AspNet.Security.OAuth.SuperOffice: howto pass uctx
Hello,
we use this nuget package to authentificate users in our SuperOffice contact tab.
Unfortunately I can't find a method to pass uctx to the login url in .AddSuperOffice method events.
How can I achieve that?
Thank you!
Kind regards,
Andrey
All Replies (4)
HI Andrey,
I'm not sure why you would want to pass the context identifier to the authentication handler when it's automatically obtained from the id_token.
Hi Tony,
I get a tenant question on the login in my tab:
In the authentication with OpenIdConnect we could avoid this by passing the uctx in the event:
How we can achieve it for the authentication with AspNet.Security.OAuth.SuperOffice:
Thank you so much!
HI Andrey,
Actually, the overriding the events sample is somewhat old. We have added the acr_values option to append that querystring parameter to the authorize endpoint. See the Authorization Code Flow parameters for more details.
Because the OAuth provider uses the Microsoft OAuthHandler, which has different events than the OpenIdConnectHandler, you need to override a different event.
Somehow you will have to get the uctx template variable to the button click handler... Figure that out, and you should get the behavior you want using something like this code:
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
.AddSuperOffice(options =>
{
Configuration.Bind("SuperOffice", options);
// SaveTokens Summary:
// Defines whether access and refresh tokens should be stored in the Microsoft.AspNetCore.Authentication.AuthenticationProperties
// after a successful authorization. This property is set to false by default to
// reduce the size of the final authentication cookie.
options.SaveTokens = true;
// IncludeIdTokenAsClaims Summary:
// Gets or sets a value indicating whether user claims will include the SuperOffice
// id_token claims. This will make the cookies even larger.
// This will put the WebApi URL in the claims.
options.IncludeIdTokenAsClaims = true;
options.Events = new Microsoft.AspNetCore.Authentication.OAuth.OAuthEvents
{
OnRedirectToAuthorizationEndpoint = context =>
{
// when hosted in a webpanel inside SuperOffice...
// if the URL contains uctx, include it for single-signon experience.
var uctx = context.HttpContext.Request.Query["uctx"];
if (uctx.Count > 0)
{
// Add acr_values to the request URL
var contextId = uctx[0];
context.Response.Redirect(context.RedirectUri += UrlEncoder.Default.Encode($"&acr_values=tenant:{contextId}"));
}
else
{
context.Response.Redirect(context.RedirectUri);
}
return Task.FromResult(0);
}
};
});
Alternatively, just use the generic build-in AddOpenIdConnect provider and override the Event as before (but using acr_values).
Best regards.
Hello Tony,
Thank you for your detailed reply!
I had to remove the url encoding, and then it worked like a charm.
Thank you one more time!
Best Regards,
Andrey