I want to enable both okta and auth0 for a single tenant as some users may login through okta and some through auth0. I am having a multitenant application. Do I need to custom the code or there is a functionality in the base code. Could you please help me out how can I achieve that
17 Answer(s)
-
0
Hi kansoftware
To enable both Okta and Auth0 for a single tenant in your multi-tenant application, you will need to customize the code, as the standard ASP.NET Zero implementation typically supports only one OpenID Connect provider per tenant.
-
0
Hi kansoftware
To enable both Okta and Auth0 for a single tenant in your multi-tenant application, you will need to customize the code, as the standard ASP.NET Zero implementation typically supports only one OpenID Connect provider per tenant.
Ok. For now I have enabled okta through oidc. I have added the default options in startup.cs. But also I have configured the openid for a tenant through tenant settings page. I want to know how and where does it replaces the client id and other details before redirecting to okta login page.
As for my custom code I want to set the credentials runtime because for each tenant it will be different. I hope I am making sense
-
0
I want to set OpenIdConnectOptions during runtime for tenant. Is it possible if yes then how?
-
0
hi
These classes allow you to change the options at runtime. They get tenant settings values( from the database).
In fact, you can add multiple
OpenIdConnect
as authentication providers.authenticationBuilder.AddOpenIdConnect("Auth0", options => ... authenticationBuilder.AddOpenIdConnect("Okta", options =>
The
name
is theAuth0
orOkta
-
0
Can I call these function on login button in Account controller to set options at runtime? If yes then how
-
0
-
0
hi
Yes, See https://github.com/aspnetzero/aspnet-zero-core/commit/7541fa92769e0ff340ccfb9424a5f58c62ca1c08
I create a ExternalLoginCustom method in Account controller. In this function I wrote using (_openIdConnectOptions.As<TenantBasedOpenIdConnectOptions>().Change(new OpenIdConnectOptions())) {
}First it says TenantBasedOpenIdConnectOptions does contain a function Change. Also the link you have shared has expired I believe, its not working.
Also how should I set the optons in the using block.
-
0
Hi
To access the relevant link. After logging in with the user who has the plan on the aspnetzero.com website, clicking the manage button under the Account button, you can give permission to the github user you are trying to log in from the Github Members tab on the relevant page.
-
0
Let me share you my complete scenario. I have a multi tenant application. I want to enable both okta and auth0 for each tenant. As asp.net zero support only one authentication for a single tenant, I understand I need to customize the code. For this I will create a entity which will have configuration details like client id, secret etc. tenant wise for different providers. I have enabled AllowSocialLoginSettingsPerTenant in appsettings and setup OpenId with default values. Now when ExternalLogin function gets called in Account controller on openidconnect login button, I believe it gets the default set values.
public ActionResult ExternalLogin(string provider, string returnUrl, string ss = "") { var redirectUrl = Url.Action( "ExternalLoginCallback", "Account", new { ReturnUrl = returnUrl, authSchema = provider, ss = ss }); var properties = _signInManager.ConfigureExternalAuthenticationProperties(provider, redirectUrl); return Challenge(properties, provider); }
But here I want to get the custom configuration for a tenant either for auth0 or okta and accordingly redirect at runtime.
Could you please help me with the custom code I need to place in ExternalLogin function.
-
0
hi
Have you checked the source that I shared?
I have a multi tenant application. I want to enable both okta and auth0 for each tenant. As asp.net zero support only one authentication for a single tenant, I understand I need to customize the code.
You can add multiple OpenIdConnect as authentication providers. The string provider will be Auth0 or Okta
authenticationBuilder.AddOpenIdConnect("Auth0", options => ... authenticationBuilder.AddOpenIdConnect("Okta", options =>
public ActionResult ExternalLogin(string provider, string returnUrl, string ss = "") { using (_googleOptions.As<TenantBasedOpenIdConnectOptions>().Change(new OpenIdConnectOptions())) { // Change the client id and secret to current OpenIdConnectOptions var redirectUrl = Url.Action( "ExternalLoginCallback", "Account", new { ReturnUrl = returnUrl, authSchema = provider, ss = ss }); var properties = _signInManager.ConfigureExternalAuthenticationProperties(provider, redirectUrl); return Challenge(properties, provider); } }
https://github.com/aspnetzero/aspnet-zero-core/commit/7541fa92769e0ff340ccfb9424a5f58c62ca1c08 https://support.aspnetzero.com/QA/Questions/12204/How-can-I-enable-both-okta-and-auth0-for-a-tenant-using-openid#answer-0665e369-ea30-363f-9ae6-3a15cec05d04
-
0
Let me share you my complete scenario. I have a multi tenant application. I want to enable both okta and auth0 for each tenant. As asp.net zero support only one authentication for a single tenant, I understand I need to customize the code. For this I will create a entity which will have configuration details like client id, secret etc. tenant wise for different providers.
I have enabled AllowSocialLoginSettingsPerTenant in appsettings and setup OpenId with default values. Now when ExternalLogin function gets called in Account controller on openidconnect login button, I believe it gets the default set values.public ActionResult ExternalLogin(string provider, string returnUrl, string ss = "") { var redirectUrl = Url.Action( "ExternalLoginCallback", "Account", new { ReturnUrl = returnUrl, authSchema = provider, ss = ss }); var properties = _signInManager.ConfigureExternalAuthenticationProperties(provider, redirectUrl); return Challenge(properties, provider); }
But here I want to get the custom configuration for a tenant either for auth0 or okta and accordingly redirect at runtime.
Could you please help me with the custom code I need to place in ExternalLogin function.
After seeing the source commit you shared, I updated my code as it is. But when trying to dynamically updating on externallogin function it didn't work. Below is the code
[HttpPost] public ActionResult ExternalLogin(string provider, string returnUrl, string ss = "") { using (_openIdConnectOptions.As<TenantBasedOpenIdConnectOptions>().Change(new OpenIdConnectOptions { ClientId = "xxxxxxxxxxxxxxxxxxx", ClientSecret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", Authority = "https://dev-76726332.okta.com/oauth2/default", ResponseType = "code", Scope = { "openid", "profile", "email" } })) { var redirectUrl = Url.Action( "ExternalLoginCallback", "Account", new { ReturnUrl = returnUrl, authSchema = provider, ss = ss }); var properties = _signInManager.ConfigureExternalAuthenticationProperties(provider, redirectUrl); return Challenge(properties, provider); } }
Could you please help me to figure this out that where and how can change the options?
Also could you please explain what exactly the changes in the source means
-
0
-
0
hi
Can you share your test project?
I will download and debug it.
Thanks.
As per your provided code project its getting redirected correctly. Buy on login through auth0 it says AuthenticationFailureException: OpenIdConnectAuthenticationHandler: message.State is null or empty. Could you help me out what can be the reason
Also can you please help me out with one question. Does asp.net zero uses the provider access token to access all the APIs in the application. Or it internally converts the provider access token to the application access token and use that
-
0
hi
Please share a username and password of auth0
What do you mean by
provider access token
?Thanks.
-
0
hi
Please share a username and password of auth0
What do you mean by
provider access token
?Thanks.
I have shared credentials over the email.
Provider access token means - When I login through auth0, there will be auth0 access token. So will my application functions or apis works with auth0 access tokens or not
-
0
hi
AuthenticationFailureException: OpenIdConnectAuthenticationHandler: message.State is null or empty.
Fixed by https://github.com/maliming/CDP-Base-Zero-13.0.0/commit/b12051c1a1e996d8a646943c594dd98ba1eef508
-
0
hi
Provider access token means - When I login through auth0, there will be auth0 access token. So will my application functions or apis works with auth0 access tokens or not
There is no
access token
obtained fromauth0
You will only get
user info
fromauth0
. Zero will getusername
andemail
etc..if there is a user in the system with the same email, you will log in automatically.
If there is no user with your auto0 email. You will register a new user with this email, next time, you can log in automatically.
This is how external login works.
When you login in aspnetzero.com via your google account. zero only knows your google email, it can't get and use
access token
to call google API.