byo-software / steam-openid-connect-provider Goto Github PK
View Code? Open in Web Editor NEWSteam OpenID Connect Identity Provider (IdP)
License: MIT License
Steam OpenID Connect Identity Provider (IdP)
License: MIT License
I'm trying to integrate AWS cognito with Steam login. As cognito supports OpenID Connect and not OpenID 2.0, I tried using your library. But this is leading to some issues.
This gives the following error
Discovery returned no results. Check the issuer and run discovery again or manually add the required fields below.
Authorization endpoint
, Token endpoint
, Userinfo endpoint
and Jwks uri
instead. I can't find such endpoints in your code.In short, can you provide some documentation on issuer
, Authorization endpoint
, Token endpoint
, Userinfo endpoint
and Jwks uri
?
steam-openid-connect-provider
docker image running on AWS elastic beanstalk. Environment variables have been set as given in instructions. Here I passed redirect URL given in AWS documentation.https://<cognito_pool_url>.com/oauth2/idpresponse
/ExternalLogin
and /ExternalLoginCallback
but this failed. Also tried various combinations for Authorization endpoint
, Token endpoint
, Userinfo endpoint
and Jwks uri
but this too doesn't work.The docker image name has changed.
Old name: imperialplugins/steam-openid-connect-proxy
New name: imperialplugins/steam-openid-connect-provider
At this moment logout url is hardcoded in appsettings.json, that causes docker clients that does not use default deployment images failed to logout.
Please fix that:
https://github.com/byo-software/steam-openid-connect-provider/blob/main/src/appsettings.json
Getting the following error when configuring the openid-connect-provider in Azure AD: "A claim with id 'UserId' was not found, which is required by ClaimsTransformation 'CreateAlternativeSecurityId' with id 'CreateAlternativeSecurityId'"
I'm using the docker container and there i get the message:
2021-05-30T00:23:33.071140683Z: [INFO] [00:23:33 Debug] IdentityServer4.Services.DefaultClaimsService
2021-05-30T00:23:33.071176985Z: [INFO] In addition to an id_token, an access_token was requested. No claims other than sub are included in the id_token. To obtain more user claims, either use the user info endpoint or set AlwaysIncludeUserClaimsInIdToken on the client configuration.
Maybe this is why Azure AD has no access to the required claims?
I can successfully link my steam account to keycloak and all claims, which are requested via the steam api, are present in the issued access token. However the steam_id claim is missing. Does one have to do something, like mapping, in order for keycloak to include the steam_id in the token? I was not successfull and since you mentioned keycloak in the readme I wanted to ask for help.
Thanks
Arm64 is becoming more and more popular, it would be great if a docker image supporting arm64 could be provided.
This repo has been merged with @neothor's fork of it.
Required actions:
If you use docker, replace Authentication_Steam__ApplicationKey
with Steam__ApplicationKey
.
Changelist:
Huge thanks to @neothor for forking the repo and updating it.
Would love some help looking into this. Trying to setup the proxy on fly.io and using it with Auth0.com.
System.Exception: An error was encountered while handling the remote login.
---> System.Exception: The authentication response was rejected because the state parameter was invalid.
--- End of inner exception stack trace ---
at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()
at IdentityServer4.Hosting.FederatedSignOut.AuthenticationRequestHandlerWrapper.HandleRequestAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at IdentityServer4.Hosting.BaseUrlMiddleware.Invoke(HttpContext context)
at SteamOpenIdConnectProvider.Startup.<>c__DisplayClass5_0.<<Configure>b__0>d.MoveNext() in /src/Startup.cs:line 110
--- End of stack trace from previous location ---
at Serilog.AspNetCore.RequestLoggingMiddleware.Invoke(HttpContext httpContext)
[17:15:26 ERR] Connection id "0HN2F99LUQ2UU", Request id "0HN2F99LUQ2UU:00000002": An unhandled exception was thrown by the application.
System.Exception: An error was encountered while handling the remote login.
---> System.Exception: The authentication response was rejected because the state parameter was invalid.
--- End of inner exception stack trace ---
at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()
at IdentityServer4.Hosting.FederatedSignOut.AuthenticationRequestHandlerWrapper.HandleRequestAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at IdentityServer4.Hosting.BaseUrlMiddleware.Invoke(HttpContext context)
at SteamOpenIdConnectProvider.Startup.<>c__DisplayClass5_0.<<Configure>b__0>d.MoveNext() in /src/Startup.cs:line 110
--- End of stack trace from previous location ---
at Serilog.AspNetCore.RequestLoggingMiddleware.Invoke(HttpContext httpContext)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)
DockerHub shut down autobuilds for free tier, so we need a new integration with GitHub actions
Docker container crashes on /ExternalLogin
steamoidc | [11:07:37 Information] AspNet.Security.OpenId.Steam.SteamAuthenticationHandler
steamoidc | AuthenticationScheme: Steam was challenged.
steamoidc |
steamoidc | [11:07:56 Warning] AspNet.Security.OpenId.Steam.SteamAuthenticationHandler
steamoidc | '.AspNetCore.Correlation.Steam.<REMOVED>' cookie not found.
steamoidc |
steamoidc | [11:07:56 Information] AspNet.Security.OpenId.Steam.SteamAuthenticationHandler
steamoidc | Error from RemoteAuthentication: The authentication response was rejected because the anti-forgery token was invalid..
steamoidc |
steamoidc | [11:07:56 Error] Microsoft.AspNetCore.Server.Kestrel
steamoidc | Connection id "0HM9B6QEE0S99", Request id "0HM9B6QEE0S99:00000003": An unhandled exception was thrown by the application.
steamoidc | System.Exception: An error was encountered while handling the remote login.
steamoidc | ---> System.Exception: The authentication response was rejected because the anti-forgery token was invalid.
steamoidc | --- End of inner exception stack trace ---
steamoidc | at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()
steamoidc | at IdentityServer4.Hosting.FederatedSignOut.AuthenticationRequestHandlerWrapper.HandleRequestAsync()
steamoidc | at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
steamoidc | at IdentityServer4.Hosting.BaseUrlMiddleware.Invoke(HttpContext context)
steamoidc | at SteamOpenIdConnectProvider.Startup.<Configure>b__5_0(HttpContext ctx, Func`1 next) in /src/SteamOpenIdConnectProvider/Startup.cs:line 98
steamoidc | at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)
steamoidc |
---
version: '3.4'
services:
steamoidc:
image: imperialplugins/steam-openid-connect-provider
container_name: steamoidc
environment:
- OpenID__RedirectUri=http://localhost:3000/auth/login/callback
- OpenID__PostLogoutRedirectUri=http://localhost:3000/auth/logout
- OpenID__ClientID=steamoidc
- OpenID__ClientSecret=<REMOVED>
- Authentication__Steam__ApplicationKey=<REMOVED>
ports:
- '80:80'
- '443:443'
restart: unless-stopped
Out of nowhere, Steam has deprecated the GetPlayerSummaries API endpoint as you can check here:
https://partner.steamgames.com/doc/webapi/ISteamUser#GetPlayerSummaries
So the server crashes after a successful credentials exchange just before returning the user's profile.
Can steam-openid-connect-provider
return only the user SteamID and make no API calls?
The repository has moved from ImperialPlugins/steam-openid-connect-provider
to byo-software/steam-openid-connect-provider
.
Latest images are now available at ghcr.io/byo-software/steam-openid-connect-provider.
2023-02-20 04:27:12 System.Exception: An error was encountered while handling the remote login.
2023-02-20 04:27:12 ---> System.Exception: The authentication response was rejected because the anti-forgery token was invalid.
2023-02-20 04:27:12 --- End of inner exception stack trace ---
2023-02-20 04:27:12 at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler1.HandleRequestAsync() 2023-02-20 04:27:12 at IdentityServer4.Hosting.FederatedSignOut.AuthenticationRequestHandlerWrapper.HandleRequestAsync() 2023-02-20 04:27:12 at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) 2023-02-20 04:27:12 at IdentityServer4.Hosting.BaseUrlMiddleware.Invoke(HttpContext context) 2023-02-20 04:27:12 at SteamOpenIdConnectProvider.Startup.<>c__DisplayClass5_0.<<Configure>b__0>d.MoveNext() in /src/Startup.cs:line 110 2023-02-20 04:27:12 --- End of stack trace from previous location --- 2023-02-20 04:27:12 at Serilog.AspNetCore.RequestLoggingMiddleware.Invoke(HttpContext httpContext) 2023-02-20 04:27:12 [22:27:12 ERR] Connection id "0HMOIP1A02N1Q", Request id "0HMOIP1A02N1Q:00000005": An unhandled exception was thrown by the application. 2023-02-20 04:27:12 System.Exception: An error was encountered while handling the remote login. 2023-02-20 04:27:12 ---> System.Exception: The authentication response was rejected because the anti-forgery token was invalid. 2023-02-20 04:27:12 --- End of inner exception stack trace --- 2023-02-20 04:27:12 at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler
1.HandleRequestAsync()
2023-02-20 04:27:12 at IdentityServer4.Hosting.FederatedSignOut.AuthenticationRequestHandlerWrapper.HandleRequestAsync()
2023-02-20 04:27:12 at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
2023-02-20 04:27:12 at IdentityServer4.Hosting.BaseUrlMiddleware.Invoke(HttpContext context)
2023-02-20 04:27:12 at SteamOpenIdConnectProvider.Startup.<>c__DisplayClass5_0.<b__0>d.MoveNext() in /src/Startup.cs:line 110
2023-02-20 04:27:12 --- End of stack trace from previous location ---
2023-02-20 04:27:12 at Serilog.AspNetCore.RequestLoggingMiddleware.Invoke(HttpContext httpContext)
2023-02-20 04:27:12 at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)
I tried to map the picture claim in the profile scope but it wasn't getting saved. Only the sub and username properties. So, I checked the console and found this:
steam_1 | [17:00:21 Debug] IdentityServer4.ResponseHandling.UserInfoResponseGenerator
steam_1 | Requested claim types: sub name family_name given_name middle_name nickname preferred_username profile picture website gender birthdate zoneinfo locale updated_at
steam_1 |
steam_1 | [17:00:21 Debug] IdentityServer4.ResponseHandling.UserInfoResponseGenerator
steam_1 | Scopes in access token: openid profile
steam_1 |
steam_1 | [17:00:21 Information] IdentityServer4.ResponseHandling.UserInfoResponseGenerator
steam_1 | Profile service returned the following claim types: sub preferred_username name
Apparently the picture and other claims are being requested but only sub, preferred_username and name are being returned.
Is it possible to get those claims?
Hello, I'm pretty new to keycloak so this might be a misconfiguration error from my part. After clicking sign-in in steam openid page, I'm redirected to /signin-steam?state=... where i'm getting HTTP Error 500. The console shows this:
[00:54:49 Information] AspNet.Security.OpenId.Steam.SteamAuthenticationHandler
steam_1 | AuthenticationScheme: Steam was challenged.
steam_1 |
steam_1 | [00:54:52 Warning] AspNet.Security.OpenId.Steam.SteamAuthenticationHandler
steam_1 | '.AspNetCore.Correlation.Steam.pLhGj9via3PPAI9BdOHCYAqivQc3FD8dd0jES3lYOEY' cookie not found.
steam_1 |
steam_1 | [00:54:52 Information] AspNet.Security.OpenId.Steam.SteamAuthenticationHandler
steam_1 | Error from RemoteAuthentication: The authentication response was rejected because the anti-forgery token was invalid..
steam_1 |
steam_1 | [00:54:52 Error] Microsoft.AspNetCore.Server.Kestrel
steam_1 | Connection id "0HM3047JETCD1", Request id "0HM3047JETCD1:00000003": An unhandled exception was thrown by the application.
steam_1 | System.Exception: An error was encountered while handling the remote login.
steam_1 | ---> System.Exception: The authentication response was rejected because the anti-forgery token was invalid.
steam_1 | --- End of inner exception stack trace ---
steam_1 | at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()
steam_1 | at IdentityServer4.Hosting.FederatedSignOut.AuthenticationRequestHandlerWrapper.HandleRequestAsync()
steam_1 | at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
steam_1 | at IdentityServer4.Hosting.BaseUrlMiddleware.Invoke(HttpContext context)
steam_1 | at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)
This is my config in keycloak: https://i.imgur.com/UmFLLXd.png
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.