0

I have an external application based on https://github.com/nextauthjs/next-auth-example which successfully redirect to my blazor Identity server. I would like to achieve the following:

(1) If the ClaimsPrincipal is null, that means the user is not logged in. RedirectToPage("/Account/Login", new {area = "Identity"});

(2) Otherwise, redirect back to the caller client application which is configured via service.AddInMemoryClients(clients). For example,

            // interactive client using code flow + pkce
            new Client
            {
                ClientId = "myapp",
                ClientSecrets = { new Secret("whatever".Sha512()) },

                AllowedGrantTypes = new [] { GrantType.AuthorizationCode, GrantType.ResourceOwnerPassword },

                RedirectUris = { "https://www.myapp.io/api/auth/callback/myapp" },
                FrontChannelLogoutUri = "https://myauth.io/signout-oidc",
                PostLogoutRedirectUris = { "https://www.myapp.io" },
                //This feature refresh token
                AllowOfflineAccess = true,
                AllowedScopes = {
                    IdentityServerConstants.StandardScopes.OpenId,
                    IdentityServerConstants.StandardScopes.Profile,
                    "myapp"
                },
                //Access token life time is  3600 seconds (1 hour)
                AccessTokenLifetime = 3600,
                //Identity token life time is 3600 seconds (1 hour)
                IdentityTokenLifetime = 3600
            },

And the HostModel:

[AllowAnonymous]
public class HostModel : PageModel
{
    public async Task<IActionResult> OnGetAsync()
    {
        if (!await _userManager.GetUserAsync(User))
        {
            _logger.LogWarning($"{nameof(HostModel)}.{nameof(OnGetAsync)} Invalid User!");
            return RedirectToPage("/Account/Login", new { area = "Identity" });
        }
        /*
        else if (!_signInManager.IsSignedIn(User))
        {
            For some reasons, this always appears as false!
            _logger.LogWarning($"{nameof(HostModel)}.{nameof(OnGetAsync)} User not signed in!");
            return RedirectToPage("/Account/Login", new { area = "Identity" });
        }*/
        _logger.LogWarning($"{nameof(HostModel)}.{nameof(OnGetAsync)} User signed in!");
        return RedirectToPage("XXX: How to retrieve the RedirectUris and use it here?");
    }
}

Or how can I configure the client to hit the /Identity/Account/Login endpoint directly?

export default NextAuth({
  // https://next-auth.js.org/configuration/providers
  providers: [
    IdentityServer4Provider({
      id: "myapp",
      name: "myapp",
      authorization: {
        params: { scope: "myapp" },
      },
      issuer: config.get('https://myidentityserver.com'),
      clientId: config.get('IdentityServer4_CLIENT_ID'),
      clientSecret: sha512(config.get('IdentityServer4_CLIENT_SECRET')),
    }),
<snip>
Kok How Teh
  • 3,298
  • 6
  • 47
  • 85

0 Answers0