AspNetKatana: Unable to have multiple OpenID Connect middlewares
I’ve configured multiple OpenID Connect middlewares, each having a different value for OpenIdConnectAuthenticationOptions.AuthenticationType, and registered with: app.UseOpenIdConnectAuthentication(options).
The problem seems to be that when the authentication occurs, the first registered middleware always handles things, instead of the middleware corresponding to the correct authentication type.
Lets say my two middlewares have AuthenticationTypes of “FirstProviderAuthType” and “SecondProviderAuthType”.
I’m kicking off the authentication using something like this:
var properties = new AuthenticationProperties { RedirectUri = "https://something", };
((IOwinContext)context).Authentication.Challenge(properties, "SecondProviderAuthType");
However, in any of the notifications (e.g. OpenIdConnectAuthenticationOptions.Notifications.SecurityTokenReceived), the value of notification.Options.AuthenticationType is always equal to “FirstProviderAuthType”, which is definitely not what I would expect.
Using all 4.0.0 Katana libraries from NuGet.
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Comments: 16 (7 by maintainers)
I’d forgotten that OpenIdConnectAuthenticationOptions.RedirectUri is the primary value in this version of OIDC, we’ve removed it from the ASP.NET Core version. Setting RedirectUri to an absolute uri like “http://localhost/custom-signin-oidc” should be adequate for most scenarios, there’s no need to set CallbackPath as it will be derived from RedirectUri.
CallbackPath primarily needs to be overridden when your app is hosted as a sub site like “http://localhost/mysite/”. In that case CallbackPath needs to be set to “/signin-oidc” and RedirectUri needs to be set to “http://localhost/mysite/signin-oidc”. “/mysite” is trimmed by the server before the request reaches the OIDC middleware.