I want to enable both okta and auth0 for a single tenant as some users may login through okta and some through auth0. I am having a multitenant application.
Do I need to custom the code or there is a functionality in the base code. Could you please help me out how can I achieve that
56 Answer(s)
-
0
Hi kansoftware
To enable both Okta and Auth0 for a single tenant in your multi-tenant application, you will need to customize the code, as the standard ASP.NET Zero implementation typically supports only one OpenID Connect provider per tenant.
-
0
Hi kansoftware
To enable both Okta and Auth0 for a single tenant in your multi-tenant application, you will need to customize the code, as the standard ASP.NET Zero implementation typically supports only one OpenID Connect provider per tenant.
Ok.
For now I have enabled okta through oidc. I have added the default options in startup.cs. But also I have configured the openid for a tenant through tenant settings page.
I want to know how and where does it replaces the client id and other details before redirecting to okta login page.As for my custom code I want to set the credentials runtime because for each tenant it will be different. I hope I am making sense
-
0
I want to set OpenIdConnectOptions during runtime for tenant. Is it possible if yes then how?
-
0
hi
These classes allow you to change the options at runtime. They get tenant settings values( from the database).
In fact, you can add multiple
OpenIdConnect
as authentication providers.authenticationBuilder.AddOpenIdConnect("Auth0", options => ... authenticationBuilder.AddOpenIdConnect("Okta", options =>
The
name
is theAuth0
orOkta
-
0
Can I call these function on login button in Account controller to set options at runtime? If yes then how
-
0
-
0
hi
Yes, See https://github.com/aspnetzero/aspnet-zero-core/commit/7541fa92769e0ff340ccfb9424a5f58c62ca1c08
I create a ExternalLoginCustom method in Account controller.
In this function I wrote
using (_openIdConnectOptions.As<TenantBasedOpenIdConnectOptions>().Change(new OpenIdConnectOptions()))
{
}First it says TenantBasedOpenIdConnectOptions does contain a function Change.
Also the link you have shared has expired I believe, its not working.Also how should I set the optons in the using block.
-
0
Hi
To access the relevant link. After logging in with the user who has the plan on the aspnetzero.com website, clicking the manage button under the Account button, you can give permission to the github user you are trying to log in from the Github Members tab on the relevant page.
-
0
Let me share you my complete scenario.
I have a multi tenant application. I want to enable both okta and auth0 for each tenant. As asp.net zero support only one authentication for a single tenant, I understand I need to customize the code. For this I will create a entity which will have configuration details like client id, secret etc. tenant wise for different providers.
I have enabled AllowSocialLoginSettingsPerTenant in appsettings and setup OpenId with default values. Now when ExternalLogin function gets called in Account controller on openidconnect login button, I believe it gets the default set values.public ActionResult ExternalLogin(string provider, string returnUrl, string ss = "") { var redirectUrl = Url.Action( "ExternalLoginCallback", "Account", new { ReturnUrl = returnUrl, authSchema = provider, ss = ss }); var properties = _signInManager.ConfigureExternalAuthenticationProperties(provider, redirectUrl); return Challenge(properties, provider); }
But here I want to get the custom configuration for a tenant either for auth0 or okta and accordingly redirect at runtime.
Could you please help me with the custom code I need to place in ExternalLogin function.
-
0
hi
Have you checked the source that I shared?
I have a multi tenant application. I want to enable both okta and auth0 for each tenant. As asp.net zero support only one authentication for a single tenant, I understand I need to customize the code.
You can add multiple OpenIdConnect as authentication providers. The string provider will be Auth0 or Okta
authenticationBuilder.AddOpenIdConnect("Auth0", options => ... authenticationBuilder.AddOpenIdConnect("Okta", options =>
public ActionResult ExternalLogin(string provider, string returnUrl, string ss = "") { using (_googleOptions.As<TenantBasedOpenIdConnectOptions>().Change(new OpenIdConnectOptions())) { // Change the client id and secret to current OpenIdConnectOptions var redirectUrl = Url.Action( "ExternalLoginCallback", "Account", new { ReturnUrl = returnUrl, authSchema = provider, ss = ss }); var properties = _signInManager.ConfigureExternalAuthenticationProperties(provider, redirectUrl); return Challenge(properties, provider); } }
https://github.com/aspnetzero/aspnet-zero-core/commit/7541fa92769e0ff340ccfb9424a5f58c62ca1c08
https://support.aspnetzero.com/QA/Questions/12204/How-can-I-enable-both-okta-and-auth0-for-a-tenant-using-openid#answer-0665e369-ea30-363f-9ae6-3a15cec05d04 -
0
Let me share you my complete scenario.
I have a multi tenant application. I want to enable both okta and auth0 for each tenant. As asp.net zero support only one authentication for a single tenant, I understand I need to customize the code. For this I will create a entity which will have configuration details like client id, secret etc. tenant wise for different providers.
I have enabled AllowSocialLoginSettingsPerTenant in appsettings and setup OpenId with default values. Now when ExternalLogin function gets called in Account controller on openidconnect login button, I believe it gets the default set values.public ActionResult ExternalLogin(string provider, string returnUrl, string ss = "") { var redirectUrl = Url.Action( "ExternalLoginCallback", "Account", new { ReturnUrl = returnUrl, authSchema = provider, ss = ss }); var properties = _signInManager.ConfigureExternalAuthenticationProperties(provider, redirectUrl); return Challenge(properties, provider); }
But here I want to get the custom configuration for a tenant either for auth0 or okta and accordingly redirect at runtime.
Could you please help me with the custom code I need to place in ExternalLogin function.
After seeing the source commit you shared, I updated my code as it is. But when trying to dynamically updating on externallogin function
it didn't work. Below is the code[HttpPost] public ActionResult ExternalLogin(string provider, string returnUrl, string ss = "") { using (_openIdConnectOptions.As<TenantBasedOpenIdConnectOptions>().Change(new OpenIdConnectOptions { ClientId = "xxxxxxxxxxxxxxxxxxx", ClientSecret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", Authority = "https://dev-76726332.okta.com/oauth2/default", ResponseType = "code", Scope = { "openid", "profile", "email" } })) { var redirectUrl = Url.Action( "ExternalLoginCallback", "Account", new { ReturnUrl = returnUrl, authSchema = provider, ss = ss }); var properties = _signInManager.ConfigureExternalAuthenticationProperties(provider, redirectUrl); return Challenge(properties, provider); } }
Could you please help me to figure this out that where and how can change the options?
Also could you please explain what exactly the changes in the source means
-
0
-
0
hi
Can you share your test project?
I will download and debug it.
Thanks.
As per your provided code project its getting redirected correctly. Buy on login through auth0 it says
AuthenticationFailureException: OpenIdConnectAuthenticationHandler: message.State is null or empty.
Could you help me out what can be the reasonAlso can you please help me out with one question.
Does asp.net zero uses the provider access token to access all the APIs in the application. Or it internally converts the provider access token to the application access token and use that -
0
hi
Please share a username and password of auth0
What do you mean by
provider access token
?Thanks.
-
0
hi
Please share a username and password of auth0
What do you mean by
provider access token
?Thanks.
I have shared credentials over the email.
Provider access token means - When I login through auth0, there will be auth0 access token. So will my application functions or apis works with auth0 access tokens or not
-
0
hi
AuthenticationFailureException: OpenIdConnectAuthenticationHandler: message.State is null or empty.
Fixed by https://github.com/maliming/CDP-Base-Zero-13.0.0/commit/b12051c1a1e996d8a646943c594dd98ba1eef508
-
0
hi
Provider access token means - When I login through auth0, there will be auth0 access token. So will my application functions or apis works with auth0 access tokens or not
There is no
access token
obtained fromauth0
You will only get
user info
fromauth0
.
Zero will getusername
andemail
etc..if there is a user in the system with the same email, you will log in automatically.
If there is no user with your auto0 email. You will register a new user with this email, next time, you can log in automatically.
This is how external login works.
When you login in aspnetzero.com via your google account. zero only knows your google email, it can't get and use
access token
to call google API. -
0
hi
Provider access token means - When I login through auth0, there will be auth0 access token. So will my application functions or apis works with auth0 access tokens or not
There is no
access token
obtained fromauth0
You will only get
user info
fromauth0
.
Zero will getusername
andemail
etc..if there is a user in the system with the same email, you will log in automatically.
If there is no user with your auto0 email. You will register a new user with this email, next time, you can log in automatically.
This is how external login works.
When you login in aspnetzero.com via your google account. zero only knows your google email, it can't get and use
access token
to call google API.Can we use auth0 access token or id token to call our api's?
-
0
hi
No. The
access token
of auth0 can only call the API of auth0. Theid token
only contains claims for user info. -
0
Hey,
I am running into an issue when I calling ExternalAuthenticate API in TokenAuthController via postman to verify for mobile app.
Its giving me 500 internal server error.
URL - https://localhost:44302/api/TokenAuth/ExternalAuthenticate
JSON Body -
{
"authProvider": "OpenIdConnect",
"providerKey": "auth0|USER_ID",
"providerAccessCode": "Auth0_ID_Token",
"returnUrl": "",
"singleSignIn": false
}My goal is, mobile app team can call this API to generate the asp dot net access token and refresh token to further call the dot net apis
-
0
hi
Its giving me 500 internal server error.
Can you share the 500 error logs?
Thanks.
-
0
hi
Its giving me 500 internal server error.
Can you share the 500 error logs?
Thanks.
The actual exception is - Unknown external auth provider: OpenIdConnect.
Another issue I am facing is, when I logout from the application, then it redirects me back to the login screen but in actual it doesn't logout me from the auth0
Also now I am implementing login through SMS on auth0. But by default it redirects me to email login page. I want to give both option based on user selection, how can I achieve that.
-
0
hi
The actual exception is - Unknown external auth provider: OpenIdConnect.
Please share full error logs.
Thanks.
-
0
hi
Another issue I am facing is, when I logout from the application, then it redirects me back to the login screen but in actual it doesn't logout me from the auth0
Are you still using the below code for
Logout
?public async Task<ActionResult> Logout(string returnUrl = "") { await _signInManager.SignOutAsync(); var userIdentifier = AbpSession.ToUserIdentifier(); if (userIdentifier != null && _settingManager.GetSettingValue<bool>(AppSettings.UserManagement.AllowOneConcurrentLoginPerUser)) { var user = await _userManager.GetUserAsync(userIdentifier); await _userManager.UpdateSecurityStampAsync(user); } //returnUrl = NormalizeReturnUrl(returnUrl); //return SignOut(new AuthenticationProperties { RedirectUri = returnUrl }, CookieAuthenticationDefaults.AuthenticationScheme, OpenIdConnectDefaults.AuthenticationScheme); string OktaLogoutUrl = "https://dev-76726332.okta.com/oauth2/default/v1/logout"; // Replace with your Okta domain var postLogoutRedirectUri = Url.Action("Login", "Account", null, Request.Scheme); // Redirect back to your application's home page var logoutUrl = $"{OktaLogoutUrl}?post_logout_redirect_uri={Uri.EscapeDataString(postLogoutRedirectUri)}"; return Redirect(logoutUrl); if (!string.IsNullOrEmpty(returnUrl)) { returnUrl = NormalizeReturnUrl(returnUrl); return Redirect(returnUrl); } return RedirectToAction("Login"); }
-
0
Also now I am implementing login through SMS on auth0. But by default it redirects me to email login page. I want to give both option based on user selection, how can I achieve that.
Can you share a URL to see the SMS login page for auth0?
Maybe auth0 has some querystring parameter to indicate the login method.