Unable to have multiple OpenID Connect middlewares
See original GitHub issueI’ve configured multiple OpenID Connect middlewares, each having a different value for OpenIdConnectAuthenticationOptions.AuthenticationType
, and registered with: app.UseOpenIdConnectAuthentication(options)
.
The problem seems to be that when the authentication occurs, the first registered middleware always handles things, instead of the middleware corresponding to the correct authentication type.
Lets say my two middlewares have AuthenticationTypes of “FirstProviderAuthType” and “SecondProviderAuthType”.
I’m kicking off the authentication using something like this:
var properties = new AuthenticationProperties { RedirectUri = "https://something", };
((IOwinContext)context).Authentication.Challenge(properties, "SecondProviderAuthType");
However, in any of the notifications (e.g. OpenIdConnectAuthenticationOptions.Notifications.SecurityTokenReceived
), the value of notification.Options.AuthenticationType
is always equal to “FirstProviderAuthType”, which is definitely not what I would expect.
Using all 4.0.0 Katana libraries from NuGet.
Issue Analytics
- State:
- Created 5 years ago
- Comments:16 (7 by maintainers)
Top GitHub Comments
I’d forgotten that OpenIdConnectAuthenticationOptions.RedirectUri is the primary value in this version of OIDC, we’ve removed it from the ASP.NET Core version. Setting RedirectUri to an absolute uri like “http://localhost/custom-signin-oidc” should be adequate for most scenarios, there’s no need to set CallbackPath as it will be derived from RedirectUri.
CallbackPath primarily needs to be overridden when your app is hosted as a sub site like “http://localhost/mysite/”. In that case CallbackPath needs to be set to “/signin-oidc” and RedirectUri needs to be set to “http://localhost/mysite/signin-oidc”. “/mysite” is trimmed by the server before the request reaches the OIDC middleware.
@MoonStorm / @RobSiklos based on the discussion above i understand this issue is the scenario when OWIN startup + multiple OpenIdConnect Authorities + custom DataProtector are involved. were you able to solve your issue? (asking since the thread is still open) could you maybe post a sample solution?