Next challenge, how can I add additional configuration fields to an OpenID Connect provider if that source code is not modifiable?
I wanted to add Issuer
and WellKnown
to appsettings.json
for supporting Azure AD B2C but I'm not seeing a way w/o hacking up the code. Seems like a pretty simple thing, add a few more fields to the config & modify the code that's reading it but that's not the case here.
I'm not seeing it, what does "license control code" have to do w/ external authentication? 🤔
Please see the screenshot below... the green I get & is properly related to licensing but the red, how does that related to licensing? 🤔
My question still stands though 😊
So, you may create a new OIDC provider with OpenIdConnect2 for example to support second OIDC provider.
That's the path I was heading down 😊! The issue I came across when doing that was on ExternalAuthManager.GetUserInfo()
. The provider is not passed through to OpenIdConnectAuthProviderApi.GetUserInfo()
.
In the returned object, I can see the Provider is hardcoded 😢. I ended up overriding the Provider
after calling the method. i.e.
var userInfo = await _externalAuthManager.GetUserInfo(model.AuthProvider, model.ProviderAccessCode);
// ugly!
userInfo.Provider = model.AuthProvider;
return userInfo;
Decompiled code snippet of OpenIdConnectAuthProviderApi
:
public class OpenIdConnectAuthProviderApi : ExternalAuthProviderApiBase
{
public override async Task<ExternalAuthUserInfo> GetUserInfo(string token)
{
...
return new ExternalAuthUserInfo
{
Provider = "OpenIdConnect",
ProviderKey = validatedTokenResult.Token.Subject,
Name = fullNameParts[0],
Surname = ((fullNameParts.Length > 1) ? fullNameParts[1] : fullNameParts[0]),
EmailAddress = emailClaim.Value,
Claims = validatedTokenResult.Principal.Claims.Select((Claim c) => new ClaimKeyValue(c.Type, c.Value)).ToList()
};
}
}
Currently this is not supported
I figured that was the case. I didn't want to start customizing when there's some functionality I wasn't aware of. GTG, thanks!
Hi @ismcagdas 👋
- The solution also has a closed-source NuGet package that is used to protect ASP.NET Zero's license rules. source
That part makes sense 👍. If the source was available for license checking then one could subvert the rules & modify that code. But, anything outside of that, why make that closed source? 🤔
For example, I'm extending ASP.NET Zero to support multiple OpenID providers in one tenant & I wanted to understand how Abp.AspNetZeroCore.Web.Authentication.External.ExternalAuthManager
is behaving.
Please see the screenshot below... the green I get & is properly related to licensing but the red, how does that related to licensing? 🤔
Not a huge deal, just trying to understand 😊, thanks!
Hi @ismcagdas 👋 - unfortunately no. We need multiple OpenID connect providers within one tenant.
sidenote: question title updated to better reflect the ask
Hi @ismcagdas - any updates? Are my customizations required or am I doing something wrong? thanks!
I'm confused as to why we don't have access to the source code for Abp.AspNetZeroCore.Web
. Shouldn't that source be available in one of the private repo's in https://github.com/aspnetzero? If we have an active license don't we have access to the source code?
What am I misunderstanding?
reference other posts about this topic:
https://support.aspnetzero.com/QA/Questions/4571#answer-86b1a766-de44-49d6-aa29-fa0f014f9e5d
yeah this package is closed source due to licensing purposes.
and https://support.aspnetzero.com/QA/Questions/8511/Access-to-the-AbpAspNetZeroCoreWeb
Is there a way to configure multiple OpenID Connect providers out the box?
reference: Authentication
configuration:
{
"Authentication": {
"AllowSocialLoginSettingsPerTenant": false,
"Facebook": {
"IsEnabled": "false",
"AppId": "",
"AppSecret": ""
},
"Twitter": {
"IsEnabled": "false",
"ApiKey": "",
"ApiKeySecret": ""
},
"Google": {
"IsEnabled": "false",
"ClientId": "",
"ClientSecret": "",
"UserInfoEndpoint": "https://www.googleapis.com/oauth2/v2/userinfo"
},
"Microsoft": {
"IsEnabled": "false",
"ConsumerKey": "",
"ConsumerSecret": ""
},
"OpenId": {
"IsEnabled": "true",
"ClientId": "4fb5e652-dc58-4370-95ca-fdfb3ba46273",
"Authority": "https://spottedmahnb2c.b2clogin.com/spottedmahnb2c.onmicrosoft.com/B2C_1_BlahNewFormat/v2.0/",
"Issuer": "https://spottedmahnb2c.b2clogin.com/80033dfd-6eab-42c4-bdf2-4e223d4b396f/v2.0/",
"LoginUrl": "https://spottedmahnb2c.b2clogin.com/spottedmahnb2c.onmicrosoft.com/B2C_1_BlahNewFormat/oauth2/v2.0/authorize",
"ValidateIssuer": "true",
"ResponseType": "id_token",
"ClaimsMapping": [{
"claim": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
"key": "name"
}, {
"claim": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
"key": "emails"
}
]
},
"WsFederation": {
"IsEnabled": "false",
"Authority": "",
"ClientId": "",
"Tenant": "",
"MetaDataAddress": ""
},
"JwtBearer": {
"IsEnabled": "true",
"SecurityKey": "DemoProjectDemo_blah",
"Issuer": "DemoProjectDemo",
"Audience": "DemoProjectDemo"
}
}
}