OpenIdDict 5 (26.12.2022 W)

Question 1

For example, you want the user to log in with a cookie. How your authorize endpoint should be implemented?

Answer 1

1. Check if the user logged in already (have authentication cookie)
2. Yes - return SignIn response. No - challenge the user.

Question 2

How to check that user is logged in with cookie?

Answer 2

There are two ways:
1. Use HttpContext.AuthenticateAsync(CookieAuthenticationDefaults.AuthenticationScheme)
2. Add Authorization middleware and put Authorize(CookieAuthenticationDefaults.AuthenticationScheme) attribute on action.

Question 3

How to ask challenge the user and redirect it to the login page and then back to authorize endpoint?

Answer 3

There are two ways:
1. Use ChallangeResult action result with handbuild RedirectUri and CookieAuthenticationDefaults.AuthenticationScheme
2. Add Authorization middleware and put Authorize(CookieAuthenticationDefaults.AuthenticationScheme) attribute on action.
Authorize middleware uses current URI asRedirectUri by default.

Question 4

What does SignIn method do in authorize action of the controller?

Answer 4

It is standard ControllerBase method.
It creates SignInResult which is ActionResult. Receiving it middleware calls HttpContext.SignInAsync().

You have to specify OpenIdDict authentication. It makes middleware passes controll to OpeidDict. Which issues tokens or generates authorization code for you, depending on flow

SignInResult must contain ClaimsPrincipal created by you.

If token is issued, Claims are used for token creation in place. If authorization code is generated, then Claims are stored and can be accessed in subsequent token request.

Question 5

How to get ClaimsPrinciple set up during authorize endpoint call inside token call in authorization code flow?

Answer 5

You simply should call HttpContext.AuthenticateAsync with OpenIddictServerAspNetCoreDefaults.AuthenticationScheme