tvavrda
May 31, 2026, 10:30am
1
Currently our frontend code uses origamClientCallback as redirection URI
// In dev, the identity server still runs on 44357, so fix authority accordingly
const authority = isDev
? "https://localhost:44357"
: frontendOrigin; // in prod, SPA is served by the server
const redirectBase = frontendOrigin; // where the SPA is actually running (5173 in dev, server in prod)
const config = {
authority,
client_id: "origamWebClient",
redirect_uri: `${redirectBase}/origamClientCallback/`,
response_type: "code",
scope: "openid offline_access internal_api",
post_logout_redirect_uri: `${redirectBase}`,
automaticSilentRenew: true,
silent_redirect_uri: `${redirectBase}/origamClientCallbackRenew/`,
};
export const userManager = new UserManager(config);
export async function ensureLogin() {
But our templates use #origamClientCallback, which is the old IdentityServer string as seen in these places:
"MailQueueName": "",
"UserRegistrationAllowed": "false"
},
"IdentityGuiConfig": {
"PathToBrandIcon": "icons/origam.png"
},
"OpenIddictConfig": {
"ClientApplicationTemplates": {
"WebClient": {
"RedirectUris": [
"ExternalDomain/#origamClientCallback/"
],
"PostLogoutRedirectUris": [ "ExternalDomain" ],
"AllowedCorsOrigins": [ "ExternalDomain" ]
},
"MobileClient":{
"RedirectUris": [ "ExternalDomain/xamarincallback" ],
"ClientSecret": "mobileSecret",
"PostLogoutRedirectUris": [ "ExternalDomain" ]
},
"ServerClient":{
"RouteToCustomAssetsFolder": "/customAssets",
"IdentityGuiLogoUrl": "/customAssets/avatarTest.png",
"Html5ClientLogoUrl": "/customAssets/avatarTest.png",
"FaviconLogoUrl": "/customAssets/faviconTest.png"
},
"OpenIddictConfig": {
"CookieSlidingExpiration": true,
"ClientApplicationTemplates": {
"WebClient": {
"RedirectUris": [
"https://localhost:44357/#origamClientCallback/",
"https://localhost:44357/#origamClientCallbackRenew/",
"https://localhost:5173/#origamClientCallback/",
"https://localhost:5173/#origamClientCallbackRenew/"
],
"PostLogoutRedirectUris": [
"https://localhost:44357",
"https://localhost:5173"
]
},
"ServerClient": {
},*/
// uncomment following section to enable Azure AD Login
/*
"AzureAdLogin": {
"ClientId": "",
"TenantId": ""
},*/
"ClientApplicationTemplates": {
"WebClient": {
"RedirectUris": [
"https://localhost:3000/#origamClientCallback/",
"http://localhost:3000/#origamClientCallback/",
"https://localhost:3000/#origamClientCallbackRenew/"
],
"PostLogoutRedirectUris": [
"https://192.168.0.80:45455"
],
"AllowedCorsOrigins": [
"https://someOrigin"
]
},
Interestingly, it works! And that is because when storing the configuration to the OpenIddict database (OpenIddictApplications.RedirectUris) at backend startup, the hash mark is stripped somewhere on the way.
I consider this confusing. I think we should:
prohibit setting # in the config files as fragments are forbidden anyway
update our templates
add some configuration examples to Appsettings.json documentation as it is not clear from there that origamClientCallbackis a hardcoded thing