Passing custom parameters to Identity Server 3 - McMap

About

Passing custom parameters to Identity Server 3

Asked 19/4, 2016 at 10:22 Answered 19/4, 2016 at 11:42

c#model-view-controller oauth-2.0 openid-connect identityserver3

S

1

6

I am using Identity Server 3 + OpenID Connect + OAuth 2.0 to implement Single Sign On in one of my projects. I have set up everything according to samples provided and everything works just fine. I am using Implicit flow to authenticate user in multiple MVC websites.

Now I have a use case when I need to pass custom parameters from client application to identity server. One of the simplest examples would be custom message that needs to be shown in one of Identity Server views. I would like to render this message in different pages - login, logout, logged out, etc.

I found that OpenIdConnectAuthentication middleware from Microsoft allows to set custom parameters in ProtocolMessage in RedirectToIdentityProvider notification.

For example,

 RedirectToIdentityProvider = async ctx =>
                {
                            ctx.ProtocolMessage.Parameters.Add("info_message", "Account activation succeeded. Please log in using new account.");
                        }
                    }

Unfortunately, I was not able to find where those parameters can be read in Identity Server. Is this even possible?

If this is not supported or just plain wrong, could you please advise what would be the best way to handle this use case?

Staggard answered 19/4, 2016 at 10:22 Comment(0)

J

5

When passing in custom parameters you should be using the OpenID Connect optional parameter of acr_values. This is already used by Identity Server for passing through Tenant name and Identity Provider restrictions.

You can read acr_values within Identity Server whenever you have access to IdentityServer3.Core.Models.SignInMessage (for example in your user service).

Update (Logging out)

acr_values isn't part of logging out. If you really want to get a custom parameter here, it can be done by extending the DefaultViewService and overriding the LoggedOut method.

In this method you can see any extra URL parameters in the SignOutMessage's ReturnUrl property.

Once you have your value you can add it to the ViewModel using something like the following:

model.Custom = new { customMessage = "your value" };

You'll then need to create your own template for the logout page and have it display your custom value.

This isn't nice and it isn't pretty. I wouldn't recommend it but it certainly is possible...

Judoka answered 19/4, 2016 at 11:42 Comment(4)

Thank you for your input. I see that acr_values cover cases when I want to display something in login view. What about cases when I need to pass something to logout/logged out screens? Something like "Your session has expired. Please try to log in again". – Staggard 19/4, 2016 at 11:58

I updated my answer. Let me know if you find a better way of doing it or if you need any links to some of the concepts mentioned. – Judoka 19/4, 2016 at 12:15

After long period of silence I finally decided to implement this, but unfortunately failed. It seems that SignOutMessage's ReturnUrl does not contain any extra parameters I have set in ctx.ProtocolMessage.Parameters. Is there a special way how I should set them? Your edited answer covers only part about parameter extraction, not setting. – Staggard 27/4, 2016 at 14:8

As far as I remember, I set the extra values as a new KeyValuePair<string, string> – Judoka 28/4, 2016 at 15:29

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.