The redirect URI is not well-formed. The URI is: 'http://грант.рф:5000/connect/authorize ...

Guys, hello!

When I use OpenIdConnect I have a problem in a OpenIdConnectHandler (394 line)

So, I use a cyrillic domain http://грант-лев.рф and redirect URI in OpenIdConnectHandler looks incorrect.
The redirect URI is not well-formed. The URI is: 'http://грант-лев.рф:5000/connect/authorize?client_id=RosgrantService&redirect_uri=http%3A%2F%2Fxn----7sbhbm9amwu.xn--p1ai%3A5002%2Fsignin-oidc&

Seems, punycode like here redirect_uri=http%3A%2F%2Fxn----7sbhbm9amwu.xn--p1ai
would be good, but I dont know where I can handle it.

Moreover, after this warning I catch an exception in kestrel

System.InvalidOperationException: Invalid non-ASCII or control character in header: 0x0433 at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.FrameHeaders.ThrowInvalidHeaderCharacter(Char ch) at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.FrameHeaders.ValidateHeaderCharacters(String headerCharacters) at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.FrameHeaders.ValidateHeaderCharacters(StringValues headerValues)
....

So, how can I turn my cyrillic domain to punycode to prevent warning and a Kestrel craching in OpenIdConnectHandler?

Thank you for your advice!

[Tratcher]

Interesting catch. @brentschmaltz this may be a bug in CreateAuthenticationRequestUrl.

[Tratcher]

@levnikolaevich if you look at the metadata document OIDC downloads for configuration, the host value is not encoded in there is it?

@Tratcher
Do you mean this metadata?

Client configuration looks like this

[Tratcher]

Yes. One way of addressing this is changing the metadata. Can you do that?

Also, why did you add ConvertToAscii for your Authority? We should be able to handle that one in Unicode.

@Tratcher , I'm using idsrv4. I think, I don't have a direct access to that code. I've asked their support for help.
I'll let you know if we come up with something.

PS ConvertToAscii was just for a experiment =)

[Tratcher]

Ok, the other workaround you can try is setting the Options.Configuration property and manually entering the metadata with encoded urls.

[Eilon]

Tagging @leastprivilege re: idsrv4. Any ideas on this? This hostname should probably be punycode encoded in the metadata document itself.

[leastprivilege]

I have no idea.

[Eilon]

@leastprivilege do you suggest that this bug should be tracked by your org? We couldn't think of anything in ASP.NET Core that would be causing this.

@Eilon , @leastprivilege, hello!
Actually, I've found a problem here. https://github.com/IdentityServer/IdentityServer4/blob/ecffbb062485b0656461eba4af5648dc9f45a589/src/IdentityServer4/Hosting/BaseUrlMiddleware.cs#L32

request.Host.Value contains the original host name (http://грант-лев.рф), not a punycode

I resolved my issue the following way
http://amilspage.com/set-identityserver4-url-behind-loadbalancer/

it also helped me with https issue.. =)

Seems, you can close this issue