I'm using IdentityServer to handle external authentication and authorizations. For that I'm using AddOpenIdConnect:
.AddOpenIdConnect(oidcProviderOptions.AuthScheme, oidcProviderOptions.DisplayName, options =>
{
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
options.SignOutScheme = IdentityServerConstants.SignoutScheme;
options.Authority = oidcProviderOptions.Uri;
options.ClientId = oidcProviderOptions.ClientId;
options.ResponseType = OpenIdConnectResponseType.IdToken;
options.SaveTokens = true;
if (oidcProviderOptions.AdditionalScopes != null)
{
oidcProviderOptions.AdditionalScopes.ToList().ForEach(s => options.Scope.Ad);
}
});
// preserve OIDC state in cache (solves problems with AAD and URL length)
services.AddOidcStateDataFormatterCache(oidcProviderOptions.AuthScheme);
If I'm calling this method twice, with different options (azure active directory and okta) I'm getting Invalid token errors upon connecting. Is there an error in above configuration or this is not the way to implement this ability?
I suspect this is because each one will need a different RemoteAuthenticationOptions.CallbackPath to be defined. If they share the same path then it's probably a case of "first to be invoked wins". E.g.:
Scheme A:
...
options.CallbackPath = "signin-oidc/a";
...
Schema B:
...
options.CallbackPath = "signin-oidc/b";
...