Hi @gterdem, sorry, I have set SignInScheme to another value when doing the verification.
Your suggestion has resolved the issue, thank you very much.
Hi @gterdem, sorry for my late response, I have tried the fix suggested by you but it does not work, it still could not get the external login info
[00:08:12 INF] Executing handler method Volo.Abp.Account.Public.Web.Pages.Account.LoginModel.OnGetExternalLoginCallbackAsync - ModelState is Valid
[00:08:12 INF] Identity.External was not authenticated. Failure message: Unprotect ticket failed
[00:08:12 WRN] External login info is not available
[00:08:12 INF] Executed handler method OnGetExternalLoginCallbackAsync, returned result Microsoft.AspNetCore.Mvc.RedirectToPageResult.
[00:08:12 INF] Executing RedirectToPageResult, redirecting to ./Login.
Could you please help us take a look.
Hi @maliming, unfortunately, there is no sample for .net core. they just provide us the spec:
https://stg-id.singpass.gov.sg/docs/authorization/api#_introduction
I just want to clarified, is there a way to configure the external authentication provider without redirection to their log-in page. In my case, the end-user will scan the QR code and do the log-in in their mobile phone.
Hi, I have a requirement to log in with an external authentication provider named "Singpass", the spec & flow are described at the link below:
https://stg-id.singpass.gov.sg/docs/authorization/api#_introduction
Instead of redirect to authentication provider login page, it's using an embedded JS to generate the QR code in our page and require user to use mobile app to scan it for authentication, it requires to provide the state & nonce parameters as the input for embedded JS:
4.2. Input Parameters https://stg-id.singpass.gov.sg/docs/embedded-auth/js#_login_ui_dimensions
I have created an endpoint to manually generate the state & nonce parameters as below:
private readonly IOptionsMonitor<OpenIdConnectOptions> _openIdOptions;
...
private string GenerateNonce()
{
return Convert.ToBase64String(Encoding.UTF8.GetBytes(Guid.NewGuid().ToString()));
}
public string GetState()
{
var state = GenerateNonce();
AuthenticationProperties authProperties = new AuthenticationProperties
(
new Dictionary<string, string>
{
{ OpenIdConnectDefaults.UserstatePropertiesKey, state },
}
);
//This StateDataFormat does not use the correct DataProtectionProvider
return _openIdOptions.Get("singpass").CurrentValue.StateDataFormat.Protect(authProperties);
}
However, when the user scanned the QR code and completed the authentication, it redirected back to signin-oidc with the authentication code, I got this error
2021-03-01 11:31:29.918 +08:00 [WRN] .AspNetCore.Correlation. state property not found. 2021-03-01 11:31:29.918 +08:00 [INF] Error from RemoteAuthentication: Correlation failed..
I checked the OpenIdConnectionHandler, the CorrelationId is generated in HandleChallengeAsync() during redirection which does not happen in my case. I don't know how to do the proper configuration without redirection to external authentication login page, is there any advise? Any help would be much appreciated.
Below is my openid configuration:
.AddOpenIdConnect(authenticationScheme: "singpass", "Singpass Authentication", configureOptions =>
{
configureOptions.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
configureOptions.SignOutScheme = IdentityServerConstants.SignoutScheme;
configureOptions.Authority = configuration["Singpass:Authority"];
configureOptions.ClientId = configuration["Singpass:ClientId"];
configureOptions.ResponseType = OpenIdConnectResponseType.Code;
configureOptions.RequireHttpsMetadata = true;
configureOptions.ProtocolValidator = new OpenIdConnectProtocolValidator()
{
RequireState = false,
RequireStateValidation = false,
};
configureOptions.Events.OnAuthorizationCodeReceived = context =>
{
context.TokenEndpointRequest.ClientAssertionType = OidcConstants.ClientAssertionTypes.JwtBearer;
context.TokenEndpointRequest.ClientAssertion = NDIAuthenticationHandler.CreateClientAssertionJwt(
configuration["Singpass:ClientId"],
configuration["Singpass:TokenEndpoint"],
configuration["Key:ThumbPrint"]);
return Task.CompletedTask;
};
})
Hi @Mehmet, Thanks for your response. This is exactly what I have done at the frontend side, I just want to implement it at the backend now.
Hi, I want to force the users to re-login if they are inactive in 30 minutes, I have tried to set the expiry time for Cookies as below but it does not work:
context.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.Authority = configuration["AuthServer:Authority"];
options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]);
options.Audience = "TestingApplication";
})
.AddCookie("Cookies", options =>
{
options.ExpireTimeSpan = TimeSpan.FromMinutes(30);
options.SlidingExpiration = true;
});
Anyone know how to achieve it? any help would be much appreciated.
Hi, we still could not make it work, is there anyone can advise on this?
Hi @Moyaoxiang, do you have any idea why it does not work?
Hi @Moyaoxiang, thanks for your prompt reply.
I have tried but it does not seem work, I set the ExpireTimeSpan = 10 mins and SlidingExpiration = true, then I left the application inactive for 11 mins, it did not force me to re-login, I was still able to using it.
context.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.Authority = configuration["AuthServer:Authority"];
options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]);
options.Audience = "TestingApplication";
})
.AddCookie("Cookies", options =>
{
options.ExpireTimeSpan = TimeSpan.FromMinutes(10);
options.SlidingExpiration = true;
});
Hi, I have requirement that need to force user to logout and re-login if they are inactive for 30 minutes, is there any configuration/setting to achieve it?