 2 instance or locally with docker-compose:

---
version: '3.4'
services:
  steamoidc:
    image: imperialplugins/steam-openid-connect-provider
    container_name: steamoidc
    environment:
      - OpenID__RedirectUri=http://localhost:3000/auth/login/callback
      - OpenID__PostLogoutRedirectUri=http://localhost:3000/auth/logout
      - OpenID__ClientID=steamoidc
      - OpenID__ClientSecret=<REMOVED>
      - Authentication__Steam__ApplicationKey=<REMOVED>
    ports:
      - '80:80'
      - '443:443'
    restart: unless-stopped

• Login at http://localhost/ExternalLogin

Out of nowhere, Steam has deprecated the GetPlayerSummaries API endpoint as you can check here:
https://partner.steamgames.com/doc/webapi/ISteamUser#GetPlayerSummaries

So the server crashes after a successful credentials exchange just before returning the user's profile.
Can steam-openid-connect-provider return only the user SteamID and make no API calls?

The repository has moved from ImperialPlugins/steam-openid-connect-provider to byo-software/steam-openid-connect-provider.

Latest images are now available at ghcr.io/byo-software/steam-openid-connect-provider.

2023-02-20 04:27:12 System.Exception: An error was encountered while handling the remote login.
2023-02-20 04:27:12 ---> System.Exception: The authentication response was rejected because the anti-forgery token was invalid.
2023-02-20 04:27:12 --- End of inner exception stack trace ---
2023-02-20 04:27:12 at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler1.HandleRequestAsync() 2023-02-20 04:27:12 at IdentityServer4.Hosting.FederatedSignOut.AuthenticationRequestHandlerWrapper.HandleRequestAsync() 2023-02-20 04:27:12 at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) 2023-02-20 04:27:12 at IdentityServer4.Hosting.BaseUrlMiddleware.Invoke(HttpContext context) 2023-02-20 04:27:12 at SteamOpenIdConnectProvider.Startup.<>c__DisplayClass5_0.<<Configure>b__0>d.MoveNext() in /src/Startup.cs:line 110 2023-02-20 04:27:12 --- End of stack trace from previous location --- 2023-02-20 04:27:12 at Serilog.AspNetCore.RequestLoggingMiddleware.Invoke(HttpContext httpContext) 2023-02-20 04:27:12 [22:27:12 ERR] Connection id "0HMOIP1A02N1Q", Request id "0HMOIP1A02N1Q:00000005": An unhandled exception was thrown by the application. 2023-02-20 04:27:12 System.Exception: An error was encountered while handling the remote login. 2023-02-20 04:27:12 ---> System.Exception: The authentication response was rejected because the anti-forgery token was invalid. 2023-02-20 04:27:12 --- End of inner exception stack trace --- 2023-02-20 04:27:12 at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler1.HandleRequestAsync()
2023-02-20 04:27:12 at IdentityServer4.Hosting.FederatedSignOut.AuthenticationRequestHandlerWrapper.HandleRequestAsync()
2023-02-20 04:27:12 at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
2023-02-20 04:27:12 at IdentityServer4.Hosting.BaseUrlMiddleware.Invoke(HttpContext context)
2023-02-20 04:27:12 at SteamOpenIdConnectProvider.Startup.<>c__DisplayClass5_0.<b__0>d.MoveNext() in /src/Startup.cs:line 110
2023-02-20 04:27:12 --- End of stack trace from previous location ---
2023-02-20 04:27:12 at Serilog.AspNetCore.RequestLoggingMiddleware.Invoke(HttpContext httpContext)
2023-02-20 04:27:12 at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)

I tried to map the picture claim in the profile scope but it wasn't getting saved. Only the sub and username properties. So, I checked the console and found this:

steam_1     | [17:00:21 Debug] IdentityServer4.ResponseHandling.UserInfoResponseGenerator
steam_1     | Requested claim types: sub name family_name given_name middle_name nickname preferred_username profile picture website gender birthdate zoneinfo locale updated_at
steam_1     | 
steam_1     | [17:00:21 Debug] IdentityServer4.ResponseHandling.UserInfoResponseGenerator
steam_1     | Scopes in access token: openid profile
steam_1     | 
steam_1     | [17:00:21 Information] IdentityServer4.ResponseHandling.UserInfoResponseGenerator
steam_1     | Profile service returned the following claim types: sub preferred_username name

Apparently the picture and other claims are being requested but only sub, preferred_username and name are being returned.

Is it possible to get those claims?

Hello, I'm pretty new to keycloak so this might be a misconfiguration error from my part. After clicking sign-in in steam openid page, I'm redirected to /signin-steam?state=... where i'm getting HTTP Error 500. The console shows this:

[00:54:49 Information] AspNet.Security.OpenId.Steam.SteamAuthenticationHandler
steam_1     | AuthenticationScheme: Steam was challenged.
steam_1     | 
steam_1     | [00:54:52 Warning] AspNet.Security.OpenId.Steam.SteamAuthenticationHandler
steam_1     | '.AspNetCore.Correlation.Steam.pLhGj9via3PPAI9BdOHCYAqivQc3FD8dd0jES3lYOEY' cookie not found.
steam_1     | 
steam_1     | [00:54:52 Information] AspNet.Security.OpenId.Steam.SteamAuthenticationHandler
steam_1     | Error from RemoteAuthentication: The authentication response was rejected because the anti-forgery token was invalid..
steam_1     | 
steam_1     | [00:54:52 Error] Microsoft.AspNetCore.Server.Kestrel
steam_1     | Connection id "0HM3047JETCD1", Request id "0HM3047JETCD1:00000003": An unhandled exception was thrown by the application.
steam_1     | System.Exception: An error was encountered while handling the remote login.
steam_1     |  ---> System.Exception: The authentication response was rejected because the anti-forgery token was invalid.
steam_1     |    --- End of inner exception stack trace ---
steam_1     |    at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()
steam_1     |    at IdentityServer4.Hosting.FederatedSignOut.AuthenticationRequestHandlerWrapper.HandleRequestAsync()
steam_1     |    at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
steam_1     |    at IdentityServer4.Hosting.BaseUrlMiddleware.Invoke(HttpContext context)
steam_1     |    at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)

This is my config in keycloak: https://i.imgur.com/UmFLLXd.png