Base solution for your next web application
Open Closed

How can I enable both okta and auth0 for a tenant using openid #12204


User avatar
0
kansoftware created

I want to enable both okta and auth0 for a single tenant as some users may login through okta and some through auth0. I am having a multitenant application. Do I need to custom the code or there is a functionality in the base code. Could you please help me out how can I achieve that


17 Answer(s)
  • User Avatar
    0
    oguzhanagir created
    Support Team

    Hi kansoftware

    To enable both Okta and Auth0 for a single tenant in your multi-tenant application, you will need to customize the code, as the standard ASP.NET Zero implementation typically supports only one OpenID Connect provider per tenant.

  • User Avatar
    0
    kansoftware created

    Hi kansoftware

    To enable both Okta and Auth0 for a single tenant in your multi-tenant application, you will need to customize the code, as the standard ASP.NET Zero implementation typically supports only one OpenID Connect provider per tenant.

    Ok. For now I have enabled okta through oidc. I have added the default options in startup.cs. But also I have configured the openid for a tenant through tenant settings page. I want to know how and where does it replaces the client id and other details before redirecting to okta login page.

    As for my custom code I want to set the credentials runtime because for each tenant it will be different. I hope I am making sense

  • User Avatar
    0
    kansoftware created

    I want to set OpenIdConnectOptions during runtime for tenant. Is it possible if yes then how?

  • User Avatar
    0
    maliming created
    Support Team

    hi

    These classes allow you to change the options at runtime. They get tenant settings values( from the database).

    In fact, you can add multiple OpenIdConnect as authentication providers.

    authenticationBuilder.AddOpenIdConnect("Auth0", options => ...
    
    authenticationBuilder.AddOpenIdConnect("Okta", options =>
    

    The name is the Auth0 or Okta

  • User Avatar
    0
    kansoftware created

    Can I call these function on login button in Account controller to set options at runtime? If yes then how

  • User Avatar
    0
    maliming created
    Support Team

    hi

    Yes, See https://github.com/aspnetzero/aspnet-zero-core/commit/7541fa92769e0ff340ccfb9424a5f58c62ca1c08

  • User Avatar
    0
    kansoftware created

    hi

    Yes, See https://github.com/aspnetzero/aspnet-zero-core/commit/7541fa92769e0ff340ccfb9424a5f58c62ca1c08

    I create a ExternalLoginCustom method in Account controller. In this function I wrote using (_openIdConnectOptions.As<TenantBasedOpenIdConnectOptions>().Change(new OpenIdConnectOptions())) {
    }

    First it says TenantBasedOpenIdConnectOptions does contain a function Change. Also the link you have shared has expired I believe, its not working.

    Also how should I set the optons in the using block.

  • User Avatar
    0
    oguzhanagir created
    Support Team

    Hi

    To access the relevant link. After logging in with the user who has the plan on the aspnetzero.com website, clicking the manage button under the Account button, you can give permission to the github user you are trying to log in from the Github Members tab on the relevant page.

  • User Avatar
    0
    kansoftware created

    Let me share you my complete scenario. I have a multi tenant application. I want to enable both okta and auth0 for each tenant. As asp.net zero support only one authentication for a single tenant, I understand I need to customize the code. For this I will create a entity which will have configuration details like client id, secret etc. tenant wise for different providers. I have enabled AllowSocialLoginSettingsPerTenant in appsettings and setup OpenId with default values. Now when ExternalLogin function gets called in Account controller on openidconnect login button, I believe it gets the default set values.

    public ActionResult ExternalLogin(string provider, string returnUrl, string ss = "")
    {
        var redirectUrl = Url.Action(
            "ExternalLoginCallback",
            "Account",
            new
            {
                ReturnUrl = returnUrl,
                authSchema = provider,
                ss = ss
            });
    
        var properties = _signInManager.ConfigureExternalAuthenticationProperties(provider, redirectUrl);            
    
        return Challenge(properties, provider);
    }
    

    But here I want to get the custom configuration for a tenant either for auth0 or okta and accordingly redirect at runtime.

    Could you please help me with the custom code I need to place in ExternalLogin function.

  • User Avatar
    0
    maliming created
    Support Team

    hi

    Have you checked the source that I shared?

    I have a multi tenant application. I want to enable both okta and auth0 for each tenant. As asp.net zero support only one authentication for a single tenant, I understand I need to customize the code.

    You can add multiple OpenIdConnect as authentication providers. The string provider will be Auth0 or Okta

    authenticationBuilder.AddOpenIdConnect("Auth0", options => ...
    authenticationBuilder.AddOpenIdConnect("Okta", options =>
    
    public ActionResult ExternalLogin(string provider, string returnUrl, string ss = "")
    {
        using (_googleOptions.As<TenantBasedOpenIdConnectOptions>().Change(new OpenIdConnectOptions()))
        {
            // Change the client id and secret to current OpenIdConnectOptions
            
            var redirectUrl = Url.Action(
            "ExternalLoginCallback",
            "Account",
            new
            {
                ReturnUrl = returnUrl,
                authSchema = provider,
                ss = ss
            });
    
            var properties = _signInManager.ConfigureExternalAuthenticationProperties(provider, redirectUrl);            
        
            return Challenge(properties, provider);
        }
    }
    

    https://github.com/aspnetzero/aspnet-zero-core/commit/7541fa92769e0ff340ccfb9424a5f58c62ca1c08 https://support.aspnetzero.com/QA/Questions/12204/How-can-I-enable-both-okta-and-auth0-for-a-tenant-using-openid#answer-0665e369-ea30-363f-9ae6-3a15cec05d04

  • User Avatar
    0
    kansoftware created

    Let me share you my complete scenario. I have a multi tenant application. I want to enable both okta and auth0 for each tenant. As asp.net zero support only one authentication for a single tenant, I understand I need to customize the code. For this I will create a entity which will have configuration details like client id, secret etc. tenant wise for different providers.
    I have enabled AllowSocialLoginSettingsPerTenant in appsettings and setup OpenId with default values. Now when ExternalLogin function gets called in Account controller on openidconnect login button, I believe it gets the default set values.

    public ActionResult ExternalLogin(string provider, string returnUrl, string ss = "") 
    { 
        var redirectUrl = Url.Action( 
            "ExternalLoginCallback", 
            "Account", 
            new 
            { 
                ReturnUrl = returnUrl, 
                authSchema = provider, 
                ss = ss 
            }); 
     
        var properties = _signInManager.ConfigureExternalAuthenticationProperties(provider, redirectUrl);             
     
        return Challenge(properties, provider); 
    } 
    

    But here I want to get the custom configuration for a tenant either for auth0 or okta and accordingly redirect at runtime.

    Could you please help me with the custom code I need to place in ExternalLogin function.

    After seeing the source commit you shared, I updated my code as it is. But when trying to dynamically updating on externallogin function it didn't work. Below is the code

    [HttpPost]
    public ActionResult ExternalLogin(string provider, string returnUrl, string ss = "")
    {
        using (_openIdConnectOptions.As<TenantBasedOpenIdConnectOptions>().Change(new OpenIdConnectOptions {
            ClientId = "xxxxxxxxxxxxxxxxxxx",
            ClientSecret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
            Authority = "https://dev-76726332.okta.com/oauth2/default",
            ResponseType = "code",
            Scope = { "openid", "profile", "email" }
        }))
        {               
    
            var redirectUrl = Url.Action(
            "ExternalLoginCallback",
            "Account",
            new
            {
                ReturnUrl = returnUrl,
                authSchema = provider,
                ss = ss
            });
    
    
            var properties = _signInManager.ConfigureExternalAuthenticationProperties(provider, redirectUrl);
    
            return Challenge(properties, provider);
        }
        
    }
    

    Could you please help me to figure this out that where and how can change the options?

    Also could you please explain what exactly the changes in the source means

  • User Avatar
    0
    maliming created
    Support Team

    hi

    Can you share your test project?

    I will download and debug it.

    Thanks.

    [email protected]

  • User Avatar
    0
    kansoftware created

    hi

    Can you share your test project?

    I will download and debug it.

    Thanks.

    [email protected]

    As per your provided code project its getting redirected correctly. Buy on login through auth0 it says AuthenticationFailureException: OpenIdConnectAuthenticationHandler: message.State is null or empty. Could you help me out what can be the reason

    Also can you please help me out with one question. Does asp.net zero uses the provider access token to access all the APIs in the application. Or it internally converts the provider access token to the application access token and use that

  • User Avatar
    0
    maliming created
    Support Team

    hi

    Please share a username and password of auth0

    [email protected]


    What do you mean by provider access token?

    Thanks.

  • User Avatar
    0
    kansoftware created

    hi

    Please share a username and password of auth0

    [email protected]


    What do you mean by provider access token?

    Thanks.

    I have shared credentials over the email.

    Provider access token means - When I login through auth0, there will be auth0 access token. So will my application functions or apis works with auth0 access tokens or not

  • User Avatar
    0
    maliming created
    Support Team

    hi

    AuthenticationFailureException: OpenIdConnectAuthenticationHandler: message.State is null or empty.

    Fixed by https://github.com/maliming/CDP-Base-Zero-13.0.0/commit/b12051c1a1e996d8a646943c594dd98ba1eef508

  • User Avatar
    0
    maliming created
    Support Team

    hi

    Provider access token means - When I login through auth0, there will be auth0 access token. So will my application functions or apis works with auth0 access tokens or not

    There is no access token obtained from auth0

    You will only get user info from auth0. Zero will get username and email etc..

    if there is a user in the system with the same email, you will log in automatically.

    If there is no user with your auto0 email. You will register a new user with this email, next time, you can log in automatically.

    This is how external login works.


    When you login in aspnetzero.com via your google account. zero only knows your google email, it can't get and use access token to call google API.