Search code examples
asp.net-identityopenid-connect

OIDC together with Asp.net core Identity?

I have a blazor server-side application that has been up and running with Asp.net core Identity for some time now.

I decided to add OIDC, and when using it as the only option it works, but when combining the two - IsAuthenticated is always false and I don't get the claims anymore.

I have tried setting the DefaultScheme to IdentityConstants.ApplicationScheme but it did not help.

Identity setup:

services.AddDefaultIdentity<ApplicationUser>(options =>
        {
            options.SignIn.RequireConfirmedAccount = true;
            options.Password = new PasswordOptions
            {
                RequireDigit = true,
                RequiredLength = 6,
                RequireLowercase = true,
                RequireUppercase = true,
                RequireNonAlphanumeric = true
            };
        })
        .AddRoles<IdentityRole<int>>()
        .AddEntityFrameworkStores<ProjectsContext>();

OIDC setup:

services.Configure<CookiePolicyOptions>(options =>
        {
            options.CheckConsentNeeded = context => true;
            options.MinimumSameSitePolicy = SameSiteMode.None;
        });

        services.AddAuthentication(options => {
            options.DefaultScheme = IdentityConstants.ApplicationScheme;
            options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
        })
        .AddCookie()
        .AddOpenIdConnect(options => {
            options.ClientId = "myClientId";
            options.ClientSecret = "myClientSecret";
            options.Authority = "https://myAuthority/";
            options.ResponseType = "code";
            options.GetClaimsFromUserInfoEndpoint = true;
            options.TokenValidationParameters.ValidIssuers = new[] {
                options.Authority
            };

            options.CallbackPath = new PathString("/callback");
            options.SignedOutCallbackPath = new PathString("/signout");

            options.Events = new OpenIdConnectEvents()
            {
                OnRedirectToIdentityProvider = context => {
                    context.ProtocolMessage.AcrValues = context.Request.Query["loginmethod"];
                    return Task.FromResult(0);
                }
            };
        });

When I comment away the Identity setup block and do my OIDC authentication - I get the claims and right flag. When it's included - I do not.

EDIT: When I add the following line inside the AppOpenIdConnect options, the OIDC login works and I get the claims. However when using the Identity login I do not get signed in and claims...

options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
Solution

  • Okay, so for anyone struggling with the same type of problem, I am posting the answer instead of removing the question. Google didn't help me since I didn't find anyone with the same setup.

    These are the default schemes to use in the AddAuthentication options to get Identity work with OIDC:

    services.AddAuthentication(options => {
            options.DefaultScheme = IdentityConstants.ApplicationScheme;
            options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
        })

    You also need to add an explicit SignInScheme in the OpenIdConnectOptions as such:

    .AddOpenIdConnect(options => {
        options.SignInScheme = IdentityConstants.ApplicationScheme;
        ...
 };)