Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

OpenIddict Core with SignalR

See original GitHub issue

I’ve been looking all over, and cannot figure out how to get the access token from a query string to be used with Signalr. Could somebody by chance help provide an example?

I’ve tried doing both this:

.AddValidation(options =>
{
    options.AddEventHandler<OpenIddictValidationEvents.RetrieveToken>(
        notification =>
        {
            notification.Context.Token = notification.Context.Request.Query["access_token"];

            return Task.CompletedTask;
        });
});

and this:

services.AddAuthentication()
    .AddOAuthValidation(options =>
    {
        options.Events.OnRetrieveToken = context =>
        {
            context.Token = context.Request.Query["access_token"];

            return Task.CompletedTask;
        };
    });

in my Startup.cs file (as found in another issue here)

Is there something I am missing? I’m using .net core 2.1. Thank you so much in advance for any help! I’ve been stuck on this for quite a while.

Issue Analytics

State:
Created 5 years ago
Reactions:1
Comments:5 (1 by maintainers)

Top GitHub Comments

5reactions

steve-79commented, Sep 17, 2018

Okay I feel a little stupid, and finally figured this out (ironically pretty quickly after posting the issue). The key is that if you add to the OAuthValidation options - in services.AddOauthValidation(options => …), then you must completely comment out the .AddValidation(); after .AddServer in services.AddOpenIddict();

For example here’s a sample of working code, that does not use JWT tokens:

services.AddOpenIddict()
    .AddCore(options =>
    {
        // Configure OpenIddict to use the default entities.
        //options.UseDefaultModels();

        // Register the Entity Framework stores.
        //options.AddEntityFrameworkCoreStores<DefaultDbContext>();
        options.UseEntityFrameworkCore()
        .UseDbContext<DefaultDbContext>();
    })

            .AddServer(options =>
            {
                // Register the ASP.NET Core MVC binder used by OpenIddict.
                // Note: if you don't call this method, you won't be able to
                // bind OpenIdConnectRequest or OpenIdConnectResponse parameters.
                //options.AddMvcBinders();
                options.UseMvc();

                // Enable the authorization, logout, token and userinfo endpoints.
                options.EnableAuthorizationEndpoint("/api/connect/authorize")
                        .EnableLogoutEndpoint("/api/connect/logout")
                        .EnableTokenEndpoint("/api/connect/token")
                        .EnableUserinfoEndpoint("/api/userinfo");

                // Allow client applications to use the code flow.
                // Allow client applications to use the grant_type=password flow.
                options.AllowAuthorizationCodeFlow()
                        .AllowPasswordFlow()
                        .AllowRefreshTokenFlow()
                        .AllowCustomFlow("urn:ietf:params:oauth:grant-type:facebook_access_token");

                // Mark the "profile" scope as a supported scope in the discovery document.
                options.RegisterScopes(OpenIdConnectConstants.Scopes.Email,
                    OpenIdConnectConstants.Scopes.Profile,
                    OpenIddictConstants.Scopes.Roles);

                options.SetAccessTokenLifetime(TimeSpan.FromDays(1));

                // When request caching is enabled, authorization and logout requests
                // are stored in the distributed cache by OpenIddict and the user agent
                // is redirected to the same page with a single parameter (request_id).
                // This allows flowing large OpenID Connect requests even when using
                // an external authentication provider like Google, Facebook or Twitter.
                options.EnableRequestCaching();

                // During development, you can disable the HTTPS requirement.
                options.DisableHttpsRequirement();
            });
            //.AddValidation();

services.AddAuthentication()
        .AddOAuthValidation(options =>
        {
            options.Events.OnRetrieveToken = context =>
            {
                context.Token = context.Request.Query["access_token"];

                return Task.CompletedTask;
            };
        });

Now the access_token in the query string will work to authenticate your users with Signalr - by placing the [Authorize(AuthenticationSchemes = OAuthValidationDefaults.AuthenticationScheme)] above the Hub class, just as you would in the Controller.

3reactions

caleblloydcommented, Jun 17, 2022

@kevinchalet likewise, I recently discovered OpenIddict and it has been great! Very nice Examples repo too, made it super easy to get up and running. Thank you for your work on it!