将自定义参数发送给外部身份提供商 [英] Send a custom parameter to an external identity provider
问题描述
是否可以将自定义参数发送到外部登录提供程序/自定义owin中间件
我有一个处理身份验证的 Identity Server 3 ,我有一个处理用户登录的外部身份提供程序中间件, 要登录,我必须向中间件发送令牌,中间件用来进行身份验证.
我尝试了以下方法:
-
acr_values:我将令牌作为acr_value发送,但是这种方法由于以下两个原因而无效:
令牌要长(大于900个字符,即使在IdentityServerOptions中将AcrValues的InputLengthRestrictions设置为51200之后).
acr_values存储在登录消息中,该消息在ApplyResponseChallengeAsync()-Method和AuthenticateCoreAsync()-Method 中均不可访问
- QueryString参数:我添加了一个包含令牌的QueryString参数,这也不起作用,因为重定向到外部提供程序时未存储该参数
有什么方法可以将参数传输到外部IdProvider的方式进行存储?
和/或我可以在ApplyResponseChallengeAsync()或AuthenticateCoreAsync()期间访问SignInMessage吗?
IdentityServer3 Nuget软件包中存在扩展方法:
Context.Environment.GetSignInMessage(string signinId)
这可以在ApplyResponseChallengeAsync()方法中使用,因为登录ID是以 queryString -parameter
在signInMessage中,您可以访问返回URL(包括重定向到身份提供者时传递的 QueryString参数)和 acr_values 等.
因此您只需要从查询中获取signin值并调用GetSignInMessage()
protected override Task ApplyResponseChallengeAsync()
{
//...
string signInId = null;
IReadableStringCollection query = Request.Query;
var values = query.GetValues("signin");
if(values!= null && values.Count == 1)
{
signInId = values[0];
}
if (signInId == null)
return Task.FromResult<object>(null);
var signInMessage = Context.Environment.GetSignInMessage(signInId);
//...
}
所以毕竟这很容易,但是很难找到,因为除了这个github问题(基本上是这个答案的来源)之外,几乎没有研究材料:
对外部提供程序的#1318的自定义值
Is it possible to send a custom parameter to an external login provider/custom owin middleware
I have an Identity Server 3 who handles my authentication, and I have an external identity provider middleware which handles the signing in of the user, to sign in I have to send a token to the middleware, which the middleware uses to authenticate.
I tried following approaches:
acr_values: I sent the token as a acr_value, but this approach does not work for 2 reasons:
The token is to long( >900 characters, even after setting theInputLengthRestrictionsfor theAcrValuesto 51200 in theIdentityServerOptions).
The acr_values get stored in the sign in message which is not accessible in neither theApplyResponseChallengeAsync()-Method nor in theAuthenticateCoreAsync()-Method- QueryString Parameter: I added a QueryString Parameter containing the token, this does not work either, because the parameter is not stored when redirecting to the external provider
Is there any way to store the parameter in a way that I can transfer it to the external IdProvider?
and/or can I access the SignInMessage during ApplyResponseChallengeAsync() or AuthenticateCoreAsync()?
There exists an extension method in the IdentityServer3 Nuget Package:
Context.Environment.GetSignInMessage(string signinId)
This can be used in the ApplyResponseChallengeAsync() method, because the signin Id is there passed as a queryString-parameter
And in the signInMessage you have access to the return url (including the QueryString parameter passed when redirecting to the identity provider) and the acr_values, and more.
So you just have to get the signin value from the Query and call GetSignInMessage()
protected override Task ApplyResponseChallengeAsync()
{
//...
string signInId = null;
IReadableStringCollection query = Request.Query;
var values = query.GetValues("signin");
if(values!= null && values.Count == 1)
{
signInId = values[0];
}
if (signInId == null)
return Task.FromResult<object>(null);
var signInMessage = Context.Environment.GetSignInMessage(signInId);
//...
}
So after all this was pretty easy, but it was hard to find as there is nearly no research material, except for this github issue(which is basically the source to this answer):
Custom values to external provider #1318
这篇关于将自定义参数发送给外部身份提供商的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
