I am trying to build multiple small ASP.Net core Mvc services that connect to a Identity server built using IdentityServer4.
I have setup the OpenIdOption on the MVC services that looks like this
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationScheme = "Cookies"
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
{
AuthenticationScheme = "oidc",
SignInScheme = "Cookies",
Authority = "http://localhost:5000",
RequireHttpsMetadata = false,
ClientId = "mvc",
ClientSecret = "secret",
ResponseType = "code id_token",
Scope = { "api1", "offline_access" },
GetClaimsFromUserInfoEndpoint = true,
SaveTokens = true
});
where http://localhost:5000
is the endpoint on which my Identity server is running. say if my MVC server is at http://localhost:5002
I see that when I set a [Authorize]
attribute to the controller, it redirects to my identity server and if the check fails, it looks for the signin page back at http://localhost:5002/signin-oidc
Now the issue I have is that I wan the login page to be hosted by my Identity Server
hosted at http://localhost:5000/signin-oidc
so that all the MVC services just make use of this to get user identity, but unfortunately I am unable to see how to set this RedirectUrl
.
I know the diagram is inaccurate in how it works with reference to the flow, just trying to simplify what I want to accomplish :)
is it possible to accomplish this ?
Regards Kiran
the allowed interactions with the token service (called a grant type) a network location where identity and/or access token gets sent to (called a redirect URI)
OpenID Connect (OIDC) extends the OAuth 2.0 authorization protocol for use also as an authentication protocol. You can use OIDC to enable single sign-on (SSO) between your OAuth-enabled applications by using a security token called an ID token.
The CallbackPath represents the URL to which the browser should be redirected to and the default value is /signin-oidc. The picture below shows how it is related: Follow this answer to receive notifications. answered Dec 20, 2021 at 12:31.
AddOpenIdConnect(AuthenticationBuilder) OpenID Connect is an identity layer on top of the OAuth 2.0 protocol. It allows clients to request and receive information about authenticated sessions and end-users.
You seem to misunderstand what that /signin-oidc
route is for. The general flow works like this:
"Cookies"
, to authenticate.
"oidc"
, to perform an authentication challenge.
/signin-oidc
which is the remote sign-in address for the OpenId Connect authentication handler./signin-oidc
route and retrieves the user information from the sign-in request that was made by Identity Server.So the /signin-oidc
endpoint is the way to return back to your application to complete the sign-in process of the OpenId Connect authentication flow. By the time the user reaches this address, they have already signed in on the Identity Server and they are being redirected back to the application to continue where they originally left off.
Usually, the time the user spends on that route is minimal since it will redirect back into a “proper” application route immediately after the sign-in request has been processed.
So no, there will be no login form here. The login process itself is the responsibility of your OpenId Connect authentication provider, your Identity Server. That’s the whole point about this, so you e.g. login securely on google.com
with your Google credentials instead of on my-random-and-probably-untrusted-app.example.com
which definitely should not get hold of your actual Google credentials.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With