Next challenge, how can I add additional configuration fields to an OpenID Connect provider if that source code is not modifiable?
I wanted to add Issuer and WellKnown to appsettings.json for supporting Azure AD B2C but I'm not seeing a way w/o hacking up the code. Seems like a pretty simple thing, add a few more fields to the config & modify the code that's reading it but that's not the case here.
I'm not seeing it, what does "license control code" have to do w/ external authentication? 🤔
Please see the screenshot below... the green I get & is properly related to licensing but the red, how does that related to licensing? 🤔
My question still stands though 😊
So, you may create a new OIDC provider with OpenIdConnect2 for example to support second OIDC provider.
That's the path I was heading down 😊! The issue I came across when doing that was on ExternalAuthManager.GetUserInfo(). The provider is not passed through to OpenIdConnectAuthProviderApi.GetUserInfo().
In the returned object, I can see the Provider is hardcoded 😢. I ended up overriding the Provider after calling the method. i.e.
var userInfo = await _externalAuthManager.GetUserInfo(model.AuthProvider, model.ProviderAccessCode);
// ugly!
userInfo.Provider = model.AuthProvider;
return userInfo;
Decompiled code snippet of OpenIdConnectAuthProviderApi:
public class OpenIdConnectAuthProviderApi : ExternalAuthProviderApiBase
{
public override async Task<ExternalAuthUserInfo> GetUserInfo(string token)
{
...
return new ExternalAuthUserInfo
{
Provider = "OpenIdConnect",
ProviderKey = validatedTokenResult.Token.Subject,
Name = fullNameParts[0],
Surname = ((fullNameParts.Length > 1) ? fullNameParts[1] : fullNameParts[0]),
EmailAddress = emailClaim.Value,
Claims = validatedTokenResult.Principal.Claims.Select((Claim c) => new ClaimKeyValue(c.Type, c.Value)).ToList()
};
}
}
Currently this is not supported
I figured that was the case. I didn't want to start customizing when there's some functionality I wasn't aware of. GTG, thanks!
Hi @ismcagdas 👋
- The solution also has a closed-source NuGet package that is used to protect ASP.NET Zero's license rules. source
That part makes sense 👍. If the source was available for license checking then one could subvert the rules & modify that code. But, anything outside of that, why make that closed source? 🤔
For example, I'm extending ASP.NET Zero to support multiple OpenID providers in one tenant & I wanted to understand how Abp.AspNetZeroCore.Web.Authentication.External.ExternalAuthManager is behaving.
Please see the screenshot below... the green I get & is properly related to licensing but the red, how does that related to licensing? 🤔
Not a huge deal, just trying to understand 😊, thanks!
Hi @ismcagdas 👋 - unfortunately no. We need multiple OpenID connect providers within one tenant.
sidenote: question title updated to better reflect the ask
Hi @ismcagdas - any updates? Are my customizations required or am I doing something wrong? thanks!
I'm confused as to why we don't have access to the source code for Abp.AspNetZeroCore.Web. Shouldn't that source be available in one of the private repo's in https://github.com/aspnetzero? If we have an active license don't we have access to the source code?
What am I misunderstanding?
reference other posts about this topic:
https://support.aspnetzero.com/QA/Questions/4571#answer-86b1a766-de44-49d6-aa29-fa0f014f9e5d
yeah this package is closed source due to licensing purposes.
and https://support.aspnetzero.com/QA/Questions/8511/Access-to-the-AbpAspNetZeroCoreWeb
Is there a way to configure multiple OpenID Connect providers out the box?
reference: Authentication configuration:
{
"Authentication": {
"AllowSocialLoginSettingsPerTenant": false,
"Facebook": {
"IsEnabled": "false",
"AppId": "",
"AppSecret": ""
},
"Twitter": {
"IsEnabled": "false",
"ApiKey": "",
"ApiKeySecret": ""
},
"Google": {
"IsEnabled": "false",
"ClientId": "",
"ClientSecret": "",
"UserInfoEndpoint": "https://www.googleapis.com/oauth2/v2/userinfo"
},
"Microsoft": {
"IsEnabled": "false",
"ConsumerKey": "",
"ConsumerSecret": ""
},
"OpenId": {
"IsEnabled": "true",
"ClientId": "4fb5e652-dc58-4370-95ca-fdfb3ba46273",
"Authority": "https://spottedmahnb2c.b2clogin.com/spottedmahnb2c.onmicrosoft.com/B2C_1_BlahNewFormat/v2.0/",
"Issuer": "https://spottedmahnb2c.b2clogin.com/80033dfd-6eab-42c4-bdf2-4e223d4b396f/v2.0/",
"LoginUrl": "https://spottedmahnb2c.b2clogin.com/spottedmahnb2c.onmicrosoft.com/B2C_1_BlahNewFormat/oauth2/v2.0/authorize",
"ValidateIssuer": "true",
"ResponseType": "id_token",
"ClaimsMapping": [{
"claim": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
"key": "name"
}, {
"claim": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
"key": "emails"
}
]
},
"WsFederation": {
"IsEnabled": "false",
"Authority": "",
"ClientId": "",
"Tenant": "",
"MetaDataAddress": ""
},
"JwtBearer": {
"IsEnabled": "true",
"SecurityKey": "DemoProjectDemo_blah",
"Issuer": "DemoProjectDemo",
"Audience": "DemoProjectDemo"
}
}
}