IDX20803: Unable to obtain configuration from: 'https://{custom domain}/.well-known/openid-configuration'

IDX20803: Unable to obtain configuration from: 'https://{custom domain}/.well-known/openid-configuration'.

I am getting the IDX20803 error when trying to call a dotnet api from an Angular application. I fully control both the api and app and have everything working as it should in a development environment. The custom domain login page works, redirects back into the app as it should and I am able to use the API as expected based on scopes/permissions.

When I deploy off of the development box and onto a production server environment I am able to log into the application just fine however when I attempt to call the API I get a 500 http response and an exception containing the error in the api logs.

At first the error was System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'System.String' but after setting IdentityModelEventSource.ShowPII = true in the dotnet api I got a much more meaningful error.

I have managed to trace this back to a problem with the ssl certificates. I am not using self-signed certs, I have a wildcard for the domain that seems to be working correctly. Browsers do not detect any error and a curl request works fine when I connect to a domain with my certs. Browsers do not detect any problems with the cert at the custom domain but a curl request to it fails with curl: (60) SSL certificate problem: unable to get local issuer certificate.

I download the root cert and manually installed it into ca-certificates and now curl requests work but I still get the error calling the API.

I’m out of ideas and all the google links are purple. Has anyone else ran into this? How did you fix it?

Do you fix the problem? after I upgrade System.IdentityModel.Tokens.Jwt to 7.0.2, I get the same problem, and have to use old package

1 Like

I am also upgrading to v7.x and experience the same issue. Did you manage to find a solution?

Did you find a solution for this?

I have the same issue after upgrading System.IdentityModel.Tokens.Jwt