Kinde•4mo ago

.Net oidc switch organisation

Hi, using asp.net oidc. No SDK. Inital login working fine. I want to switch the organisation after login: using

props = new AuthenticationProperties() {  Items.Add(new KeyValuePair<string, string?>("org_code", "ORG_ID HERE")); }

await context.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, props);

Which does login, however the access token contains the orignal org_code and permissions not the newly selected one - any pointers?

4 Replies

Oli - Kinde•4mo ago

Hey @lee_uk, Let me speak to my .NET teammate on this and get back to you. Hey @lee_uk, My team mate who is an expert in .NET will be back online tomorrow. I will reach out out them then.

lee_ukOP•4mo ago

Hey any news on this?

leo_kinde•4mo ago

Hi @lee_uk, It doesn't look like setting AuthenticationProperties causes the extra parameters to be passed through to the auth request. When configuring OpenID there is an event handler that can add parameters and can read the parameters passed in AuthenticationProperties, so there is a opportunity to read those and pass them through. For example,

.AddOpenIdConnect(options =>
{
    ...
    options.Events.OnRedirectToIdentityProvider = context =>
    {
        if (context.Properties.Items.ContainsKey("org_code"))
        {
            context.ProtocolMessage.SetParameter("org_code", context.Properties.Items["org_code"]);
        }
        return Task.CompletedTask;
    };
});

.AddOpenIdConnect(options =>
{
    ...
    options.Events.OnRedirectToIdentityProvider = context =>
    {
        if (context.Properties.Items.ContainsKey("org_code"))
        {
            context.ProtocolMessage.SetParameter("org_code", context.Properties.Items["org_code"]);
        }
        return Task.CompletedTask;
    };
});

Does this provide a way forward for you?

lee_ukOP•4mo ago

Yep that works just fine. Useful event that, thanks for pointing it out.

Gaming

Programming

.Net oidc switch organisation