Home > Software design >  Is there a way to use the Microsoft.Identity.Web for an external login button, without relying on Mi
Is there a way to use the Microsoft.Identity.Web for an external login button, without relying on Mi

Time:01-23

We have a SAAS application, for which we want to add an option to login with Microsoft. We can run the samples perfectly fine, but those samples use Microsoft's [Authorize] attributes to mark pages to automatically require login for.

We have our own authentication and permissions system.

All we want is a button "Login with Microsoft", to initiate the OAuth process, and end up with a fully validated and trusted email address, and continue with our own mechanism from there. I cannot seem to find any way to do that with Microsoft's code - which handles a lot of situations, but all of them are fully automated.

It's not a lot of code to write to redirect to OAuth and receive the id_token on the other end, but still if we can take advantage of MS' system and perhaps support more authorities in the future with a plug-and-play manner - that would be great.

CodePudding user response:

The answer is quite simple:

Option 1

Microsoft fails to properly document this in the right places, but it is in a sample that shows up in the main aspnetcore repo.

It's right here: Microsoft Sample

And the gist is that we can configure the authentication schemes you want like the many samples out there, and then just return a ChallengeResult or call this.Challenge(MicrosoftAccountDefaults.AuthenticationScheme) from the page and return the result.

We can also add events for the authentication lifecycle, like when the authentication completed - to act on it and hook it up to our own authentication system. We do that on each .Add[Whatever] call for a authentication service.

Option 2 - a bit more manual

  • Generating the authorization urls is simple (and redirect)
  • Then we get the JWT (id_token) back
  • Use OpenIdConnectConfigurationRetriever from Microsoft.IdentityModel.Protocols.OpenIdConnect to retrive the set of keys from the OIDC endpoint ([authority]/.well-known/openid-configuration)
  • Use the JwtSecurityTokenHandler from System.IdentityModel.Tokens.Jwt to read the token, and run the validations with the fetched signatures.

There's no need to use any JWT library, not to validate the timestamps manually, or the signatures.

Page link:https//www.codepudding.com/Softwaredesign/273451.html

Prev:Why is this simple histogram dictionary code saying that words is not defined?
Next:SOLVED: ScriptableObject resetting Array of PropertyDrawer to Length of Zero
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding