.NET Framework, OIDC; How to properly authenticate a user in an authorization code based sign-in flow?
Question
I am attempting to use OIDC to outsource the work of authorization/Authentication on a project. After following a Microsoft tutorial located here , I made my application Redirect to an IP Successfully, but when it redirects back to the client the user is not authenticated.
In other examples from what I've seen the user is authenticated and you can access any basic user data that you need in the HTTP Headers. (all I would need is the user's email, I've tested a method that could finish signing the user in with said email)
I don't know why but my user isn't being authenticated. The last comment I got from an architect (before he transferred out) was that I should try overriding the messagedRecieved function in the startup class after updating the responseType to code. I was told to look up how to override it but I haven't been able to find it.
The only promising documentation on that was what I found here , which basically just says the process is hard.
from link:
For example, you might use MessageReceived for handling response_types that the middleware currently does not automatically process, like a sign-in flow based on authorization code. That's not an easy endeavor, and as such not very common, but some advanced scenarios will sometimes require it, and this extensibility model makes doing so possible.
Here is what I currently have.
“
versioning information
<compilation targetFramework="4.8" debug="true" />
<httpRuntime targetFramework="4.5.1" />
Despite me scouring the inte.net, (very possible I'm blind) I haven't found what code I'm supposed to use to properly override that function so I can hit the Token endpoint. I think that's what I need to do based on this image I found. If you have a different way for me to hit the token endpoint, I'm all ears. here
this was the closest stack oveflow I found but it didn't go into any syntax which is what I need.
Pretty new to auth in general. did the best I could with research, and I think I'm asking the right question. Any help or even direction towards documentation of exactly how to do this would be greatly appreciated.
1 answers
solution1
0 ACCPTED 2022-12-06 14:06:21
Sometimes intellisense is more usable than documentation. Turns out that microsoft.owen.security.openidconnect 4.2.2.0 has been updated much more recently than this article . I'll see if I can message Microsoft about updating that documentation.
but from what I can tell, in order to get the JWT ID token when using code as a response type you need to use the OpenIDConnectAuthenticationOptions.RedeemCode value and set it to true. Here is the description from the library comments:
When set to true the authorization code will be redeemed for tokens at the token endpoint. This property is set to false by default.
After that it's just a matter of decoding your JWT. Here's a link with more information in case anyone else runs into the same problem.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.