Hello fellow developers!
We are using ACS for user authentication form mobile and web applications.
Question: How to propagate some context information (e.g. 1 string) to identity providers that can be returned to the ACS and later propagated to our back-end (to which ACS posts authentication token)?
Our goal:
WORKING: Mobile app > back-end (WebApi) > ACS (using IdentityProviders.js) > back-end (WebApi) > e.g. Google auth > ACS > our back-end (WebApi) redirects Mobile app to static Noop URL (exposing token as query string parameter) > Mobile app detects the URL change (in InAppBrowser) and stores the query string.
PROBLEM: Web app > back-end (WebApi) > ACS (using IdentityProviders.js) > back-end (WebApi) > e.g. Google auth with parameter “myURL” > ACS (propagates token and parameter “myURL”) > our back-end (WebApi) should redirect Web app to received parameter myURL with token as query string parameter. How to achieve this?
Thank you! Martin
You can pass any information that needs to be propagated during authentication flow in a Context. Add desired redirect URL in a Context when you request identity providers from ACS.
For example:
https://YourNamespace.accesscontrol.windows.net/v2/metadata/IdentityProviders.js?protocol=wsfederation&realm=YourAppRealm&reply_to=YourAppReturnURL&context=YourRedirectionURL&version=1.0&callback=OptionalFunctionName
See this and this link for more info.
What is left is to get URL from Context when ACS post Token to your back-end. For example (needs code review):
var formResult = Request.Content.ReadAsFormDataAsync().Result;
var wresult = formResult["wresult"];
var signInResponse = new SignInResponseMessage(Request.RequestUri, wresult);
var rstr = new WSFederationSerializer().CreateResponse(signInResponse,new WSTrustSerializationContext(SecurityTokenHandlerCollectionManager.CreateDefaultSecurityTokenHandlerCollectionManager()));
var redirectURL = rstr.Context;
Regards, Matej