Activities of "maharatha"

Why are you using unique_name claim when it is not a OpenID standard claim :

https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims

Thank You.

Currently the OpeniD connect uses OpeniD scope. If I want to add additional scope to OpenId how do i do that ?

No problem, thank you for the response.

Do you mind sharing the code changes you did in the angular side ?

Ok I figured out partially :

` public class OpenIdConnectAuthProviderApi : ExternalAuthProviderApiBase { private readonly IIocResolver _iocResolver; private readonly IExternalAuthConfiguration _externalAuthConfiguration;

    public OpenIdConnectAuthProviderApi(IIocResolver iocResolver, IExternalAuthConfiguration externalAuthConfiguration)
    {
        _iocResolver = iocResolver;
        _externalAuthConfiguration = externalAuthConfiguration;
    }

    public const string Name = "OpenIdConnect";

    public  async Task<ExternalAuthUserInfo> GetUserInfo( string provider, string token )
    {
        ExternalLoginProviderInfo providerInfo = _externalAuthConfiguration.Providers.FirstOrDefault<ExternalLoginProviderInfo>((Func<ExternalLoginProviderInfo, bool>)(p => p.Name == provider));
        var issuer = providerInfo.AdditionalParams["Authority"];
        if (string.IsNullOrEmpty(issuer))
        {
            throw new ApplicationException("Authentication:OpenId:Issuer configuration is required.");
        }

        var configurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(
            issuer + "/.well-known/openid-configuration",
            new OpenIdConnectConfigurationRetriever(),
            new HttpDocumentRetriever());

        var validatedToken = await ValidateToken(token, issuer, configurationManager,providerInfo);

        var fullName = validatedToken.Claims.First(c => c.Type == "fullname").Value;
        var email = validatedToken.Claims.First(c => c.Type == "unique_name").Value;
        var fullNameParts = fullName.Split('.');

        return new ExternalAuthUserInfo
        {
            Provider = Name,
            ProviderKey = validatedToken.Subject,
            Name = fullNameParts[0],
            Surname = fullNameParts[1],
            EmailAddress = email
        };
    }

    private async Task<JwtSecurityToken> ValidateToken(
        string token,
        string issuer,
        IConfigurationManager<OpenIdConnectConfiguration> configurationManager,
        ExternalLoginProviderInfo providerInfo,
        CancellationToken ct = default(CancellationToken))
    {
        if (string.IsNullOrEmpty(token))
        {
            throw new ArgumentNullException(nameof(token));
        }

        if (string.IsNullOrEmpty(issuer))
        {
            throw new ArgumentNullException(nameof(issuer));
        }

        var discoveryDocument = await configurationManager.GetConfigurationAsync(ct);
        var signingKeys = discoveryDocument.SigningKeys;

        var validationParameters = new TokenValidationParameters
        {
            ValidateIssuer = true,
            ValidIssuer = issuer,
            ValidateIssuerSigningKey = true,
            IssuerSigningKeys = signingKeys,
            ValidateLifetime = true,
            ClockSkew = TimeSpan.FromMinutes(5),
            ValidateAudience = false
        };

        var principal = new JwtSecurityTokenHandler().ValidateToken(token, validationParameters, out var rawValidatedToken);
        //Validate clientId
        if (providerInfo.ClientId != principal.Claims.First(c => c.Type == "aud").Value)
        {
            throw new ApplicationException("ClientId couldn't verified.");
        }

        return (JwtSecurityToken)rawValidatedToken;
    }

    

    public IDisposableDependencyObjectWrapper<IExternalAuthProviderApi> CreateProviderApi(string provider)
    {
        ExternalLoginProviderInfo providerInfo = _externalAuthConfiguration.Providers.FirstOrDefault<ExternalLoginProviderInfo>((Func<ExternalLoginProviderInfo, bool>)(p => p.Name == provider));
        if (providerInfo == null)
            throw new Exception("Unknown external auth provider: " + provider);
        IDisposableDependencyObjectWrapper<IExternalAuthProviderApi> dependencyObjectWrapper = IocResolverExtensions.ResolveAsDisposable<IExternalAuthProviderApi>(this._iocResolver, providerInfo.ProviderApiType);
        dependencyObjectWrapper.Object.Initialize(providerInfo);
        return dependencyObjectWrapper;
    }

    public override Task<ExternalAuthUserInfo> GetUserInfo(string accessCode)
    {
        throw new NotImplementedException();
    }
}

`

I had to add CreateProviderAPi else it was appearing Null with the code you provided.

Then the name token is not being passed as part of id token, which is why I have contacted Okta to get more details, but I guess we have to add the unique_name as one of the custom claims. SO when i changed the claim from name to fullName and added the custom claim it worked fine. Can you please review the code above and see if i am doing right.

I will update what Okta says about the name claim

Above the token preview which Okta is passing. I have added the name and unique_name claims.

Still I am getting the same error.

regarding the above code, can you provide more details on how to implement it. I have the same question regarding the GetuserInfo as asked by the previous user, how am I going to instatiate the providerinfo.

If this doesn't work I will send you my project.

@cmthomps I am currently trying to add custom claims to make the existing code work but I am struggling to get it right. If in the meantime you are able to use the custom code provided then let me know if it works.

Can someone please help me on this ? I am kind of stuck and unable to proceed further

Any idea ? This seems more of Abp issue than of Okta issue.