Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Unable to have multiple OpenID Connect middlewares
See original GitHub issueI’ve configured multiple OpenID Connect middlewares, each having a different value for OpenIdConnectAuthenticationOptions.AuthenticationType, and registered with: app.UseOpenIdConnectAuthentication(options).
The problem seems to be that when the authentication occurs, the first registered middleware always handles things, instead of the middleware corresponding to the correct authentication type.
Lets say my two middlewares have AuthenticationTypes of “FirstProviderAuthType” and “SecondProviderAuthType”.
I’m kicking off the authentication using something like this:
var properties = new AuthenticationProperties { RedirectUri = "https://something", };
((IOwinContext)context).Authentication.Challenge(properties, "SecondProviderAuthType");
However, in any of the notifications (e.g. OpenIdConnectAuthenticationOptions.Notifications.SecurityTokenReceived), the value of notification.Options.AuthenticationType is always equal to “FirstProviderAuthType”, which is definitely not what I would expect.
Using all 4.0.0 Katana libraries from NuGet.
Issue Analytics
- State:
- Created 5 years ago
- Comments:16 (7 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I’d forgotten that OpenIdConnectAuthenticationOptions.RedirectUri is the primary value in this version of OIDC, we’ve removed it from the ASP.NET Core version. Setting RedirectUri to an absolute uri like “http://localhost/custom-signin-oidc” should be adequate for most scenarios, there’s no need to set CallbackPath as it will be derived from RedirectUri.
CallbackPath primarily needs to be overridden when your app is hosted as a sub site like “http://localhost/mysite/”. In that case CallbackPath needs to be set to “/signin-oidc” and RedirectUri needs to be set to “http://localhost/mysite/signin-oidc”. “/mysite” is trimmed by the server before the request reaches the OIDC middleware.
@MoonStorm / @RobSiklos based on the discussion above i understand this issue is the scenario when OWIN startup + multiple OpenIdConnect Authorities + custom DataProtector are involved. were you able to solve your issue? (asking since the thread is still open) could you maybe post a sample solution?