I have setup an identity server 4. I have setup a client using the followed the manual sample here. Here is the code.
public async Task<IActionResult> Contact()
{
if (User.Identity.IsAuthenticated) return View();
return await StartAuthentication();
}
private async Task<IActionResult> StartAuthentication()
{
// read discovery document to find authorize endpoint
var disco = await DiscoveryClient.GetAsync("http://localhost:5000");
var authorizeUrl = new RequestUrl(disco.AuthorizeEndpoint).CreateAuthorizeUrl(
clientId: "mvc",
responseType: "id_token",
scope: "openid profile",
redirectUri: "http://localhost:5002/home/callback",
state: "random_state",
nonce: "random_nonce",
responseMode: "form_post");
return Redirect(authorizeUrl);
}
public async Task<IActionResult> Callback()
{
var state = Request.Form["state"].FirstOrDefault();
var idToken = Request.Form["id_token"].FirstOrDefault();
var error = Request.Form["error"].FirstOrDefault();
if (!string.IsNullOrEmpty(error)) throw new Exception(error);
if (!string.Equals(state, "random_state")) throw new Exception("invalid state");
var user = await ValidateIdentityToken(idToken);
await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, user);
return Redirect("/home/contact");
}
public async Task<IActionResult> Logout()
{
//await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
//var disco = await DiscoveryClient.GetAsync("http://localhost:5000");
//return Redirect(disco.EndSessionEndpoint);
var idToken = (await HttpContext.GetTokenAsync(CookieAuthenticationDefaults.AuthenticationScheme, "id_token"));
await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
var disco = await DiscoveryClient.GetAsync("http://localhost:5000");
var endSessionUrl = new RequestUrl(disco.EndSessionEndpoint).CreateEndSessionUrl(
postLogoutRedirectUri: "http://localhost:5002/signout-callback-oidc",
idTokenHint: idToken
);
return Redirect(endSessionUrl);
}
Currently
var idToken = (await HttpContext.GetTokenAsync(CookieAuthenticationDefaults.AuthenticationScheme, "id_token"));
is null.
If I change the code to have
[Authorize]
public async Task<IActionResult> Contact()
{
if (User.Identity.IsAuthenticated) return View();
return await StartAuthentication();
}
It basically skips the manual method and automatically redirects based on the configuration in the startup. Then the value IS NOT NULL
I have also tried:
await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, user, new AuthenticationProperties(new Dictionary<string, string>()
{
[OpenIdConnectParameterNames.IdToken] = idToken
}));
with no luck.
The startup code looks like the following:
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie("Cookies")
.AddOpenIdConnect("oidc", options =>
{
options.SignInScheme = "Cookies";
options.Authority = "http://localhost:5000";
options.RequireHttpsMetadata = false;
options.ClientId = "mvc";
options.SaveTokens = true;
});
How do I set and get the identity token when manually triggering the signing as shown above?
I added this piece of code
var authenticationProperties = new AuthenticationProperties();
var tokens = new List<AuthenticationToken>();
tokens.Add(new AuthenticationToken { Name = OpenIdConnectParameterNames.IdToken, Value = idToken });
authenticationProperties.StoreTokens(tokens);
await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, user, authenticationProperties);
After reading through the asp.net security code I found here
Seems to have done the trick.